Virtual Private Network (VPN) Services Policy

Purpose: To outline the purpose and approved use of Pittsburg State University VPN Services.

Applies to: All faculty, staff, and consultants using VPN Services at Pittsburg State University.

Policy:

General Provisions

In an effort to increase the security of information technology (IT) systems at PSU, the Information Technology Services (ITS) has limited access to some computing resources. The VPN is designed to provide secure/encrypted access to computing resources on the PSU network. It allows, among other things, a method to connect to PSU computing resources as if the user were locally connected to the PSU network. This allows greater functionality and security than other remote access techniques.

Users should be aware that routing schemes, network configurations, and security measures can be changed without notice by ITS or by the user's internet service provider (ISP), which may affect the user's ability to perform specific functions with the VPN.

Use of the VPN service at PSU is a privilege, which comes with responsibilities for both departments and users. All other policies covering the use of PSU computing resources by authorized users are still in effect when accessed from remote locations, as are all regulations (e.g., HIPAA and FERPA) that protect the confidentiality and integrity of information entrusted to PSU's stewardship. Users should not assume the confidentiality of information traveling through the VPN.

VPN Accounts

• As with all PSU information technology resources, clients using VPN must follow the PSU Acceptable Use Policy.
• VPN access is for users (faculty, staff, and consultants) who need access to campus computing resources that are not available from off-campus networks.
• User accounts are created at the request of a departmental representative or the employee's supervisor. The employee must read and accept the conditions of this policy before using the VPN.
• VPN access for third parties (e.g., software consultants and support personnel) to support on-campus systems must be requested by a PSU employee. In addition, the third party must complete and sign a nondisclosure agreement if required by PSU.
• VPN access can be terminated by a departmental representative, the employee's supervisor, at the employee's request, or by ITS.

ITS Responsibilities

• VPN access to PSU computing resources will be set up and managed only by the ITS Network and Systems group. No other department may implement VPN services.
• ITS reserves the right to monitor for unauthorized VPNs and disable access for those devices performing non-sanctioned VPN services.
• All network activity during a VPN session is subject to PSU computing policies and may be monitored for compliance.
• ITS will provide the VPN client software and instructions for installing the software.

User Responsibilities

• By using the VPN with personal equipment, users must understand that while they are connected through VPN, their computers become an extension of the PSU network and must follow the same guidelines established for the use of PSU-owned equipment.
• Only VPN client software distributed by ITS may be used to connect to the PSU VPN. Approved users can download the VPN client and installation instructions from GUS.
• Approved users are responsible for the installation of the VPN software.
• Users with VPN privileges must ensure that unauthorized people are not allowed access to computing resources located on the PSU network.
• The VPN is configured not to allow the bridging of networks (split tunneling).
• All computers, including personal computers, connected to the PSU network via VPN or any other technology must have:
  • Up-to-date virus-scanning software with current virus definitions installed
  • All relevant security patches installed
  • Available firewall enabled

Consequences

Failure to abide by the requirements of this policy and/or any procedures developed to implement this policy may result in the termination of the user's VPN privileges.