Remote Access Guidelines
The purpose of these guidelines is to outline recommendations for allowing remote access to the University’s internal network. General access to the university’s business systems is restricted to IP blocks assigned to the University. Users demonstrating a professional need to access the campus’ internal system will be granted access from remote IP’s on a limited basis.
These guidelines apply to equipment owned and/or operated by McNeese State University, and to servers registered under any McNeese State University-owned internal network domain. These guidelines are specifically for equipment on the internal McNeese State University network.
- Network Services scans for unauthorized devices which are attached to network, and removes them when discovered at the direction of the Chief Information Technology Officer.
- Remote users should not access the University’s internal network directly.
- In addition to the latest operating system and internet browser security updates, users are encouraged to maintain antivirus software with the latest signatures, personal firewall sofware, updated VPN sofware, and spyware removal software with the latest signatures. The university is researching methods to verify updated software patches on remote machines before complete access to the system is granted.
- The end user establishes a connection to the VPN server on campus. VPN software is provided by the University along with the configuration settings. Remote access is granted to specific users based upon a request to the Chief Information Technology Officer with a demonstrated need.
- This connection establishes a secure “tunnel” to the campus network through the VPN server.
- The user must have an active account in the LDAP directory.
- The IPsec or SSL/TLS protocols are used for encrypting all data during this connection.
- The user is assigned an IP address from a unique block of addresses by the VPN server.
- The user is denied/granted access to any server based on this block of addresses and their business defined need.
- A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. [en.wikipedia.org/wiki/Virtual_private_network] Retrieved 2015-05-08
- The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. [en.wikipedia.org/wiki/LDAP] Retrieved 2015-05-08
- Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
. . .
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers at Application layer. [en.wikipedia.org/wiki/IPsec] Retrieved 2015-05-08
- Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.
. . .
In the Internet Protocol Suite, TLS and SSL encrypt the data of network connections in the application layer. In OSI model equivalences, TLS/SSL is initialized at layer 5 (session layer) and works at layer 6 (the presentation layer). [en.wikipedia.org/wiki/Transport_Layer_Security] Retrieved 2015-05-18
Revision History Version Date New Original
Approvals Name Role Members Date