Procedure 7.02.01 - Remote Network Access
The college recognizes the need for remote access to the college’s private network resources. The purpose of this policy is to provide guidelines for remote access that maintains the security of the college’s network. This policy applies to anyone accessing resources inside the college’s private network.
Approved Southeastern Community College (SCC) employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of the college’s Virtual Private Network (VPN) to access network resources as if they were on campus. Approval for VPN access will be obtained through the special configuration allowance defined in the Information Systems Access Policy. This is a “user managed” service, which means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees. The user must adhere to the following access guidelines:
The following are the guidelines that must be followed to remotely access the college’s network resources via a VPN connection:
- It is the responsibility of the user with VPN privileges to ensure that unauthorized users are not allowed access to SCC’s internal networks.
- VPN use is to be controlled with user authentication in the form of a username and strong password.
- When actively connected to the college’s network, the VPN connection will force all traffic to and from the computer over the VPN tunnel: all other traffic will be dropped.
- Dual (split) tunneling is NOT permitted; only one network connection is allowed.
- All VPN gateways will be set up and managed by SCC’s IT department.
- All computers connected to SCC internal networks via VPN must use up-to-date antivirus software and must have the latest operating system security patches applied. The status of these updates will be checked by a Network Access Controller, which will deny access until the required updates are current (Not yet in place).
- VPN users will be automatically disconnected from SCC’s network after thirty minutes of inactivity. The user must then logon again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open.
- The VPN concentrator is limited to an absolute connection time of 1 (one) hour after which the user will be required to log on again.
- Only approved VPN clients may be used and are available from the IT department. SCC will not load the VPN client or accept responsibility for issues arising from the loading of the VPN client on any hardware that does not belong to the college.
- By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of SCC’s network, and as such they should ensure that they are Malware free prior to establishing a VPN connection.
The college provides web resources (web pages, infonet, email, etc.) to both unauthenticated and authenticated users. The users must adhere to the following access guidelines:
The following are the guidelines that must be followed to access the college’s web resources:
- Unauthorized users should not attempt to access authenticated resources.
- It is the responsibility of the user with authenticated access to ensure that unauthorized users are not allowed to access authenticated resources.
Remote Desktop Access
The college discourages all remote desktop access to computers on the college’s private network. However, the college also recognizes the fact that remote access is sometimes necessary for support purposes.
The following are the guidelines that must be followed to allow remote desktop access:
- Remote desktop access should only be used for technical support purposes and should be justified prior to the connection being allowed.
- Remote desktop access should be the last resort in obtaining technical support especially from outside the college’s private network.
- Remote desktop access to college computers from outside the college’s private network is prohibited unless a member of the IT staff is present.
- The remote desktop computer must be logged out of all applications requiring authentication unless the application is the reason for the remote connection. The user is ultimately responsible for the privacy of the sensitive information on their computer.
Reviewed and Last Updated on October 19, 2020.