OIT recognizes that users who frequently travel or work from home will often need remote access to their data. However, when using the Internet as a link to access this data, it is imperative that all communications be encrypted.
This policy is designed to provide the framework for configuring remote access to University owned computers and data.
This policy impacts any individual who has a device attached to Clarkson’s computer network and who deals with University owned computer data.
Remote access shall be granted only to users who can demonstrate a legitimate business need. This access must be approved by the requestor’s department head. Any remote access must be configured such that all communications between the remote machine and the end-user are encrypted at all times. All Clarkson-owned data must remain on Clarkson-owned computers at all times.
The following methods for remote access are approved:
a. Windows XP Remote Desktop
All Windows XP Professional desktop computers are capable of running a “Remote Desktop” service. Encryption settings shall conform to the guidelines set forth in the Acceptable Encryption Policy. Additionally, the Terminal Services Group Policy setting shall be enabled to “Always prompt client for password.” A firewall rule shall be enabled on any server to restrict access to this service to 184.108.40.206/24.
b. PC Anywhere 10.5 or greater
All versions of Symantec PC Anywhere 10.5 or greater are capable of encrypting their traffic. Computers using this software must be configured for encryption before the service is enabled. This encryption shall conform to the guidelines set forth in the Acceptable Encryption Policy.
c. OpenVPN tunnel
A server has been established to allow users to utilize virtual private network (VPN) tunnels to access their data. The form of encryption used by this connection shall conform to the guidelines set forth in the Acceptable Encryption Policy.
Should an end user require assistance configuring remote access, they should contact the HelpDesk for further assistance.
Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including a formal written letter of corrective action.
220.127.116.11/24 – The administrative subnet used for privileged access to IT resources
7.0 Revision History
Draft Policy v0.1 – 06 June 2005 – jfiske
Draft Policy v0.2 – 09 January 2006 – jfiske
Draft Policy v0.3 – 10 February 2006 – jfiske
Approved Policy v1.0 – 4 November 2013 – jfiske