Educause Security Discussion mailing list archives
Re: Student's Own VPN on Campus
From: "McClenon, Brady" <Brady.McClenon () ONEONTA EDU>
Date: Tue, 4 Oct 2016 15:32:01 +0000
For the second scenario, you missed what is probably the most popular reason our students use VPNs, which is for gaming. They help protect against DDOS attempts by unethical opponents and in some cases reduce latency. I'm also not sure how you would block usage of outgoing VPN connections. If I connect to an SSL/TLS VPN on port 443, how would it be distinguished from normal HTTPS traffic? Brady McClenon Information Technology Security Administrator Information Technology Services - IT Security B237 Milne Library SUNY College at Oneonta 607-436-3203 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Boyd, Daniel Sent: Wednesday, September 28, 2016 8:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Student's Own VPN on Campus Since I am still fuzzy over the details on this question, I'm going to answer it both ways. If a student (or students) requires a VPN to access a particular on-campus resource, then consideration should probably be given to make this available through the firewall with appropriate restrictions. If it is a one-off requirement, such as a research project where the student needs access to data stored on campus-only servers, then a highly restricted VPN account could be issued on an existing VPN server. Almost all VPN servers allow for some type of individual restriction at the user level. If it is what I suspect, a VPN to go outbound from the campus network, absolutely not (with an exception). The campus firewall provides enough anonymity already, there is no need to allow an outbound VPN connection - these services are typically used to circumvent campus security and firewall policy (in our case, to bypass the ban on torrent traffic) or to gain access to geo-fenced resources that are not meant to be accessed from particular locales. Of course, there is always an exception, again relating to one-off situations where a student is working or interning at a company that requires VPN access for security reasons. In this case, again, apply all necessary restrictions to make sure the VPN is used as intended (firewall schedules, restrictions on source or destination, etc.). A lot of possibilities, and a lot of room for misuse, but generally, no, not a good idea. Dan Daniel H. Boyd (94C) Senior Network Architect Network Operations Information Security Advisory Group Chair Berry College Phone: 706-236-1750 Fax: 706-238-5824 There are two rules to follow with your account passwords: 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!! 2. If unsure, consult rule #1 From: Fisch, Neal [mailto:Neal.Fisch () CSUCI EDU] Sent: Monday, September 26, 2016 4:19 PM Subject: Student's Own VPN on Campus Good afternoon all, I've received as request from a student who wishes to utilize their own personal VPN on our campus. My questions to the group are: 1. Do you see any risks to allowing this, and if so what are they? 2. Do you see any benefits to allowing this and if so what are they? Thank you for your time. Neal Neal Fisch Director, Enterprise Services and Security Information Security Officer Division of Technology & Communication California State University Channel Islands One University Drive, Camarillo CA 93012 Solano Hall - Room 2178 Email: neal.fisch () csuci edu<mailto:neal.fisch () csuci edu> Voice: 805-437-3278 | Mobile: 805-443-6529 | Fax: 805-437-3377 [EXT_IS]
Current thread:
- Re: Student's Own VPN on Campus McClenon, Brady (Oct 04)
- <Possible follow-ups>
- Re: Student's Own VPN on Campus Boyd, Daniel (Oct 05)
- Re: Student's Own VPN on Campus Theresa Rowe (Oct 06)
- Re: Student's Own VPN on Campus Fisch, Neal (Oct 07)