糖心TV

Remote Access Policy

1. Purpose

The purpose of this policy is to define standards for connecting to 糖心TV's network from any end user device, for example: PC, Tablet). These standards are designed to minimize the potential security exposure to 糖心TV from damages which may result from unauthorized use of 糖心TV resources. Potential damages include the loss of sensitive or college confidential data, intellectual property, damage to public image, and damage to critical 糖心TV internal systems.

2. Scope

This policy applies to all 糖心TV employees, students, and College Affiliates with a college颅owned or personally颅owned computer or workstation used to connect to the campus network. This policy applies to remote access connections used to do work on behalf of 糖心TV, including reading or sending email and viewing intranet web resources.

Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH, WebEX, video conferencing.

3. Definitions and Authority

鈥淰PN鈥� or Virtual Private Network is a method employing encryption to provide secure access to a remote computer over the Internet.

鈥淪plit Tunneling鈥� is a computer networking concept which allows a mobile user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the same or different network connections.

鈥淒ual颅homed鈥� or dual颅homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dual颅homed is one of the firewall architectures for implementing preventive security.

鈥淐ollege Affiliate鈥� someone officially attached or connected to an organization, e.g., contractors, vendors, interns, temporary staffing, volunteers.

鈥淧ublic/Private Key鈥� In cryptography, a public key?is a value provided by some designated authority as an encryption key?that, combined with a private?key?derived from the public key?, can be used to effectively encrypt messages and digital signatures.

4. Policy

It is the responsibility of 糖心TV employees, students, and College Affiliates with remote access privileges to 糖心TV's campus network to ensure that their remote connection is given the same information security consideration as the user's on颅site connection to 糖心TV.

VPN and general access to the Internet for recreational use by immediate household members through the 糖心TV network on college颅owned computers is prohibited. The 糖心TV employee bears responsibility for the consequences should the access be misused as outlined in section 5.3 Non Compliance.

Please review the following policies for details of protecting information when accessing the College network via remote access methods:

• College Owned Computer Use Agreement
• Appropriate Use Policy for Computer and Information Resources

For additional information regarding 糖心TV's remote access connection options, including how to order or disconnect service, troubleshooting, etc., go to the following link /information­services/technology­services/wifi­and­network­access/vpn/.

4.1 Secure remote access must be strictly controlled. Control will be enforced via one颅time password authentication or public/private keys with a strong password. For information on creating a strong password see the criteria for passwords at the following link: /information­services/technology­services/accounts­­passwords /.

4.2 At no time should any 糖心TV employee, student or College Affiliate provide their Camel username or password to anyone, not even family members.

4.3 糖心TV employees, students and College Affiliates with remote access privileges must ensure that their college颅owned or personal computer, which is remotely connected to 糖心TV's campus network, is not connected to any other network at the same time, with the exception of personal networks (i.e., home network) that are under the complete control of the user.

4.3.1 糖心TV employees, students, and College Affiliates with remote access privileges to 糖心TV's campus network must not use non颅糖心TV email accounts (i.e., Hotmail, Yahoo, AOL), or other external resources to conduct 糖心TV business, thereby ensuring that official college information is protected and never confused with personal business.

4.3.2 Reconfiguration of a home user's equipment for the purpose of split颅tunneling or dual homing is not permitted at any time.

4.3.3 Non颅standard hardware configurations must be approved by Information Security Office.

4.3.4 All devices that are connected to 糖心TV campus networks via remote access technologies must use the most up颅to颅date anti颅virus software and operating systems. Employees, students and College Affiliates using their personal devices can download recommended anti virus software at the following URL: (/information颅services/technology颅services/informationsecurity/antivirus颅software/).

4.3.5 Third party College Affiliates must comply with requirements as stated in the Contractor Screening Policy.

4.3.6 Organizations or individuals who wish to implement non颅standard Remote Access solutions to the 糖心TV production network must obtain prior approval from Information Security Office

5. Policy Compliance

5.1 Compliance Measurement

The College Information Security Office will verify compliance to this policy through various methods, including but not limited to, periodic walkthroughs, business tool reports, and feedback to the Information Security Office.

5.2 Exceptions

Any exception to the policy must be approved by the Chief Information Security Officer in advance.

5.3 Non颅Compliance

Use of VPN access in ways that are not consistent with the main purposes of the College, or that interfere with the work of other members of the College community, may be revoked, following the usual disciplinary processes of the College for students, faculty, and staff. For all others, the Vice President of Information Services, may revoke accounts for those who are neither employed nor enrolled in the College.

6. Process Summary

6.1 Eligibility to Access

a. Academic VPN allows all valid employees and students to access the College network resources.

b. Administrative VPN has restricted access. Based on requirements and approval employees and College Affiliates are added to the appropriate security groups based on their assigned roles.

c. Requests for Administrative VPN access is requested through Web Help Desk and requires supervisor approval and approval by the Information Security Office.

6.2 Installation

d. College颅-owned systems come from the Desktop Support Team with a VPN client pre颅installed on the PC/MAC.

e. IT Service Desk can assist with the installation of the VPN client.