Remote Access Policy

Overview

Purpose

The purpose of this policy is to define standards for connecting to the University of St. Thomas (UST) network from remote devices. These standards are designed to minimize the potential exposure to the University from damages which may result from unauthorized use of university resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc.

This policy is guided by the following objectives:

  1. Preserve UST’s ability to operate and maintain its IT Resources
  2. Protect the security and functionality of university IT Resources and the data stored on those resources
  3. Safeguard the privacy, property, rights, and data of users of university IT Resources
  4. Preserve the integrity and reputation of the University
  5. Comply with applicable federal, state, and local laws
  6. Comply with applicable university policies, standards, guidelines, and procedures

Responsibilities

The division of Information Resources and Technologies is responsible for the maintenance of this policy, and for responding to questions regarding this policy. The Chief Information Officer (CIO) or delegate is the responsible officer.

Scope

This policy applies to all University employees and affiliates including vendors and agents with a university owned or personally-owned devices used to connect to the UST network. This policy applies to remote access connections used to do work on behalf of UST or for University related business. Remote access includes all direct connections to university systems and networks from outside of the UST network.

UST faculty or staff having a valid UST username may request Virtual Private Network (VPN) access to the UST network by consulting with their technology consultant. The VPN includes hardware and/or software technology used to provide secure access to the university network.

VPN Terms of Use

Any user found to have violated the terms of use may be subject to loss of privileges or services and other disciplinary action.

  1. It is the responsibility of all UST employees and authorized third parties with VPN privileges to ensure that unauthorized users are not allowed access to internal University networks and associated content. At no time should any UST employee provide their username or password to anyone, not even family members.
  2. All network activity during a VPN session is subject to UST policies. All individuals and machines, while using UST's VPN technology, including university-owned and personal equipment, are a de facto extension of UST's network, and as such are subject to the University's Responsible Use Policy.
  3. All existing university policies related to data standards, data privacy, and confidentiality should be followed when connecting to university systems remotely and/or via the VPN.
  4. All devices connected to UST's internal network via the VPN or any other technology must use a properly configured, up-to-date operating system and anti-virus software; this includes all personally-owned devices. Antivirus software is available for UST faculty and staff.

Guidelines for Access

  • Remote access to the UST network is only allowed via a VPN connection, or through approved designated secure terminal services.
  • It is the responsibility of UST employees or affiliates with remote access privileges to the university network to ensure that their remote access connection is given the same consideration as the user's on-site connection. Please review the UST’s computing policies located the Responsible Use Policy webpage.
  • Generic accounts shall not be granted VPN access due to lack of accountability. These accounts are typically shared among several users and there is no way to trace a specific user back to the account at any given time.
  • Student accounts shall not be granted VPN access.
  • Vendor accounts may be granted VPN access on a case by case basis. Vendor accounts are setup specifically for vendors to access UST resources for support purposes. Vendor accounts must be sponsored by a UST employee. The account sponsor bears responsibility for the account and its use by the vendor. If the vendor account does not already exist, a request to establish one must be made at the same time VPN access is requested.
  • All VPN account holders are subject to the VPN Terms of Use. In order to use the VPN, you need a connection to the Internet from your off-campus location. Dialup Internet connections are not supported.
  • In order to access UST’s VPN your device will need to meet the System Requirements for VPN usage defined on the Working Remotely Website.
  • Device specific performance is not guaranteed.
  • VPN users will be automatically disconnected from the UST network after a period of inactivity. Save your work often.
  • Only resources hosted by St. Thomas (such as Banner, Cognos, MyStorage) are secured by the VPN. Other resources accessed during a VPN session (such as Facebook, CNN, Google Mail) are not secured by the UST VPN.
  • Exceptions to this policy will be handled on a case by case basis.
  • If you have any questions related to the use of the UST VPN, please contact the Tech Desk at IRTHelp@stthomas.edu.