Northern State University

VPN POLICY

Purpose

The purpose of this policy is to provide guidelines for secure use of NSU Virtual Private Network (VPN) solutions.

Scope

This policy applies to all NSU VPN solutions and any user utilizing NSU VPN services.

Policy

  1. Account Administration
    1. VPN access is available at no cost for current faculty and staff of NSU.
    2. VPN access is requested through the Net Services Help Desk or via the web at NSU VPN.
  2. Client Connectivity
    1. Only NSU Computer Services-approved VPN clients may be used.
    2. Users must install Symantec Anti-Virus software on each computer from which the NSU VPN server is accessed. NSU provides Symantec Anti-Virus licenses for home use by faculty and staff.
    3. Users connecting to the VPN server are strongly encouraged to install a software or hardware firewall.
    4. While a computer is connected to the VPN server, it is logically connected to both the NSU network and the Internet. The VPN will direct all network traffic to and from the client through the VPN tunnel. To prevent backdoors, split tunneling is not permitted. For security reasons and bandwidth conservation, each VPN user should disconnect from the VPN server when access to the NSU network is not required.
    5. Software VPN connections with 30 minutes of inactivity will be automatically disconnected.
    6. Software VPN connections will be limited to an absolute connection time of 8 consecutive hours.
    7. All users are subject to auditing. By using VPN technology with personal equipment, user machines become an extension of NSU’s network and are subject to all NSU rules, regulations, and policies.
    8. VPN connectivity issues related to third party networks are not supported. (Examples are hotels or Internet Service Providers that restrict IPSEC traffic; or home routers and network devices).
  3. Server Connectivity
    1. All VPN servers will be configured and maintained by NSU Computer Services

Definitions

VPN - Virtual Private Network – use of encryption and tunneling to provide secure, remote network connectivity.

Revision History

  • May 11, 2004 Policy Effective Date
  • June 22, 2005