What is a Virtual Private Network?
What are the risks involved in using a Virtual Private Network?
When do I need to fill out the VPN Access Request Form?
When do I need to fill out the Firewall Exception Request Form?
Do I need to submit a VPN or Firewall Exception form to get access to the internet?
Do I need to submit a VPN or Firewall Exception form to get my emails?
When requesting VPN Access, what other security measures should I know about?
Virtual Private Networks (VPN) provide easy access from the internet to a private network and its internal resources.
VPN security is only as strong as the methods used to authenticate the users (and the devices) at the remote end of the VPN connection. Unguarded computing habits can lead to malware infections potentially resulting in a multitude of detrimental effects, from widespread exposure of sensitive information stored on the device, to compromising the performance and security of the entire City College network environment.
VPN access is an ideal solution for remotely access on-campus systems for temporary purposes (e.g. performing occasional upgrades, configuration changes, or system monitoring). This solution is optimal if you, and only you, need to gain access to your CCNY system from outside the campus. Also, when a third-party support vendor needs to access a CCNY system, the CCNY “owner” of that system will need to submit a VPN form on their behalf. top
If you are hosting a service on campus that requires continuous access from off campus, e.g. a website. You can find the Firewall Exception Request Form on the Security Authorization Forms page.
No, the College does not block access from the College to the internet unless a connection is identified as malicious.
No, email servers managed by OIT are already exempt and it is not necessary to file for an exemption. top
If you are granted VPN access, you are responsible for keeping critical software updates and malware protection up to date for all network accessible devices you administer. You should also disable unnecessary features and configuration settings to reduce risks and vulnerabilities. These measures should be taken for devices on campus as well as devices that will be used to access them from off campus.
As part of the VPN access vetting process, your devices that are hosted on campus will be subject to an initial vulnerability scan followed by routine scheduled scans; critical vulnerabilities identified by these scans must be remediated immediately to obtain and retain VPN access.
To help maintain campus-based resources, CCNY provides McAfee Endpoint Protection and LANDesk Computer Management software. Find out more about McAfee and LANDesk. top
Please take time to explore information security resources on the CCNY Information Security website.
Last Updated: 12/06/2019 13:28