7.20.09 Remote Access      

Printable Version

Approved on: 02/01/2007

By: Administrative Council

Effective Date: 02/01/2007

Policy Summary

Remote access to information technology resources (switches, printers, routers, computers, etc.) and to sensitive or confidential information (social security numbers, credit card numbers, bank account numbers, etc.) are only permitted only through secure, authenticated and centrally-managed access methods.

Applicability/Eligibility

Students

Faculty

Staff

Administration of Policy

Mandating Authority:
Administrative Council

Responsible Office(s):
Information Systems and Technology, 13th floor, Commerce Building, 3-4357

Responsible Executive(s): AP for Information Systems and Technology

Background: None

Committee Members: None

Contacts
Position TitleCampus LocationPhone Number and/or E-mail Address
Information Systems and Technology13th Floor, Commerce Bldg.404-413-4357

Full Policy Text

Remote access to information technology resources (switches, printers, routers, computers, etc.) and to sensitive or confidential information (social security numbers, credit card numbers, bank account numbers, etc.) are only permitted only through secure, authenticated and centrally-managed access methods. Authorized users of Georgia State University's computer systems, networks or data repositories are only permitted to remotely access these systems, networks or data repositories for the conduct of university-related business.

Rationale or Purpose

Increases in non-traditional teaching methods and the increased mobility of faculty and students have made remote access to centralized university assets increasingly important. Opening uncontrolled or unsecured paths into any element of the university network or internal computer systems presents additional risk to the entire university infrastructure. Establishing policy centrally and issuing standards from a central authority allows a minimum number of penetrations of the security of the network while still allowing flexibility in the actual remote connection technology used.

Policy History

Remote Access

Cross References

None

Appendix

None

Additional Information

Standards

A virtual private network (VPN) connection must be established during the off-site remote access of university information technology resources (switches, printers, routers, computers, etc.).

Departmental hosts may provide dial-up modem service ONLY IF that service is limited exclusively to university members and the host prevents connection to the GSU network for those dial-in users.

The Information Security Department will be contacted when the use of a VPN is not viable, when additional controls are required, or for "pass list" requests.

Remote Access to Sensitive Information. Systems that contain sensitive student, personnel and financial data will be available for off-site remote access through a centrally managed VPN that provides encryption and secure authentication. Access may be revoked at any time for reasons including non-compliance with security policies, request by the user´s supervisor or negative impact on overall network performance attributable to remote connections.

Remote access privileges for university information will be reviewed upon an employee┬┤s change of departments.

Access/Authentication. The access and authentication system for remote access will be centrally managed.

Endpoint Security. External computers that are used to administer university resources or access sensitive information must be secured. This includes patching (operating systems and applications), possessing updated anti-virus software, operating a firewall and being configured in accordance with all relevant university policies/procedures.

Additional Helpful Resources