Remote Access Guidelines
The purpose of these guidelines is to develop recommendations for allowing remote access to the university’s internal network. General access to the university’s business systems is locked to IP blocks assigned to the university. A limited number of users demonstrating a professional need to access the campus’ internal system will be granted access from remote IP’s on a limited basis.
These guidelines apply to equipment owned and/or operated by McNeese State University, and to servers registered under any McNeese State University-owned internal network domain. These guidelines are specifically for equipment on the internal McNeese State University network.
General Configuration Guidelines
- Network Services scans for unauthorized devices which are attached to network, and removes them when discovered at the direction of the Chief Information Technology Officer.
- Direct access is prohibited to the university’s internal network.
- Users are encouraged to maintain updated virus and firewall patches on their local machines. The university is researching alternative methods to verify updated software patches on remote machines before complete access to the system is granted.
- The end user establishes a connection to the VPN server on campus. VPN software is provided by the university along with the configuration settings. Software is distributed to specific users based upon a request to the Chief Information Technology Officer with a demonstrated need.
- This connection establishes a secure “tunnel” to the campus network through the VPN server.
- The user must have an active account in the LDAP server.
- The IPsec protocol is used for encrypting all data during this connection.
- The user grabs an IP address from a unique block of addresses (assigned by the VPN server).
- The user is denied/granted access to any server based on this block of addresses and their business defined need.
- A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. [en.wikipedia.org/wiki/Virtual_private_network]
- The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[en.wikipedia.org/wiki/LDAP]
- Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. [en.wikipedia.org/wiki/IPsec]
Revision HistoryFri Dec 20 2013