Educause Security Discussion mailing list archives

Re: Student's Own VPN on Campus

From: "Boyd, Daniel" <dboyd () BERRY EDU>
Date: Wed, 28 Sep 2016 12:16:00 +0000

Since I am still fuzzy over the details on this question, I'm going to answer it both ways.

If a student (or students) requires a VPN to access a particular on-campus resource, then consideration should probably 
be given to make this available through the firewall with appropriate restrictions.  If it is a one-off requirement, 
such as a research project where the student needs access to data stored on campus-only servers, then a highly 
restricted VPN account could be issued on an existing VPN server.  Almost all VPN servers allow for some type of 
individual restriction at the user level.

If it is what I suspect, a VPN to go outbound from the campus network, absolutely not (with an exception).  The campus 
firewall provides enough anonymity already, there is no need to allow an outbound VPN connection - these services are 
typically used to circumvent campus security and firewall policy (in our case, to bypass the ban on torrent traffic) or 
to gain access to geo-fenced resources that are not meant to be accessed from particular locales.  Of course, there is 
always an exception, again relating to one-off situations where a student is working or interning at a company that 
requires VPN access for security reasons.  In this case, again, apply all necessary restrictions to make sure the VPN 
is used as intended (firewall schedules, restrictions on source or destination, etc.).

A lot of possibilities, and a lot of room for misuse, but generally, no, not a good idea.

Dan


Daniel H. Boyd (94C)
Senior Network Architect
Network Operations
Information Security Advisory Group Chair
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

There are two rules to follow with your account passwords:
1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!!
2. If unsure, consult rule #1



From: Fisch, Neal [mailto:Neal.Fisch () CSUCI EDU]
Sent: Monday, September 26, 2016 4:19 PM
Subject: Student's Own VPN on Campus

Good afternoon all,

I've received as request from a student who wishes to utilize their own personal VPN on our campus.  My questions to 
the group are:


1.       Do you see any risks to allowing this, and if so what are they?

2.       Do you see any benefits to allowing this and if so what are they?

Thank you for your time.

Neal

Neal Fisch
Director, Enterprise Services and Security
Information Security Officer
Division of Technology & Communication
California State University Channel Islands
One University Drive, Camarillo CA 93012
Solano Hall - Room 2178

Email:  neal.fisch () csuci edu<mailto:neal.fisch () csuci edu>
Voice:  805-437-3278 | Mobile:  805-443-6529 | Fax:  805-437-3377
[EXT_IS]

Current thread:

Student's Own VPN on Campus Fisch, Neal (Sep 26)
- Re: Student's Own VPN on Campus Frank Barton (Sep 26)
- Re: Student's Own VPN on Campus Napier, Mark E (Sep 26)
  - Re: Student's Own VPN on Campus Scott Link (Sep 26)
    - Re: Student's Own VPN on Campus Thomas Carter (Sep 26)
    - Message not available
    - Re: Student's Own VPN on Campus Thomas Dixon (Sep 26)
- Re: Student's Own VPN on Campus Nicholas Garigliano (Sep 27)
- <Possible follow-ups>
- Re: Student's Own VPN on Campus Boyd, Daniel (Sep 28)