Park University Logo
Information Security
Your Location: Park.edu Home > Information Security > Policies and Procedures > HTML Contents

Information Technology Policies and Procedures


Remote Access Policy

Purpose

This policy defines standards for connecting to the University Information Technology Network from any Host. These standards are designed to minimize potential exposure of the University to damages that result from Unauthorized Use of the University Information Technology Network. Damages include, but are not limited to: the loss of sensitive or confidential data, loss of Intellectual Property, damage to the University’s public image, damage to the University’s internal systems, and financial damages of all kinds.


Scope

This policy applies to all Authorized Users including University faculty, staff, Students, employees and affiliates, who utilize University-owned or personally-owned information technology resources to connect such devices to the University Information Technology Network. This policy applies to Remote Access connections used to do work on behalf of the University, including but not limited to Email correspondence and accessing Intranet web resources.

Remote Access implementations that are covered by this policy include, but are not limited to: dial-up Modems, Frame Relays, Integrated Services Digital Network (ISDN) connections, Digital Subscriber Line (DSL) connections, Cable Modems, etc.


Policy

General

  1. Authorized Users with Remote Access privileges to the University Information Technology Network must ensure that their Remote Access connection complies with the University Information Technology Policies and Procedures, and treat it with the same consideration as their on-site connection to the University.
  2. General access to the Internet through the University Information Technology Network, for reasonable recreational use by immediate household members of University on personal computers, is permitted. Each Authorized User is responsible for ensuring that the family members comply with the University Information Technology Policies and Procedures, does not perform illegal activities, and does not use the access for outside business purposes. Each Authorized User bears responsibility for any consequences of misuse.
  3. Authorized Users must review the following policies to determine how to protect information when accessing the University Information Technology Network via Remote Access methods, and for acceptable use of the University Information Technology Network:
    1. The University Acceptable Encryption Policy
    2. The University Virtual Private Network Policy
    3. The University Wireless Communications Policy
    4. The University Acceptable Use Policy
  4. For additional information regarding the University's Remote Access connections, Authorized Users should contact the Information Technology Services department.

Requirements

  1. Secure Remote Access must be strictly controlled. Control will be enforced via one-time password authentication or public / private keys with strong Pass-phrases. For information about how to create a strong Pass-phrase, Authorized Users should refer to the Password Policy.
  2. Authorized Users must not provide their login identification to the University Information Technology Network or its resources to anyone, not even family members.
  3. Authorized Users who, as a University employee or affiliates with Remote Access privileges, must ensure that University-owned or personal information technology resources are not connected to any other Network at the same time they are connected to the University Information Technology Network (with the exception of personal Networks that are under the complete control of the Authorized User).
  4. Authorized Users who, as a University employee or affiliates with remote Authorized User access privileges to the University Information Technology Network must not use non-University Email accounts (e.g. Hotmail, Yahoo, and AOL) or other external resources to conduct University business, thereby ensuring that official business is never confused with personal business.
  5. Routers for dedicated ISDN lines configured for access to the University Information Technology Network must meet the minimum authentication requirements of the Challenge Handshake Authentication Protocol (CHAP).
  6. Reconfiguration of an Authorized User’s home equipment for the purpose of Split-Tunneling or Dual Homing is not permitted.
  7. Frame Relay must meet the minimum authentication requirements of Data-Link Connection Identifier (DLCI) standards.
  8. Non-standard Hardware configurations must be approved by Information Technology Services personnel, and Information Security personnel must approve Security configurations for access to Hardware.
  9. All Hosts that are connected to the University Information Technology Network via Remote Access technologies, including personal computers, must use the most recent corporate-standard Anti-Virus Software. Third-party connections to the University Information Technology Network must comply with requirements as stated in the Third Party Agreement documentation.
  10. Personal equipment that is used to connect to the University Information Technology Network must meet the same requirements applied to University-owned equipment for Remote Access.
  11. Organizations or Authorized Users who wish to implement non-standard Remote Access solutions to the University Information Technology Network must obtain prior written approval from the Information Technology Services department.


Enforcement

Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.

Back to Contents