Home Policies and Procedures Remote Access Policy

Remote Access Policy

Purpose

The purpose of this policy is to define standards for connecting to the Texas Christian University network from any remote host. These standards are designed to minimize the potential exposure to the University from damages which may result from unauthorized use of university resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc.

Scope

This policy applies to all University employees, students, and affiliates including vendors and agents with a university owned or personally-owned computer or workstation used to connect to the TCU network. This policy applies to remote access connections used to do work on behalf of TCU or for personal business, including reading or sending email and viewing intranet web resources.

Remote access implementations that are covered by this policy include, but are not limited to, dial-up modems, DSL, and cable modems, etc.

Policy

General

  • It is the responsibility of TCU employees, students, or affiliates with remote access privileges to the university network to ensure that their remote access connection is given the same consideration as the user’s on-site connection.
  • Please review the various computing policies located on http://security.tcu.edu including the following:TCU Information Security Policy
    TCU Password Policy
    TCU Computing Resources Policy
  • These policies can be read in their entirety on our website at http://security.tcu.edu
  • All TCU faculty and staff will be granted remote access privilege as part of their normal network access. Students will not be granted remote access privileges.
  • Affiliates (personnel that are not faculty, staff or students at the University) who require remote access privileges will be granted access on a case by case basis. Affiliations may be requested by faculty and staff and are subject to an approval process. Affiliations are valid for a maximum of six months and are renewable
  • Dial-up connections will have only the same access as internet users.
  • No devices or software may be installed that allows remote access to the TCU network such as modems, wireless access points, or VPN servers. All remote access will be provided centrally by Information Technology.

Requirements

  • Secure remote access must be strictly controlled. Control will be enforced via password authentication. For information on creating a strong pass-phrase see the TCU Password Policy.
  • At no time should any TCU employee provide their username or password to anyone, not even family members.
  • TCU employees and affiliates with remote access privileges must ensure that their University owned or personal computer or workstation, which is remotely connected to the university network, is not connected to any other external network at the same time.
  • Reconfiguration of a home user’s equipment for the purpose of split-tunneling or dual homing is not permitted at any time.
  • All hosts connecting to internal system not generally available to all internet users will connect through a VPN session to the university’s centrally managed VPN server unless special dispensation is requested and granted
  • External contractors may be granted access to internal hosts without using a VPN session if there is a business reason and special dispensation is requested and granted. Only access from static IP addresses will be granted.
  • Only supported remote control software will be allowed to communicate from the VPN server to internal hosts unless specifically requested and approved. Currently Microsoft Remote Desktop and Timbuktu are supported.
  • All hosts that are connected to TCU’s networks via remote access technologies must use the most up-to-date anti-virus software, and be up-to-date on available patches. This includes personal computers.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Definitions

Cable Modem Cable companies such as AT&T Broadband provide Internet access over Cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps. Cable is currently available only in certain communities.

Dial-up Modem – A peripheral device that connects computers to each other for sending communications via the telephone lines. The modem modulates the digital data of computers into analog signals to send over the telephone lines, then demodulates back into digital signals to be read by the computer on the other end; thus the name “modem” for modulator/demodulator.

Dual Homing – Having concurrent connectivity to more than one network from a computer or network device. Examples include: Being logged into the University network via a local Ethernet connection, and dialing into AOL or other Internet service provider (ISP). Being on a TCU-provided Remote Access home network, and connecting to another network, such as a spouse’s remote access. Configuring a router to dial into TCU and an ISP, depending on packet destination.

DSL – Digital Subscriber Line (DSL) is a form of high-speed Internet access competing with cable modems. DSL works over standard phone lines and supports data speeds of over 2 Mbps downstream (to the user) and slower speeds upstream (to the Internet).

Remote Access – Any access to the TCU network through a non-university controlled network, device, or medium.

Split-tunneling – Simultaneous direct access to a non-University network (such as the Internet, or a home network) from a remote device (PC, PDA, WAP phone, etc.) while connected into the TCU network via a VPN tunnel. VPN Virtual Private Network (VPN) is a method for accessing a remote network via “tunneling” through the Internet.