Remote Access

1.0 Purpose

The purpose of these guidelines is to define standards for connecting the University's network from any remote host. These standards are designed to minimize the potential exposure to the University from damage which may result from unauthorised use of University resources, including the loss of sensitive or company confidential data, theft of intellectual property, damage to the public image of the institutuion, or corruption of critical University internal systems.

2.0 Scope

These Guidelines apply to anyone using a computer to connect to the University network. The Guidelines apply to remote access connections used to do work on behalf of the University, including reading or sending email and viewing intranet web resources.

Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems.

3.0 Guidelines

3.1 General

It is the responsibility of the University employees, contractors, vendors and agents with remote access privileges to the University's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to the University.

General access to the Internet for recreational use by immediate household members through the University Network on personal computers is permitted for employees that have flat-rate services. The University employee is responsible to ensure the family member does not violate any of the University policies, does not perform illegal activities, and does not use the access for outside business interests. The University employee bears responsibility for the consequences should the access be misused.

Please review the following Guidelines for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of the University's network:

3.2 Requirements

Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private kegs with strong pass-phrases. For information on creating a strong pass-phrase see the Password Policy.

At no time should any University employee provide their login or email password to anyone, not even family members.

University employees and contractors with remote access privileges to the University's corporate network must not use non-University email accounts (i.e. Hotmail, Yahoo, AOL), or other external resources to conduct the University business, thereby ensuring that official business is never confused with personal business.

Routers for dedicated ISDN lines configured for access to the University network must meet minimum authentication requirements of CHAP.

All hosts that are connected to the University internal networks via remote access technologies must use the most up-to-date anti-virus software, this includes personal computers.

Personal equipment that is used to connect to the University's networks must meet the requirements of the University-owned equipment for remote access.

Organisations or individuals who wish to implement non-standard Remote Access solutions to the University production network must obtain prior approval from Information Services.

4.0 Definitions

TermDefinition
Cable Modem Cable companies such as AT&T Broadband provide Internet access over Cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps. Cable is currently available only in certain communities.
CHAP Challenge Handshake Authentication Protocol is an authentication method that uses a one-way hashing function.
Dial-in Modem A peripheral device that connects computers to each other for sending communications via the telephone lines. The modem modulates the digital data of computers into analogue signals to send over the telephone lines, then demodulates back into digital signals to be read by the computer on the other end; thus the name "modem" for modulator/demodulator.
DSL Digital Subscriber Line (DSL) is a form of high-speed Internet access competing with cable modems. DSL works over standard phone lines and support data speeds of over 2 Mbps downstream (to the user) and slower speeds upstream (to the Internet).
Frame Relay A method of communication that incrementally can go from the speed of an ISDN to the speed of a T1 line. Frame Relay has a flat-rate billing charge instead of a per time usage. Frame Relay connects via the telephone company's network.
ISDN There are two flavours of Integrated Services Digital Network or ISDN: BRI and PRI. BRI is used for home office/remote access. BRI has two "Bearer" channels at 64kbit (aggregate 128kb) and 1 D channel for signal info.
Remote Access Any access to the University's corporate network through a non-University controlled network, device, or medium.