Educause Security Discussion mailing list archives
Re: College Support of VPN on open Wi-Fi
From: "Johnson, Matthew" <m.johnson () NORTHEASTERN EDU>
Date: Fri, 6 Oct 2017 19:04:58 +0000
A good portion of our VPN access is from students / staff/ and faculty traveling overseas. We encourage its use when people travel or return to their home as it provides an additional level of protection when they connect back to our internal resources. To protect these accounts we recently enabled Duo two factor authentication for all VPN connections. This will ensure that the proper account is connecting through the VPN and only one person is using that account. If you are worried about VPN from overseas, enable two factor authentication and tie it to one user account. Matt Matthew Johnson, CISSP Information Security Analyst, Office of Information Security Northeastern University 216 Massachusetts Ave, 302-216 Boston, MA 02115 O: 617-373-6080 | F: 617-373-6423 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Thursday, October 05, 2017 5:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi On Wed, 04 Oct 2017 23:44:35 -0000, "Corn, Michael" said:
One thing to consider if you're rethinking your VPN strategy. Include a check box somewhere that, if checked, permits access to the VPN from overseas. By default it should not be checked. This will provide some protection to accounts from abuse since VPNs are frequent targets for use from overseas (esp. for those targeting your library resources).
Also make plans for how to deal with people that travel to California, or across the state, and errant Geo-IP suddenly decides they're outside the US. Make sure that your help desk is able to deal with these glitches *AND* that the procedure is at least somewhat social engineering proof.... (Yes, I know that last part is a challenge involving tradeoffs ... :)
Attachment:
smime.p7s
Description:
Current thread:
- College Support of VPN on open Wi-Fi James Farr (Oct 04)
- Re: College Support of VPN on open Wi-Fi Corn, Michael (Oct 04)
- Re: College Support of VPN on open Wi-Fi Valdis Kletnieks (Oct 05)
- Re: College Support of VPN on open Wi-Fi Johnson, Matthew (Oct 06)
- Re: College Support of VPN on open Wi-Fi McClenon, Brady (Oct 06)
- Re: College Support of VPN on open Wi-Fi Kevin Crider (Oct 06)
- Re: College Support of VPN on open Wi-Fi Frank Barton (Oct 07)
- Re: College Support of VPN on open Wi-Fi Kevin Crider (Oct 07)
- Re: College Support of VPN on open Wi-Fi Valdis Kletnieks (Oct 05)
- Re: College Support of VPN on open Wi-Fi Corn, Michael (Oct 04)