Information Technology Policies and Procedures
Virtual Private Network Policy
This Policy provides standards for Remote Access by Authorized Users to the University Information Technology Network via Virtual Private Network (VPN) connections, using the IP Security (IPSec) or Layer 2 Tunneling Protocols.
This policy applies to all Authorized Users utilizing VPNs to access the University Information Technology Network. This policy also applies to implementations of VPN that are directed through an IPSec concentrator.
Authorized Users who are reviewed by the Information Technology Services department may utilize Virtual Private Networks. A VPN is a “user-managed” Service, in which the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation of the Service as well as any required Software, and paying all fees. Further details may be found in the Remote Access Policy documentation.
- It is the responsibility of the Authorized VPN User to ensure that Unauthorized Users are not allowed access to the University Information Technology Network.
- Authorized Users must be in compliance with the Password Policy.
- When actively connected to the University Information Technology Network, the VPN Software forces all traffic to and from the user’s information technology resource over the VPN tunnel. All other traffic is dropped.
- Dual (or split) tunneling is not permitted. Only one Network connection is allowed.
- VPN gateways must be set up and managed by Information Technology Services personnel.
- All information technology resources connected to the University Information Technology Network by Authorized Users via VPN or any other technology must use the most recent corporate-standard Anti-Virus Software.
- Authorized VPN Users are automatically disconnected from the University Information Technology Network after thirty minutes of inactivity. The Authorized VPN User must then log on again to reconnect to the University Information Technology Network. Pings or other artificial Network processes must not be used to keep the connection open. Special consideration for campus centers will be granted.
- The VPN concentrator is limited to an absolute connection time of 24 hours.
- Authorized Users of information technology resources that are not owned by the University must configure their resources to comply with the University's VPN and Network Policy documentation.
- Only VPN clients utilized by Authorized Users and approved by appropriate Information Security personnel can be used.
- By using VPN technology with personal equipment, Authorized Users must understand that their machines are a de-facto extension of the University Information Technology Network, and as such are subject to the same rules and regulations that apply to equipment owned by the University (i.e. their machines must be configured to comply with University Information Technology Policies and Procedures documentation).
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
Back to Contents