VPN Access & Usage Policy

Table of Contents

• Need for Policy
• Definitions
• Statement of Policy
• Scope
• Exceptions
• Enforcement
• Attachments
• Approvals

I. Need for Policy

The deployment of VPN services will allow TRUMAN users to connect directly to the
TRUMAN network through the Internet. In order to allow this connectivity, secure
connection issues, performance issues, and bandwidth utilization criteria must be
addressed.

II. Definitions

• ITS – Information Technology Services
• ITAC – Information Technology Services Advisory Committee
• Intranet- Assets located on the TRUMAN network such as files, applications, servers,
printers, etc.
• IPSec – A secure network protocol used for VPN sessions.
• VPN Gateway/Concentrator – A device in which VPN connections and sessions are
terminated inside the TRUMAN network.
• Split Tunneling – Opening more that one VPN session at one time which doubles the
bandwidth required.
• VPN – Virtual Private Network
• Web – The Internet or World Wide Web
• Web Surfing – The searching for and accessing of various Internet web sites

III. Statement of Policy

Authorized TRUMAN faculty, staff and third parties (customers, vendors, etc.) may utilize
the benefits of a VPN. An existing connection to the Internet is required and is not
provided by TRUMAN State University. While dialup access can utilize a VPN
connection, performance is very slow and is not recommended
Requests must be made to the IT Service Center. Approval will be based on a demonstrated
need for remote VPN access. No reasonable request will be refused, but the process is
necessary to account for utilization of VPN services. Appeals may be made through the
normal channels.
Additionally,

1. It is the responsibility of those with VPN privileges to ensure that unauthorized users are
not allowed to access TRUMAN internal networks.

2. When actively connected to the TRUMAN network, the VPN will force all traffic to and
from the workstation over the VPN tunnel: all other traffic will be dropped.

3. Dual (split) tunneling is NOT permitted; only one network connection is allowed.

4. Users shall not use the VPN for web surfing that does not otherwise require it for access.
In other words, when the user has completed accessing the TRUMAN Intranet, they must
end the VPN session prior to normal web access. However, it is completely acceptable to
use the VPN to access TRUMAN specific resources such as the Library databases or
other resources requiring the session to be generated from the TRUMAN IP address
range.

5. VPN gateways/concentrators will be set up and managed by ITS.

6. All computers connected to TRUMAN internal networks via VPN or any other technology
must use properly configured, up-to-date anti-virus software; this includes all personallyowned
computers.
7. VPN users will be automatically disconnected from the TRUMAN network after thirty
minutes of inactivity. The user must then logon again to reconnect to the network. Pings
or other artificial network processes are not to be used to keep the connection open.

8. ITS reserves the right to configure the VPN concentrator to limit connection times to
normal business hours or as determined by demonstrated need.

9. Users of computers that are not TRUMAN-owned equipment must configure the
equipment to comply with all TRUMAN VPN and Network policies.

10. Only Cisco IP Sec VPN client may be used. Clients are available for all operating
systems and may be found on the ITS website.

11. By using VPN technology with personal equipment, users acknowledge that their
machines are a de facto extension of the TRUMAN network, and as such are subject to
the same acceptable use policy that applies to TRUMAN-owned equipment. Therefore
these systems must be configured to comply with any ITS Security Policies.

IV. Scope

This policy applies to all TRUMAN faculty, staff, contractors, consultants, temporary
employees, and all personnel affiliated with third parties utilizing VPN to access the
TRUMAN network. This policy applies to implementations of VPN that are directed
through IPSec Cisco VPN devices and authentication.

V. Exceptions

Any exceptions to this Policy must be approved in writing by ITS.

VI. Enforcement

If security is breeched as a result of a violation of this policy, the person guilty of such
violation may be subject to disciplinary action. ITS reserves the right to restrict any device
or connection that does not comply with this policy.

VII. Attachments

None.

VIII. Approvals

Approved by: ITAC – 11/24/04