PURPOSE:
The Virtual Private Network Access Policy exists to protect SPC information technology resources. Security of the information technology resources that reside on the SPC domain is ensured in part through restricting remote access. Virtual Private Network (VPN) allows SPC users (Regular and Visitor Account users as defined in Policy IB) to securely access the university’s network via an existing connection to the Internet from a remote location.
Security, Internet access and configuration of the connecting computer are solely the responsibilities of the user account holder making the connection and must comply with the SPC acceptable use policy (CJ-Acceptable Use)
SCOPE:
The SPC Virtual Private Network Access policy applies equally to all individuals with authorized VPN accounts accessing South Plains College information technology resources.
POLICY STATEMENT:
- It is the responsibility of individuals with VPN privileges to ensure that unauthorized users are not allowed access to the SPC network using their security credentials.
- VPN authentication is controlled using SPC user account credentials.
- VPN gateways are managed by SPC-IS.
- All computers connected to the SPC network via VPN or any other technology must use the most up-to-date SPC approved anti-virus software regardless of the type or ownership of the device.
- VPN users will be automatically disconnected from SPC's network after a designated time out period as determined by SPC-IS. The user must then logon again to reconnect to the network.
- Pings or other network utilities must not be used to keep the VPN connection open.
- Non SPC-owned equipment must be configured in compliance with SPC policies and procedures.
- If using VPN technology with personal equipment, users must understand that their machines are a de facto extension of SPC's network, and VPN users and privately owned equipment must be in compliance with SPC policies and procedures.
- VPN access does not guarantee access to all campus systems/applications. Access to systems/applications will be evaluated on a case-by-case basis.
DEFINITIONS:
Unauthorized user: A person who has not been given official permission or approval to access SPC systems.
Virtual Private Network (VPN): Extends a private network across a public network, like the internet, to provide remote offices or individuals with secure access to the SPC network using special hardware and software.
VPN Gateway: (Also known as a VPN Router) is a connection point that connects two networks which are connected by a non-secure network such as the Internet.
Related Policies, References and Attachments:
An index of approved SPC-IS policies can be found on the SPC Policies website at https://www.southplainscollege.edu/human_resources/policy_procedure/. The SPC Information Security Program and SPC Information Security User Guide are also available on the Information Technology Services Policies website.
Approved by: Executive Council, 9/17/2018
Next Review: October 1, 2020