Educause Security Discussion mailing list archives
Re: Remote access and data offloads.
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Wed, 5 Apr 2006 04:52:22 +1200
Doug Sandford wrote:
Does anyone have a workable institutional poly regarding remote desktop access versus VPN? We want to put something together that 'encourages' the use of a VPN connection that permits a degree of accountability. Although our Acceptable Use Policy addresses University data in all forms as just that, we would like to reiterate that issue of downloading institutional data to home computers etc.
We are currently working on a remote access policy but it is more focused on getting users to use appropriate levels of security technology (and common-sense) depending on what sort of data institutional data they are accessing. (Or just as importantly which set of access credentials they are using). EG. for strictly confidential material we recommend VPN from a system that compiles with our standards -- fully patched, AV, blah, blah, blah... (e.g. a personal laptop which has been set up by local IT staff or a managed desktop at another university). As always the real purpose of the policy is to get people to stop an think before hopping into a some airport cyber cafe to check on their grant application. Russell
Current thread:
- Remote access and data offloads. Doug Sandford (Apr 04)
- <Possible follow-ups>
- Re: Remote access and data offloads. Russell Fulton (Apr 04)
- Re: Remote access and data offloads. Chris Green (Apr 05)
- Re: Remote access and data offloads. Russell Fulton (Apr 05)
- Re: Remote access and data offloads. Steve Brukbacher (Apr 05)