Skip to main content

VPN Usage Standard

1.0 Purpose

The purpose of this policy is to provide guidelines for remote access to the Georgia Southwestern State University (GSW) campus network and its resources via Virtual Private Network (VPN) connections.

2.0 Scope

This policy applies to all GSW employees, contractors, consultants, temporaries, and other

workers including all personnel affiliated with third parties utilizing VPNs to access the GSW network. This policy applies to implementations of VPN that are directed through a VPN concentrator.

3.0 Policy

1. Approved GSW employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPNs, which are a "user managed" service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees. The GSW IIT (Information and Instructional Technologies) department is not responsible for VPN connection problems resulting from technical difficulties on the part of the user's ISP of choice.

2. It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to GSW's internal networks.

3. VPN use is to be controlled using either a one-time password authentication such as a token device or a public/private key system with a strong passphrase.

4. When actively connected to the corporate network, VPNs will force all traffic to and from the PC over the VPN tunnel: all other traffic will be dropped.

5. Dual (split) tunneling is NOT permitted; only one network connection is allowed.

6. VPN gateways will be set up and managed by GSW's IIT department.

7. By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of GSW's network, and as such are subject to the same rules and regulations that apply to GSW-owned equipment, i.e., their machines must be configured to comply with GSW's Information Security's Security Policies.

8. Users of computers that are not GSW owned equipment must configure the equipment to comply with GSW's VPN policy and Computer and Network Usage Policy.

9. All computers connected to GSW's internal networks via VPN or any other technology must up-to-date anti-virus software that has been approved by the Information and Instructional Technology (IIT) department. This includes personal computers.

10. Pings or other artificial network processes are not to be used.

11. Only IIT/Information Security-approved VPN clients may be used. VPN users will need to contact the IIT department to obtain the VPN client software.

4.0 Enforcement

Any authorized VPN account users found to have violated this policy will be subject to immediate suspension of remote access/VPN privileges, and disciplinary other actions.

5.0 Definitions

Term Definition

VPN Concentrator : A device in which VPN connections are terminated.

6.0 Revision History

Revision 3 February 16, 2015