Educause Security Discussion mailing list archives
Re: VPN policies.
From: "Nathan W. Labadie" <ab0781 () WAYNE EDU>
Date: Mon, 23 Apr 2007 09:48:24 -0400
Hello Matt, At our institution we're using a Juniper SSL VPN appliance. It's tied to our central authentication server and is currently restricted to staff and faculty usage by directory attributes. The VPN assigns ip addresses from predetermined pool. This includes both the web interface and the included IPSEC/SSL client. Some clients enable the VPN and connect directly to campus resources; others enable the VPN, connect to their desktop, and handle remote work from there. The type of usage is primarily left up to the user. We treat the pool of VPN addresses the same as we do the rest of the campus, i.e. "trusted but not much". The VPN users essentially have as much access as they would on campus. However, all of our production servers are behind a dedicated firewall with an inline IDS. The combination firewall and IDS screens out the majority of malicious traffic, most being caused by run-of-the-mill worms and viruses. Hope this helps. Thanks, Nate On Friday 20 April 2007, Matthew Gracie wrote:
Like most institutions, I'm sure, we're getting more and more requests from people who want access to on-campus resources from off-campus. Our VPN concentrator is more than up to the task, but right now, we're discussing the best set of policies to allow people access to work from home without compromising data. How are people handling this? Are users accessing VPNs with their personally owned machines at your institution? Are you mandating laptops for users who work from home? An entirely different computer that stays at the employee's house? Who pays for the Internet connection? What about other hardware (routers, APs, etc.) that they need? Is IT supplying computers for off-campus use, or is it the job of the department? Any and all input is appreciated. --Matt
-- Nathan W. Labadie Sr. Security Specialist C&IT Security and Access Management http://sam.wayne.edu Wayne State University http://www.wayne.edu "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
Current thread:
- VPN policies. Matthew Gracie (Apr 20)
- <Possible follow-ups>
- Re: VPN policies. Timothy J. fairlie (Apr 20)
- Re: VPN policies. Charlie Prothero (Apr 20)
- Re: VPN policies. Scholz, Greg (Apr 20)
- Re: VPN policies. Joey Rego (Apr 20)
- Re: VPN policies. Scholz, Greg (Apr 20)
- Re: VPN policies. Yandro Chavez Rubio (Apr 20)
- Re: VPN policies. Joey Rego (Apr 21)
- Re: VPN policies. Philip Webster (Apr 23)
- Re: VPN policies. Nathan W. Labadie (Apr 23)