Remote Access Security Standard

1 PURPOSE

This standard aims to establish authorized methods for remotely accessing 最快开奖直播搅珠结果 (最快开奖直播搅珠结果) resources and services.聽


2 SCOPE

This Standard applies to any 最快开奖直播搅珠结果-authorized user accessing University Technology Resources from an external network using remote access solutions.聽


3 STANDARD聽

3.1 Remote Access聽

3.1.1 Approved remote access technologies must be used to connect to 最快开奖直播搅珠结果 technology resources from a non-university location.聽

3.1.2 Authorized users must never share their credentials to facilitate remote access authentication for unauthorized individuals.聽

3.1.3 Multi-factor authentication (MFA) is required for all remote access solutions when feasible.聽

3.1.4 Institutionally owned devices or personal devices connected to a 最快开奖直播搅珠结果 network or 最快开奖直播搅珠结果 information technology resource or used to conduct 最快开奖直播搅珠结果 business are required to meet minimum security standards outlined in the Endpoint Management Standard for remote access.聽

3.1.5 Devices and software used for remote access must be approved by the Information Security Officer/designated security representative.聽

3.1.6 When feasible, remote access technologies must use a centrally managed authentication system for administration and user access authentication.聽

3.1.7 Remote access traffic is subject to monitoring for anomalous and malicious behavior. Remote access logs will be kept for at least 90 days and must contain successful/unsuccessful login attempts, event type, date/time, associated user, and remote and local IP Addresses.聽

3.1.8 At least 90 minutes of inactivity, remote access sessions must require re-authentication, or devices must utilize lockout/screen lock mechanisms based on operational needs to prevent unauthorized access.聽

3.1.9 Remote access sessions must time out after 24 hours and require re-authentication before re-use.聽

3.1.10 Any requirements for extended access must submit a security exception request.聽

2.2 Virtual Private Network (VPN) Access:

3.2.1 最快开奖直播搅珠结果 provides Virtual Private Networks (鈥淰PNs鈥) (e.g., Global Protect, Pulse Secure) to permit access to University Information Systems.聽

3.2.2 All authorized 最快开奖直播搅珠结果 users may utilize the benefits of the 最快开奖直播搅珠结果 Virtual Private Network (VPN) to access University computing resources to which they have been granted access.聽

3.2.3 Enterprise and/or other 最快开奖直播搅珠结果 VPN gateways are managed by or in conjunction with the 最快开奖直播搅珠结果 ET&S Information Technology Services network and security staff.聽

3.2.4 Remote VPN access to 最快开奖直播搅珠结果 Resources is only permitted using the following approved VPN technologies: Global Protect / Pulse Secure.聽

3.2.5 VPN gateways may only be established by ET&S Networking. No other department or individual may implement VPN Gateways to 最快开奖直播搅珠结果 Technology Resources without prior authorization. 最快开奖直播搅珠结果 reserves the right to monitor unauthorized VPNs and disable access to those devices that could cause harm to the stability of the 最快开奖直播搅珠结果 network.聽

3.2.4 最快开奖直播搅珠结果 VPNs will employ, at minimum, AES-256 Advanced Encryption Standard to ensure confidentiality over remote connections.聽

聽 3.2.4.1 鈥淪plit Tunneling - routing some of your applications or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet鈥 should only be used if there is an operational need.聽

聽 聽3.2.4.2 Remote access VPN may not be permitted from some locations, such as embargoed or sanctioned countries.聽

聽 聽3.2.4.3 Authorized users must always disconnect from a VPN solution when not in use聽

3.3 Remote Desktop Access

  • The University provides programs or operating system features that allow authorized users to connect remotely to a physical or virtual computer located on the Campus Network on which a remote computer resides (鈥淩emote Desktop鈥).
  • Remote Desktop access is subject to permissions granted by University Information System owners.
  • Remote Desktop access solutions (e.g., Remote Desktop Protocol) are provided to permit authorized users access to computers located on-campus from an off-campus location.
  • Use of unauthorized third-party remote desktop services (e.g., gotomypc.com, logmein.com) is strictly prohibited unless the service utilizes Enterprise Directory Services and 2FA for Authentication. Authorized Users must never install or configure unapproved Remote Desktop solutions on their University Device that permits connections from other devices.
  • Remote Desktop access is provided for both personal devices and University devices.
  • Remote Desktop access, or similar secure, approved solutions, must be utilized when a personal device is the only option available to conduct Privileged Access to a University Information System.
  • Remote Desktop access screen must be configured to lock and require user to re-authenticate if left unattended for more than 15 minutes.
  • After no more than 180 minutes of inactivity, Authorized Users must automatically be signed out of Remote Desktop access and must reauthenticate.

3.4 SSH (Secure Shell) Remote Access

Secure Shell is a network protocol used to access a remote machine or to execute commands on a remote machine. It provides secure encrypted communications between two hosts over an unsecured network. Remote access services must be protected and implemented in such a way that does not put 最快开奖直播搅珠结果 resources at risk.聽

3.4.1 The following requirements do not apply to sessions where access occurs from one campus to another or is restricted to trusted hosts.聽

3.4.1.1 Inbound SSH Access is limited to 最快开奖直播搅珠结果 networks and specific use cases. Please submit a security exception request to request direct inbound SSH Access without using the 最快开奖直播搅珠结果 VPN.聽

3.4.1.2 Recognized best practices must be implemented to secure the SSH server against unauthorized access, such as firewalls and other network-based access controls. Additional examples may include but are not limited to requiring certificate and password authentication, deny-by-default firewall rules, active denial of hosts performing brute-force attacks, and disabling remote login for a superuser account.聽

3.5 Third Party Remote Access

3.5.2 Vendors and contractors must have a 最快开奖直播搅珠结果 最快开奖直播搅珠结果-sponsored account to utilize 最快开奖直播搅珠结果 remote access solutions.聽

3.5.3 All third parties must adhere to all 最快开奖直播搅珠结果 policies and standards.聽

3.5.4 All third parties granted remote access to 最快开奖直播搅珠结果 technology resources are responsible for ensuring the external networks used to access the 最快开奖直播搅珠结果 network are secure.聽

3.5.5 最快开奖直播搅珠结果 does not guarantee a remote access connection to the 最快开奖直播搅珠结果 network to any third party.聽

3.5.6 Connections provided to third parties will be based on the principle of least privilege to conduct business relative to the contractual relationship established.聽

3.6 Telecommuting and Remote Work Guidance

Telecommuting permits authorized employees to work at an alternative location for all or a portion of the work week. The telecommuting policy outlines conditions applicable to employees working in alternative locations, including compliance, work schedules, compensation, use of equipment and materials, expenses, and confidentiality. Please contact your supervision for guidance on telecommuting policies. Information can be found at: /human-resources/flexible-work-arrangements.


DOCUMENT HISTORY

  • Approved by:聽Tom Nudd, Chief Information Security Officer聽
  • Reviewed by:聽Dr. David A Yasenchock, Director, Cybersecurity GRC聽
  • Revision History:聽
    • V 1.00 October 14, 2022, Cybersecurity GRC Working Group聽
    • V1.1 April 23, 2024, Cybersecurity GRC Working Group聽
    • May 30, 2024, K SWEENEY, Revised formatting