Educause Security Discussion mailing list archives
Re: Questions about your VPN
From: Adam Maynard <AMaynard () CLARKU EDU>
Date: Tue, 11 Oct 2016 15:18:17 +0000
Do you require two-factor authentication? If you have confidential data, like that required of PCI, HIPAA, etc. 2FA is a must. Who do you allow on your VPN (fac, staff, students, IT)? Staff/IT – yes. Faculty and students on a case-by-case basis. Like, maybe if they’re working on a non-sensitive research project. How many profiles do you have (one for each above, more granular)? I think it might be easier to do security groups and ACL’s Do you require a managed workstation to access the VPN? A Secure Centrally/Domain managed machine, like a typical workstation. Restrict remoting tools (MS RDC, SSH). For example an IT member would VPN in, WOL (if needed), RDC/RDP to their workstation, and login as normal. You could also have a dedicated workstation that doesn’t sleep, on the campus side for remote access, for say trusted IT that need to access sensitive data. But you could already have staff and faculty that use 3rd party tools like Chrome RD, PCanywhere, Logmein, etc. _ |_| _| _ __ | |(_|(_|||| From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam Copeland Sent: Tuesday, October 11, 2016 10:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Questions about your VPN Everyone, Our org is trying to put together a long term plan on how we're going to use our VPN for off-campus access to on-campus resources and I was just curious what other schools were doing. I'm personally of the opinion that our use of a VPN as educational institutions would wind up being very different from VPN use in an org like a healthcare provider or financial institution. However, I wanted to gather some information about what edus do. Any answers to these questions would be helpful. Who do you allow on your VPN (fac, staff, students, IT)? How many profiles do you have (one for each above, more granular)? Do you require two-factor authentication? Do you require a managed workstation to access the VPN? Thanks for your help. -- Adam Copeland Security Engineer Information Security and Identity Management copelanda () mail montclair edu<mailto:copelanda () mail montclair edu>
Current thread:
- Questions about your VPN Adam Copeland (Oct 11)
- Re: Questions about your VPN Adam Maynard (Oct 11)
- Re: Questions about your VPN Eric Hays (Oct 11)
- Re: Questions about your VPN David Curry (Oct 11)
- Re: Questions about your VPN Steven Alexander (Oct 11)