UW-La Crosse VPN Use Policy
Approved December 16, 2005
Establish conditions for use of VPN access to campus resources.
This policy is implemented on the computers used to access campus resources with a VPN connection and will affect off campus network users.
A Virtual Private Network (VPN) connection involves running client software on a remote computer that connects over the internet to a VPN concentrator on campus. This arrangement bypasses the campus border firewall making the remote computer appear to be a computer on campus. This permits software that works on campus to work remotely. While packets passed over this connection are encrypted, if the remote computer is not secure, the campus is vulnerable to attack.
In order to be added to the group that is allowed to use the VPN connection the following conditions must be met:
- The remote computer must have the campus standard antivirus software installed, active, and kept up to date. The campus has a site license for this product which can be installed over the network and configured so it is kept current.
- The remote computer must be configured to automatically download and install critical updates as they come out.
- The remote computer must have a personal firewall enabled. For example, Windows XP has a built-in firewall and it must be enabled.
- Any computer being used for a VPN connection to the UW-L network must be university owned and should have only the software required for University related work.
- A valid reason must be provided as to why off campus VPN access is required. E-mail access alone is not a valid reason for VPN privileges. The university provides secure access to e-mail from off campus.
VPN access is intended for ITS staff members who are, at times, required to work with critical systems while off campus. Administrators, faculty, and staff outside ITS who comply with the required security practices may also be included. The CIO has final authority in approving VPN access requests.
VPN software must be installed and configured by the Technical Support Services department in the ITS Support Center.
Consequence of Non-Compliance
Allowing VPN connections to the UW-L network greatly increases its vulnerability if the remote computers are not secure due to the fact that the remote computers are treated like they are behind UW-L’s firewall.
UW-L Security Study, Network Security section 2, Serial No. 2, Findings Ref. No. B.1
UW-L Security Study, Documented Network Operating Procedures for Security section 2, Serial No. 4, Findings Ref. No. C.1