The purpose of this policy is to state the requirements for remote access to computing resources hosted at East Tennessee State University using remote access technologies.
In order to access computing resources hosted at East Tennessee State University from off-campus, use of ETSU remote access services is required. A remote access connection is a secured private network connection built on top of a public network, such as the Internet. Remote access provides a secure, encrypted connection, or tunnel, over the Internet between an individual computer (such as a computer off campus) and a private network (such as ETSU's). Use of remote access allows authorized members of the ETSU community to securely access ETSU network resources as if they were on the campus.
Allowing such connections is not entirely without risk. Remote access connections, by definition, allow an outside computer to connect directly to the University's network. This arrangement provides convenience for the remote worker, but bypasses any firewall restrictions that may be in place. This risk is particularly pronounced for remote access connections from privately owned computers, as the University cannot ensure the computer has sufficient protection configured (e.g. anti-virus, anti-spyware). The risk posed by ETSU-owned computers is still present, but to a lesser degree.
The Office of Information Technology (OIT) is responsible for implementing and maintaining the University's remote access services. Therefore, OIT is also responsible for activities relating to this policy. Accordingly, OIT will manage the configuration of the University's remote access Service.
ETSU employees, and authorized third parties (customers, vendors, etc.) may, under some circumstances, utilize remote access to access ETSU computing resources for which they have been granted access.
Regular, full-time ETSU faculty or staff employees that have a valid ETSU Domain User Account may request remote access to the ETSU network by completing a Remote Access Request Form. A letter of justification must accompany the request. The letter should address, in sufficient detail, what resources will be accessed and how they cannot be accessed by conventional means. Requests omitting a letter of justification will be returned to the requestor as incomplete. A copy of the Remote Access Request Form may be found in the forms section of the ETSU OIT website.
With the exception of RDG (see Operational Procedures, below) remote access is valid for a set period of time. Requestor should indicate the date remote access should take effect and the date access should expire. Remote access may be granted for a period of up to twelve months, after which remote access for the account will expire. Requestors will be notified via phone or email approximately thirty (30) days before remote access expires. Account holders may resubmit a Remote Access Request Form up to thirty (30) days before the remote access expiration date to continue remote access without disruption.
Guidelines for Access:
ETSU currently implements two separate remote access solutions:
Experience has demonstrated that RDG fulfills the needs of the majority of remote access users.
In order to use remote access, you need a connection to the Internet from your off-campus location. ETSU does not provide you with an Internet connection, your Internet Service Provider does. While dialup Internet connections may utilize a remote access connection, performance is very slow and is not recommended or supported.
The Chief Information Officer is charged with the responsibility to periodically review the policy and propose changes as needed.
Tuesday, August 9, 2011
Information Technology Governance Committee