Policies & Procedures

Information Technology

Remote Access Policy - 2D3

1. Preamble Statement/Purpose of Policy:
   The purpose of this policy is to establish the requirements for gaining off-campus access to the SIUE network, computing resources, and data for all users of SIUE resources including faculty, students, and staff. These standards are designed to minimize the risk of exposure and protect SIUE's internal computer systems, networks, and data.
   
   Storage of and access to University data eases use and expands functionality. Commensurate with that expansion is the need for appropriate security measures. Security is not distinct from functionality. The principles of academic freedom and free exchange of ideas apply to this policy, and this policy is not intended to limit or restrict those principles. This policy applies to all departments within the University.
2. Definitions:
   1. Servers are defined as any computer system configured to provide information or resources to users or other networked systems. Examples of servers include web servers (http/https), File Transfer Protocol (FTP), and e-mail.
   2. Public Servers are servers residing on the SIUE network designed to be accessible via the public Internet.
   3. Virtual Private Network (VPN) includes any application or system that is configured to tunnel or obfuscate network traffic in order for it to appear as if it originates within the SIUE network or to bypass firewalls or other enforcement mechanisms.
   4. VPN Accessible Servers are servers residing on the SIUE network designated to be accessible via the public Internet exclusively through the use of VPN technologies.
   5. Remote Access is used by SIUE faculty and staff to remotely access their designated on-campus workstation.
   6. System Administrator refers to an SIUE faculty, staff, or student who manages or maintains a computer system that resides on the SIUE network.
   7. User refers to any SIUE faculty, staff, student, or retiree who accesses SIUE's computing resources.
   8. Baseline Network Firewall Protection--The SIUE network has previously been configured with a "default open" stance. This means that incoming connections are allowed by default unless protection was specifically requested. Network segments implemented since 2005 have been configured with a "default block" stance. The remote access project will move the entire SIUE network to a "default block" stance by requiring approval for firewall policies that allow access.
3. Procedures:
   1. Requirements
      In order to utilize or access SIUE computing resources or data that are not designated for public access from remote locations (i.e. off-campus), the use of an approved Virtual Private Network (VPN) is required. VPN technology adds a layer of authentication, accountability, and encryption separate from those included on the server. Use of such technologies without approval of the CIO is prohibited.
      1. SIUE Information Technology Services (ITS) offers a number of VPN technologies including web-based SSL-VPN (WebSafe), encrypted wireless network extension, and IPSEC tunnels. Additionally, VPN services should be separate from the systems that they are used to protect.
   2. Authorization
      Public Servers and VPN Accessible Servers must be approved in writing by the CIO.
      1. Approvals are granted on an annual, per-user, per-application basis by all of the following parties:
         1. Supervisor
         2. Department Head / Director
         3. Vice Chancellor
         4. CIO (or delegate)
      2. Requests for approval and renewal will be processed and stored by the office of the CIO. Request forms are available on the ITS website.
      3. Approval is void if the server or system conditions change.

Approved by Chancellor effective 9/14/11
This policy was issued on September 28, 2011
Document Reference: 2D3
Origin: OC 9/14/11