Remote Access Procedure
The University of North Carolina at Greensboro
Policy Reference: Security of Networks and Networked Data
Approved: November 30, 2006
Document Maintainer: Information Technology Manager, ITS - Data and Voice Operations
Purpose
This procedure addresses the following sections of the related policy:
Section III.C
- The public sections of the University's Web site are available to any user through remote access.
- Remote access connections, whether originating from University-owned or personal equipment, should be given the same security consideration as an on-site connection.
- Faculty, staff, or students are the only ones permitted to remotely access University network resources and only through ITS-supported remote access technology.
- All remote access will be encrypted, and authenticated using ITS enterprise authentication services.
- Approaches to network traffic that threaten security are strictly prohibited.
Scope
This procedure covers all remote desktop style (remote control) access from off campus. Faculty, staff, and students with campus offices and vendors are implicitly covered. Students will not have remote access to computers within the residence hall from off campus.
Responsible Parties
- Faculty, staff, and students with campus offices
- Vendors providing application server support
Procedure
Remote access is defined as technology that permits a user to connect to a campus machine and use all of the software and resources on that machine. At the time of this writing, recognized popular remote access software includes PC-Anywhere, Microsoft Remote Desktop (RDP), and VNC.
ITS will actively track popular remote access software and prevent communications from traversing the campus network perimeter that fall within this category.
Users requiring Remote Access must install virtual private networking (VPN) software and use it for network transport purposes in the Remote Access context. VPN software presents the remote machine as a logical part of the campus network.
Once the software is properly configured and running, clients may then use ITS approved remote access software to connect to campus located computers as needed. Use of this software requires Enterprise Authentication credentials common to other applications on the UNCG network.
Categories of Remote Access
- Accessing Secured Servers for Systems Administration Purposes:
Whether on-campus or off-campus, vendors and University systems/application administrators are required to use VPN and approved remote access software. Vendors will be further restricted to using only those machines that fall within their defined scope of work. VPN transport connections in this category are presented as a logical part of the secured server farm network. - Campus Desktop Computer Access:
From off-campus, all remote desktop access requires the use of VPN and approved remote access software. VPN transport connections in this category are presented as a logical part of the campus employee network population.
Installation Requirements
- Accessing Secured Servers for Systems Administration Purposes:
Whether on-campus or off-campus, vendors and University systems/application administrators are required to use VPN, and approved remote access software. Vendors will be further restricted to using only those machines that fall within their defined scope of work. VPN transport connections in this category are presented as a logical part of the secured server farm network. - Campus Desktop Computer Access:
From off-campus, all remote desktop access requires the use of VPN, and approved remote access software. VPN transport connections in this category are presented as a logical part of the campus employee network population.