ITS VPN Remote Access Policy

Contents

Purpose

The purpose of this policy is to state the requirements for remote access to computing resources hosted at Albany State University using remote access technologies.

Motivation

In order to access computing resources hosted at Albany State University from off-campus, use of ASU remote access services is required. A remote access connection is a secured private network connection built on top of a public network, such as the Internet. Remote access provides a secure, encrypted connection, or tunnel, over the Internet between an individual computer (such as a computer off campus) and a private network (such as ASU's). Use of remote access allows authorized members of the ASU community to securely access ASU network resources as if they were on the campus.

Allowing such connections is not entirely without risk. Remote access connections, by definition, allow an outside computer to connect directly to the University's network. This arrangement provides convenience for the remote worker, but bypasses any firewall restrictions that may be in place. This risk is particularly pronounced for remote access connections from privately owned computers, as the University cannot ensure the computer has sufficient protection configured (e.g. anti-virus, anti-spyware). The risk posed by ASU-owned computers is still present, but to a lesser degree.

Responsibilities

The Albany State University Information Technology Services (ASU ITS) is responsible for implementing and maintaining the University's remote access services. Therefore, ASU ITS is also responsible for activities relating to this policy. Accordingly, ASU ITS will manage the configuration of the University's remote access Service.

Policy for Remote Access

ASU employees, and authorized third parties (customers, vendors, etc.) may, under some circumstances, utilize remote access to access ASU computing resources for which they have been granted access.

Regular, full-time ASU faculty or staff employees that have a valid ASU Domain User Account may request remote access to the ASU network by completing a Remote Access Request Form for Faculty/Staff or for Contractor/Non-paid Affiliates. A letter of justification must accompany the request. The letter should address, in sufficient detail, what resources will be accessed and how they cannot be accessed by conventional means. Requests omitting a letter of justification will be returned to the requestor as incomplete. A copy of the Remote Access Request Form may be found in the forms section of the ASU ASU ITS website.

With the exception of RDG (see Operational Procedures, below) remote access is valid for a set period of time. Requestor should indicate the date remote access should take effect and the date access should expire. Remote access may be granted for a period of up to twelve months, after which remote access for the account will expire. Requestors will be notified via phone or email approximately thirty (30) days before remote access expires. Account holders may resubmit a Remote Access Request Form up to thirty (30) days before the remote access expiration date to continue remote access without disruption.
Guidelines for Access:

  • Departmental Accounts shall not be granted remote access due to lack of accountability. These accounts are typically shared among several users and there is no way to trace a specific user back to the account at any given time.
  • Temporary Accounts shall not be granted remote access.
  • Student accounts shall not be granted remote access.
  • Clerical or Support accounts shall not be granted remote access without prior telecommuting approval (VP endorsement required).
  • Faculty and Administrative accounts may be granted remote access.
  • Vendor Accounts may be granted remote access. Vendor accounts are setup specifically for vendors to access ASU resources for support purposes. Vendor accounts must be sponsored by an ASU employee. The account sponsor bears responsibility for the account and its use by the vendor. If the vendor account does not already exist, a request to establish one must be made at the same time remote access is requested.

All remote access account holders are subject to the Remote Access Terms of Use.

Operational Procedures

ASU currently implements two separate remote access solutions:

  • Microsoft Remote Desktop Gateway (RDG)
    • Allows you to log in to your ASU computer from off-campus
    • Requires no software installation
    • Presents a lower security risk
    • Does not expire (subject to periodic review)
  • Cisco AnyConnect (VPN)=
    • Allows you to connect to the ASU network from off-campus
    • Requires software installation
    • Presents a higher security risk
    • Expires, at minimum, every 12 months on August 31.

Experience has demonstrated that RDG fulfills the needs of the majority of remote access users.

In order to use remote access, you need a connection to the Internet from your off-campus location. ASU does not provide you with an Internet connection, your Internet Service Provider does. While dialup Internet connections may utilize a remote access connection, performance is very slow and is not recommended or supported.

  • Remote access users will be automatically disconnected from the ASU network after 30 minutes of inactivity. The user must then logon again to reconnect to the network. Pings or other artificial network processes to keep the connection open are prohibited.
  • Support will only be provided for remote access clients approved by ASU's Office of Information Technology.
  • If you have any questions related to the use of ASU remote access, please contact the ASU ITS Help Desk at 229-500-4357 or Help Desk Website 

Remote Access Terms of Use

Any user found to have violated the terms of use may be subject to loss of privileges or services and other disciplinary action.

  1. It is the responsibility of all ASU employees and authorized third parties with remote access privileges to ensure that unauthorized users are not allowed access to internal University networks and associated content.
  2. All individuals and machines, including university-owned and personal equipment, are a de facto extension of ASU’s network, and as such are subject to the University’s Acceptable Use Policy.
  3. All computers connected to ASU’s internal network via remote access or any other technology must use a properly configured, up-to-date operating system and anti-virus software; this includes all personally-owned computers. Antivirus software may be available for ASU faculty and staff.
  4. Redistribution of the ASU remote access installers or associated installation information is prohibited.
  5. All network activity during a remote access session is subject to ASU policies.
  6. All users of the ASU remote access services shall only utilize resources for which they have been granted permission and rights to use.

Policy Dispute

The Chief Information Officer is charged with the responsibility to periodically review the policy and propose changes as needed.

Version History

Date, version number and description of creation or change of the policy
Date Version Description
August 9, 2015 1.2 ASU Information Technology Governance Committee