Educause Security Discussion mailing list archives

Re: Questions about your VPN

From: David Curry <david.curry () NEWSCHOOL EDU>
Date: Tue, 11 Oct 2016 12:04:23 -0400

Who do you allow on your VPN (fac, staff, students, IT)?


IT staff (except student workers) have "birthright" access.

Faculty and staff have access on a request basis. The requests are always
granted, the process exists to (1) enable us to make sure that the
requesting user has completed security training, (2) allow us to keep track
of how many licenses we need to maintain, and (3) be able to communicate
with the user community when needed.

How many profiles do you have (one for each above, more granular)?


Two. One that does split tunnel (the default) and one that does full tunnel
(generally only used for users who need to access Google or something else
from a country that blocks such access).

Do you require two-factor authentication?


Yes, for all VPN users.

Do you require a managed workstation to access the VPN?


No.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.curry () newschool edu

[image: The New School]

On Tue, Oct 11, 2016 at 10:35 AM, Adam Copeland <
copelanda () mail montclair edu> wrote:

Everyone,

Our org is trying to put together a long term plan on how we're going to
use our VPN for off-campus access to on-campus resources and I was just
curious what other schools were doing.

I'm personally of the opinion that our use of a VPN as educational
institutions would wind up being very different from VPN use in an org like
a healthcare provider or financial institution. However, I wanted to gather
some information about what edus do. Any answers to these questions would
be helpful.

Who do you allow on your VPN (fac, staff, students, IT)?

How many profiles do you have (one for each above, more granular)?

Do you require two-factor authentication?

Do you require a managed workstation to access the VPN?

Thanks for your help.

--
*Adam Copeland*
Security Engineer
Information Security and Identity Management
copelanda () mail montclair edu

Current thread:

Questions about your VPN Adam Copeland (Oct 11)
- Re: Questions about your VPN Adam Maynard (Oct 11)
- Re: Questions about your VPN Eric Hays (Oct 11)
- Re: Questions about your VPN David Curry (Oct 11)
  - Re: Questions about your VPN Steven Alexander (Oct 11)