1. Purpose.
This Policy provides standards for Remote Access by Authorized Users to the TCCC-RYSS Information Technology Network via Virtual Private Network (VPN) connections, using the IP Security (IPSec) or Layer 2 Tunneling Protocols.
2. Scope.
This policy applies to all Authorized Users utilizing VPNs to access the TCCC-RYSS Information Technology Network. This policy also applies to implementations of VPN that are directed through an IPSec concentrator.
3. Policy.
Authorized Users who are reviewed by the Information Technology Services department may utilize Virtual Private Networks. A VPN is a “user-managed” Service, in which the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation of the Service as well as any required Software, and paying all fees. Further details may be found in the Remote Access Policy documentation.
1. It is the responsibility of the Authorized VPN User to ensure that Unauthorized Users are not allowed access to the TCCC-RYSS Information Technology Network.
2. Authorized Users must be in compliance with the Password Policy.
3. When actively connected to the TCCC-RYSS Information Technology Network, the VPN Software forces all traffic to and from the user’s information technology resource over the VPN tunnel. All other traffic is dropped.
4. Dual (or split) tunneling is not permitted. Only one Network connection is allowed.
5. VPN gateways must be set up and managed by Information Technology Services personnel.
6. All information technology resources connected to the TCCC-RYSS Information Technology Network by Authorized Users via VPN or any other technology must use the most recent corporate-standard Anti-Virus Software.
7. Authorized VPN Users are automatically disconnected from the TCCC-RYSS Information Technology Network after thirty minutes of inactivity. The Authorized VPN User must then log on again to reconnect to the TCCC-RYSS Information Technology Network. Pings or other artificial Network processes must not be used to keep the connection open. Special consideration for campus centers will be granted.
26
8. The VPN concentrator is limited to an absolute connection time of 24 hours.
9. Authorized Users of information technology resources that are not owned by TCCC-RYSS must configure their resources to comply with the TCCC-RYSS's VPN and Network Policy documentation.
10. Only VPN clients utilized by Authorized Users and approved by appropriate Information Security personnel can be used.
11. By using VPN technology with personal equipment, Authorized Users must understand that their machines are a de-facto extension of the TCCC-RYSS Information Technology Network, and as such are subject to the same rules and regulations that apply to equipment owned by TCCC-RYSS (i.e. their machines must be configured to comply with TCCC-RYSS Information Technology Policies and Procedures documentation).
4. Enforcement.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
