Smeal College of Business
Services & Support About Search

Research Instruction & Information Technology Group

Virtual Private Network (VPN) Policy SCB - VPN - 01

Find information for Remote Access via IPSec Virtual Private Network (VPN) connections to the Smeal College of Business and/or Penn State University networks.

1.0 Purpose

The purpose of this policy is to provide guidelines for Remote Access via IPSec Virtual Private Network (VPN) connections to the Smeal College of Business and/or Penn State University networks.

2.0 Scope

This policy applies to all Smeal College of Business employees, contractors, consultants, temporary personnel, and other workers including all personnel affiliated with third parties utilizing VPNs to access the Smeal College of Business network. This policy applies to implementations of VPNs that are directed through an IPSec VPN Concentrator.

3.1  Policy

VPNs provide a method of encrypting data traffic when using an external insecure Internet Service Provider (ISP) or wireless access point. Smeal College of Business employees and authorized third parties (customers, vendors, etc.) may utilize the security benefits of VPNs. Further details may be found in the Smeal College of Business Remote Access Policy and Smeal College of Business Wireless Communication Policy.

Additionally,

  1. It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to Smeal College of Business internal networks.
  2. VPN access is to be controlled using Penn State’s central authentication system and/or a public/private key system with a strong Further details may be found in the Password Policy.
  3. VPN gateways will be set up and managed by the Smeal College of Business network
  4. All computers connected to the Smeal College of Business internal networks via VPN or any other technology must use the most up-to-date anti-virus software
  5. Users of computers that are not owned, provided or maintained by the Smeal College of Business must configure the equipment to comply with the Smeal College of Business VPN and Network policies.
  6. Only VPN clients approved by the Smeal College of Business RIIT Group may be used.
  7. By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of the Smeal College of Business network, and as such are subject to the same rules and regulations that apply to Smeal College of Business owned equipment,e., their machines must be configured to comply with all Smeal and University policies.

4.0 Enforcement

The Smeal College of Business Research Instructional and Information Technology Group (RIIT Group) has been authorized by the Dean of the Smeal College of Business to enforce this policy.

Any employee found to have violated this policy may be subject to disciplinary action by their Administrative unit, the College, or the University.

5.0 Definitions

Term Definition
IPSec VPN Concentrator A device in which VPN connections are terminated.

6.0 Revision History

06/04/2007 - Initial modification from COE policies, used with permission in conjunction with the Penn State IPAS project. http://www.ipas.psu.edu/

Printable PDF available

I Want To