Kenyon College Virtual Private Network (VPN) Policy
I. Purpose The purpose of this policy is to provide guidelines for Remote Access Virtual Private Network (VPN) connections to the Kenyon College network. Please look at Section V for definition of VPN.
II. Scope
This policy applies to all Kenyon College employees utilizing VPN to remotely access the Kenyon College network. This policy applies to implementations and use of VPN that are directed through Kenyon College VPN Concentrator.
III. Policy
Approved Kenyon College employees may utilize the benefits of VPN, which is a "user managed" service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees. Additionally,
- It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to Kenyon College internal networks.
- VPN use is to be controlled using a one-time password authentication, every time you want to remotely connect to the Kenyon College Network.
- VPN users will be automatically disconnected from Kenyon College 's network after 20 minutes of inactivity. The user must then logon again to reconnect to the network.
- When actively connected to the college network, VPN will force all traffic to and from the PC over the VPN tunnel: all other traffic will be dropped.
- Dual (split) tunneling is NOT permitted; only one network connection is allowed.
- VPN gateways will be set up and managed by LBIS network operational groups.
- All computers connected to Kenyon College internal networks via VPN must use an anti-virus software that is the corporate standard, with most current definitions; this includes personal computers. LBIS is at this stage working with Symantec Endpoint Protection. All VPN users must have Kenyon provided Symantec Anti-virus installed on their machines.
- Only Kenyon College approved CISCOVPN clients may be used.
- By using VPN technology with personal equipment, users must understand that their machines are an extension of Kenyon College 's network, and as such are subject to the same rules and regulations that apply to Kenyon College-owned equipment.
IV. Enforcement
Any employee found to have violated this policy may lose the privileges to remote access the Kenyon College network using the VPN.
V. Definitions
VPN | VPN (Virtual Private Network) is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the Kenyon College's private network to the remote site or employee. |
VPN tunnel | Secure Path created between the Kenyon College 's network and remote employee's home machine. |
Remote Access | Accessing the Kenyon College Network from off-campus using an Internet Service provider |
Dual (split) tunneling | In a VPN context, "split tunneling" is the term used to describe a multiple-branch networking path. A tunnel is split when some network traffic is sent to the VPN server and other traffic is sent directly to the remote location without passing through the VPN server. |
VPN Concentrator | The network equipment that provides VPN service and verifies the user validity and access rights. |
VI. Revision History
No revision at this point.
If you need further assistance you can call Niranjan Davray in LBIS at x5847, or email davrayn@kenyon.edu.
For more information on the VPN client, you may visit www.cisco.com.