Remote Access

PURPOSE

This policy defines the stipulations for accessing Mont Alto data network resources and servers from a remote location.  Recognizing the security risks inherent to remote access, this policy must be followed to ensure data integrity and security.

SCOPE

This policy applies to any device and personnel seeking to gain remote access to resources that are ordinarily accessible only via the local Mont Alto data network.  Computer systems secured by a De-Militarized Zone are not affected under this policy.

DEFINITIONS

Device – A computer, electronic tool or communication apparatus with the ability to connect to a data or communication network.
Internet - A worldwide system of computer networks
VPN (Virtual Private Network) – A technology used to allow a user or network to connect in a secure and virtual manner via open or public communication channels.  A VPN grants a remote user (e.g. working from home) secure access to local network services as if he/she were sitting in his/her office.

POLICY

Requesting Access

Requests for remote access to the Mont Alto data network must be submitted in writing to the Director of Information Technology and must include a comprehensive statement of need.  The Director of Information Technology will review the request and provide a written response.

Requirements

Secure remote access is strictly controlled via the Mont Alto VPN appliance.  Circumvention of security measures to gain remote access to the Mont Alto data network is strictly prohibited.

Authentication is controlled via the user's local domain authentication credentials and is subject to policy PSU-MA-IT-005, Password Policy.

Only computers which are managed by the Mont Alto Information Technology Services Department may be used to access the Mont Alto data network remotely.  If necessary, a mobile computer may be requested to use for the purposes of remote access to the Mont Alto data network at the discretion of the Director of Information Technology.

CROSS REFERENCE

Other policies that should also be referenced:

AD20 - Computer and Network Security
PSU-MA-ITS-000 – End User Computer Agreement
PSU-MA-ITS-004 – Acceptable Use and Security Policy
PSU-MA-ITS-005 – Password Policy
PSU-MA-ITS-006 – Anti-Virus Policy
PSU-MA-ITS-009 – Firewall rule and Exception Policy

POLICY HISTORY

Ratified June 5, 2009