Remote Access Policy
Revised: 06/30/2009
1. Purpose.
This policy defines standards for connecting to TCCC-RYSS Information Technology Network from any Host. These standards are designed to minimize potential exposure of TCCC-RYSS to damages that result from Unauthorized Use of TCCC-RYSS Information Technology Network. Damages include, but are not limited to: the loss of sensitive or confidential data, loss of Intellectual Property, damage to the TCCC-RYSS’s public image, damage to the TCCC-RYSS’s internal systems, and financial damages of all kinds.
2. Scope.
This policy applies to all Authorized Users including TCCC-RYSS faculty, staff, Students, employees and affiliates, who utilize TCCC-RYSS-owned or personally-owned information technology resources to connect such devices to the TCCC-RYSS Information Technology Network. This policy applies to Remote Access connections used to do work on behalf of TCCC-RYSS, including but not limited to Email correspondence and accessing Intranet web resources.
Remote Access implementations that are covered by this policy include, but are not limited to: dial-up Modems, Frame Relays, Integrated Services Digital Network (ISDN) connections, Digital Subscriber Line (DSL) connections, Cable Modems, etc.
3. Policy.
General
1. Authorized Users with Remote Access privileges to the TCCC-RYSS Information Technology Network must ensure that their Remote Access connection complies with the TCCC-RYSS Information Technology Policies and Procedures, and treat it with the same consideration as their on-site connection to TCCC-RYSS.
2. General access to the Internet through the TCCC-RYSS Information Technology Network, for reasonable recreational use by immediate household members of TCCC-RYSS on personal computers, is permitted. Each Authorized User is responsible for ensuring that the family members comply with the TCCC-RYSS Information Technology Policies and Procedures, does not perform illegal activities, and does not use the access for outside business purposes. Each Authorized User bears responsibility for any consequences of misuse.
3. Authorized Users must review the following policies to determine how to protect information when accessing the TCCC-RYSS Information Technology Network via Remote Access methods, and for acceptable use of the TCCC-RYSS Information Technology Network:
a. The TCCC-RYSS Acceptable Encryption Policy
b. The TCCC-RYSS Virtual Private Network Policy
c. The TCCC-RYSS Wireless Communications Policy
d. The TCCC-RYSS Acceptable Use Policy
4. For additional information regarding the TCCC-RYSS's Remote Access connections, Authorized Users should contact the Information Technology Services department.
Requirements
1. Secure Remote Access must be strictly controlled. Control will be enforced via one-time password authentication or public / private keys with strong Pass-phrases. For information about how to create a strong Pass-phrase, Authorized Users should refer to the Password Policy.
2. Authorized Users must not provide their login identification to the TCCC-RYSS Information Technology Network or its resources to anyone, not even family members.
3. Authorized Users who, as a TCCC-RYSS employee or affiliates with Remote Access privileges, must ensure that TCCC-RYSS-owned or personal information technology resources are not connected to any other Network at the same time they are connected to the TCCC-RYSS Information Technology Network (with the exception of personal Networks that are under the complete control of the Authorized User).
4. Authorized Users who, as a TCCC-RYSS employee or affiliates with remote Authorized User access privileges to the TCCC-RYSS Information Technology Network must not use non-TCCC-RYSS Email accounts (e.g. Hotmail, Yahoo, and AOL) or other external resources to conduct TCCC-RYSS business, thereby ensuring that official business is never confused with personal business.
5. Routers for dedicated ISDN lines configured for access to the TCCC-RYSS Information Technology Network must meet the minimum authentication requirements of the Challenge Handshake Authentication Protocol (CHAP).
6. Reconfiguration of an Authorized User’s home equipment for the purpose of Split-Tunneling or Dual Homing is not permitted.
7. Frame Relay must meet the minimum authentication requirements of Data-Link Connection Identifier (DLCI) standards.
8. Non-standard Hardware configurations must be approved by Information Technology Services personnel, and Information Security personnel must approve Security configurations for access to Hardware.
9. All Hosts that are connected to the TCCC-RYSS Information Technology Network via Remote Access technologies, including personal computers, must use the most recent corporate-standard Anti-Virus Software. Third-party connections to the TCCC-RYSS Information Technology Network must comply with requirements as stated in the Third Party Agreement documentation.
10. Personal equipment that is used to connect to the TCCC-RYSS Information Technology Network must meet the same requirements applied to TCCC-RYSS-owned equipment for Remote Access.
11. Organizations or Authorized Users who wish to implement non-standard Remote Access solutions to the TCCC-RYSS Information Technology Network must obtain prior written approval from the Information Technology Services department.
4. Enforcement.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
