Educause Security Discussion mailing list archives
Re: Remote Access Policies
From: Philip Webster <p.webster () QUT EDU AU>
Date: Wed, 16 Jul 2008 08:53:48 +1000
Matthew Gracie wrote on 16/07/2008 01:30 :
Todd Bossaller wrote:Does anyone have any policies or rules they would be willing to share for remote access (VPN) to their instituion? Are there any legal policies/procedures I should be aware of?A big one for us when we started formalizing security policies was forbidding connection to the VPN from personally-owned computers. I didn't feel that the College had any right to enforce proper security policies on computers that we don't own, so now users who wish to use the VPN to work at home have to request a laptop from their department. It seems like a minor point, but it's astonishing how malware-infested the home computer of the average PhD is these days.
We had the same issue but took a different approach and forced all of our VPN connections through an IPS. This immediately reduced the amount of malicious traffic we were seeing, and over time has shown us that security of home PCs does seem to be improving. We also get an indication of the effectiveness of some of our awareness campaigns - e.g. we saw a dramatic reduction in detections on the IPS just after we first gave away free AV software to students. Phil -- Philip Webster, IT Security Engineer Queensland University of Technology
Current thread:
- Remote Access Policies Todd Bossaller (Jul 14)
- <Possible follow-ups>
- Re: Remote Access Policies Gary Dobbins (Jul 14)
- Re: Remote Access Policies Charlie Prothero (Jul 14)
- Re: Remote Access Policies Bill Terry (Jul 14)
- Re: Remote Access Policies Matthew Gracie (Jul 15)
- Re: Remote Access Policies Kim Z. Dale (Jul 15)
- Re: Remote Access Policies Di Fabio, Andrea (Jul 15)
- Re: Remote Access Policies Philip Webster (Jul 15)