Educause Security Discussion mailing list archives
Re: Student's Own VPN on Campus
From: "Boyd, Daniel" <dboyd () BERRY EDU>
Date: Wed, 28 Sep 2016 12:16:00 +0000
Since I am still fuzzy over the details on this question, I'm going to answer it both ways. If a student (or students) requires a VPN to access a particular on-campus resource, then consideration should probably be given to make this available through the firewall with appropriate restrictions. If it is a one-off requirement, such as a research project where the student needs access to data stored on campus-only servers, then a highly restricted VPN account could be issued on an existing VPN server. Almost all VPN servers allow for some type of individual restriction at the user level. If it is what I suspect, a VPN to go outbound from the campus network, absolutely not (with an exception). The campus firewall provides enough anonymity already, there is no need to allow an outbound VPN connection - these services are typically used to circumvent campus security and firewall policy (in our case, to bypass the ban on torrent traffic) or to gain access to geo-fenced resources that are not meant to be accessed from particular locales. Of course, there is always an exception, again relating to one-off situations where a student is working or interning at a company that requires VPN access for security reasons. In this case, again, apply all necessary restrictions to make sure the VPN is used as intended (firewall schedules, restrictions on source or destination, etc.). A lot of possibilities, and a lot of room for misuse, but generally, no, not a good idea. Dan Daniel H. Boyd (94C) Senior Network Architect Network Operations Information Security Advisory Group Chair Berry College Phone: 706-236-1750 Fax: 706-238-5824 There are two rules to follow with your account passwords: 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!! 2. If unsure, consult rule #1 From: Fisch, Neal [mailto:Neal.Fisch () CSUCI EDU] Sent: Monday, September 26, 2016 4:19 PM Subject: Student's Own VPN on Campus Good afternoon all, I've received as request from a student who wishes to utilize their own personal VPN on our campus. My questions to the group are: 1. Do you see any risks to allowing this, and if so what are they? 2. Do you see any benefits to allowing this and if so what are they? Thank you for your time. Neal Neal Fisch Director, Enterprise Services and Security Information Security Officer Division of Technology & Communication California State University Channel Islands One University Drive, Camarillo CA 93012 Solano Hall - Room 2178 Email: neal.fisch () csuci edu<mailto:neal.fisch () csuci edu> Voice: 805-437-3278 | Mobile: 805-443-6529 | Fax: 805-437-3377 [EXT_IS]
Current thread:
- Student's Own VPN on Campus Fisch, Neal (Sep 26)
- Re: Student's Own VPN on Campus Frank Barton (Sep 26)
- Re: Student's Own VPN on Campus Napier, Mark E (Sep 26)
- Re: Student's Own VPN on Campus Scott Link (Sep 26)
- Re: Student's Own VPN on Campus Thomas Carter (Sep 26)
- Message not available
- Re: Student's Own VPN on Campus Thomas Dixon (Sep 26)
- Re: Student's Own VPN on Campus Scott Link (Sep 26)
- <Possible follow-ups>
- Re: Student's Own VPN on Campus Boyd, Daniel (Sep 28)