Purpose

The Macalester College remote access Virtual Private Network (VPN) allows users to connect to the Macalester network from off-campus in order to access Macalester resources that are not directly accessible over the Internet.

Scope

This policy governs appropriate use of VPN by all Macalester College users.

Policy

Remote users and endpoints connecting to VPN become an extension of the Macalester network and are therefore subject to the same network use guidelines and policies extended to any other user or host on the network in addition to the following requirements:

  • It is the responsibility of users with VPN privileges to ensure that unauthorized users are not allowed access to Macalester’s internal networks.
  • All endpoints that access VPN must adhere to and pass any posture criteria set by the Information Security Manager.
  • It is the responsibility of supervisors and department heads to:
    • determine, in consultation with ITS, which of their office/department’s college business activities can and cannot be performed via VPN from off-campus;
    • determine under what circumstances it is appropriate for an employee to use VPN to conduct college business, and to request the approval of Employment Services when necessary;
    • communicate the above to their employees.
  • All costs associated with network access from off-campus are the responsibility of the VPN user.
  • Only VPN software/clients provided by ITS can be used to connect to VPN.
  • It is the responsibility of all VPN users to keep all credentials, multi-factor methods, and devices used to connect to VPN secure.
  • Some services over VPN are accessible only on Macalester owned endpoints.
  • Personally owned endpoints that fail to meet minimum security standards of Macalester owned endpoints will not be allowed access to VPN.
  • ITS will only support VPN clients installed on Macalester owned endpoints.

Enforcement

Any user found to have violated this policy will be subject to revocation of certain privileges or services, including but not limited to loss of remote access rights.

Published: August 2019