VPN Policy

Approved by the President
10/27/2009

Policy Contact
IT Security Administrator
607-436-3203
itsecurity@oneonta.edu

Category
Information Technology Policies

Policy Statement

The purpose of this policy is to provide guidelines for VPN access to the SUNY Oneonta network.

Rationale:

The VPN provides secure access to the most sensitive resources on the College network. It is necessary to ensure that users understand the requirements and responsibilities of VPN access.

Applicability of the Policy

This policy applies to all SUNY Oneonta employees and authorized third parties (vendors) that access the SUNY Oneonta network through our VPN.

Policy Elaboration

The VPN allows users at remote locations to access services and applications available only on the SUNY Oneonta network. By accessing the campus network through a VPN, the user bypasses security measures designed to protect the network from viruses, hackers and other threats on the Internet. Therefore, users who require a VPN must accept the responsibility of assuring that the computer they will use is secure.

Definitions

VPN– A Virtual Private Network establishes a secure connection between two trusted locations (your computer and the SUNY Oneonta network) via an insecure, public network (the Internet).

Procedures

Anyone wishing to gain VPN privileges must signify compliance with this policy by completing and signing the VPN User Agreement. The agreement will then be reviewed by the

Security

An administrator who will grant or deny access and notify the user.

Hardware & Software Requirements

Your computer must be clean of viruses and spyware and have approved up-to-date antivirus software installed. Approved software includes Sophos (campus provided), MacAfee; Norton. Other virus detection programs must be approved by the Security Administrator.
Your computer must be up-to-date on all critical security patches.
Your computer must have a personal firewall enabled except where alternate security measures have been approved by the Security Administrator.
You must use a VPN client approved by the Security Administrator and set up in accordance with this policy.
The VPN should be connected from a relatively fast computer and a broadband (not dial-up) Internet connection. It will not operate satisfactorily otherwise.
Theft or loss of any computer with a VPN client configured on it must be reported immediately to the Security Administrator.

Appropriate Use

The VPN may be used only for official, college-related work. You must disconnect the VPN before attempting any non-college related activities from your computer.
It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to the SUNY Oneonta internal network.
Use of the VPN signifies your acceptance of and compliance with all other related SUNY Oneonta policies. These policies can be found here.
Split tunneling is NOT permitted. That is, you may not use any other connection to any other network while the VPN is connected. All network traffic must pass through the VPN.
VPN users will be permitted one active VPN connection.
VPN users will be automatically disconnected from the SUNY Oneonta network after 30 minutes of inactivity or a total connection time of 8 hours. The user must then log on again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open.
Access to the VPN can be revoked at any time for failure to abide by the VPN User Agreement.

Forms

VPN User Agreement