Remote Access Policy
Office Responsible for this Policy: Library & Technology Services
Applies to: All Wellesley College employees, contractors and agents
(Note: Highlighted text reflects changes from the latest revision)
1.0 Policy Statement
The Remote Access Policy defines standards for connecting to the Wellesley College network from any host.
2.0 Overview & Purpose
Remote access to technical resources via VPN (Virtual Private Network) has been commonplace for several years now. Typically, a remote user connecting from home or anywhere outside the campus network uses a broadband provider such as Comcast or Verizon and is on the provider’s network. By invoking the VPN software, which requires user authentication with College credentials, an encrypted connection is created between your off-campus Internet-connected computer and the Wellesley campus network. As a result, the computer from home will have very similar access to the network resources that a computer on the College network has.
This policy is necessary because we have an obligation to protect College resources and we have very little knowledge of the remote computer and how secure it is. The standards outlined in this policy are designed to minimize the potential threat to Wellesley College information technology resources and thereby protect sensitive college data.
This policy applies to all Wellesley College employees, contractors and agents (hereafter referred to as “user”) with a Wellesley College-owned or personally-owned computer or workstation used to connect to the Wellesley College network. This policy applies to remote access connections used to do work on behalf of Wellesley College including reading or sending email and viewing intranet web resources.
It is the responsibility of Wellesley College users with remote access privileges to Wellesley College’s network to ensure that their remote access connection is given the same consideration as the user's on-site connection. It also their responsibility to protect their user credentials to prevent unauthorized users from accessing the Wellesley College network. Any user authorized with remote access bears responsibility for the consequences should the access be misused.
Secure remote access must be strictly controlled. Control will be enforced via domain password authentication. For information on creating a strong domain password see Wellesley College’s Password Guidelines.
The login page for the VPN will explicitly state the responsibilities of the user, specifically the need to keep the operating systems and virus protection and malware protection software updated on the remote computer. For minimum configuration requirements, see the “Computing Resources for Remote Access”. The login page will also provide a link to the Wellesley College Acceptable Use Policy, which outlines general responsibilities a user must follow when accessing the network, whether remotely or on campus.
At no time should any Wellesley College user provide their login or email password to anyone, including family members. Wellesley College users with remote access privileges must ensure that their Wellesley College-owned or personal computer or workstation, which is remotely connected to the Wellesley College network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.
4.3 Additional Requirements for Accessing Secure Data Remotely
For users that wish to access our secure resources remotely via Secure SSL VPN, they will be required to complete a mandatory online data security training and sign a statement agreeing to safeguard the data as required in the Written Information Security Program (“WISP”). All Administrative staff are already required to take this training and sign the agreement, so they will be eligible for secure SSL-VPN access if they meet the computer requirements listed above.
4.4 Additional Requirement for Contract Workers
Any contract worker requesting remote access privileges to the Wellesley College network, systems and data contained therein must submit a signed copy of the System Access Agreement for Contract Workers before he or she will be granted access. In signing the agreement, the contract worker acknowledges that he or she has read and agrees to abide by this Remote Access Policy and the Wellesley College Acceptable Use Policy. If the contract worker will have access to secure data, he or she will be required to complete the online security awareness training as outlined in section 4.3 above.
Failure to abide by the responsibilities outlined in this policy will result in the user’s remote access capability being revoked until he or she produces proof that the problems have been remedied. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Any contractor that violates this policy will have access privileges revoked immediately and will be subject to fines that are at a minimum equivalent to any and all damages incurred by the College. He or she may additionally be subject to legal action.
6.0 Policies Cross-Referenced
7.0 Effective Date
This policy was implemented 5/11/11, and revised 10/8/13 and 9/10/14.