Educause Security Discussion mailing list archives

Re: VPN policies.

From: "Nathan W. Labadie" <ab0781 () WAYNE EDU>
Date: Mon, 23 Apr 2007 09:48:24 -0400

Hello Matt,

At our institution we're using a Juniper SSL VPN appliance. It's tied to
our central authentication server and is currently restricted to staff
and faculty usage by directory attributes. The VPN assigns ip addresses
from predetermined pool. This includes both the web interface and the
included IPSEC/SSL client. Some clients enable the VPN and connect
directly to campus resources; others enable the VPN, connect to their
desktop, and handle remote work from there. The type of usage is
primarily left up to the user.

We treat the pool of VPN addresses the same as we do the rest of the
campus, i.e. "trusted but not much". The VPN users essentially have as
much access as they would on campus. However, all of our production
servers are behind a dedicated firewall with an inline IDS. The
combination firewall and IDS screens out the majority of malicious
traffic, most being caused by run-of-the-mill worms and viruses.

Hope this helps.

Thanks,
Nate

On Friday 20 April 2007, Matthew Gracie wrote:

Like most institutions, I'm sure, we're getting more and more
requests from people who want access to on-campus resources from
off-campus. Our VPN concentrator is more than up to the task, but
right now, we're discussing the best set of policies to allow people
access to work from home without compromising data.

How are people handling this? Are users accessing VPNs with their
personally owned machines at your institution? Are you mandating
laptops for users who work from home? An entirely different computer
that stays at the employee's house? Who pays for the Internet
connection? What about other hardware (routers, APs, etc.) that they
need? Is IT supplying computers for off-campus use, or is it the job
of the department?

Any and all input is appreciated.

--Matt


--
Nathan W. Labadie
Sr. Security Specialist
C&IT Security and Access Management
http://sam.wayne.edu
Wayne State University
http://www.wayne.edu

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759

Current thread:

VPN policies. Matthew Gracie (Apr 20)
- <Possible follow-ups>
- Re: VPN policies. Timothy J. fairlie (Apr 20)
- Re: VPN policies. Charlie Prothero (Apr 20)
- Re: VPN policies. Scholz, Greg (Apr 20)
- Re: VPN policies. Joey Rego (Apr 20)
- Re: VPN policies. Scholz, Greg (Apr 20)
- Re: VPN policies. Yandro Chavez Rubio (Apr 20)
- Re: VPN policies. Joey Rego (Apr 21)
- Re: VPN policies. Philip Webster (Apr 23)
- Re: VPN policies. Nathan W. Labadie (Apr 23)