Virtual Private Network (VPN) Policy

1.0 Purpose

The purpose of this policy is to provide guidelines for Remote Access, IP Sec, or Virtual Private Network (VPN) connections to the University of Kansas, School of Medicine - Wichita network.

2.0 Scope

This policy applies to all University of Kansas, School of Medicine - Wichita employees, students, faculty, volunteer faculty, residents, contractors, consultants, temporaries, and other workers including all personnel affiliated with third parties utilizing VPNs to access the University of Kansas, School of Medicine - Wichita network. This policy applies to implementations of VPN that are directed through an IP Sec Concentrator.

3.0 Policy

Approved University of Kansas, School of Medicine - Wichita affiliates and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPNs, which are a "user managed" service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees. Further details may be found in the Remote Access Policy . You can review our policies on our website at http://wichita.kumc.edu/nts/policies .

Additionally,

1. It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to University of Kansas, School of Medicine - Wichita internal networks.
2. VPN use is to be controlled using either a one-time password authentication such as a token device or a public/private key system with a strong pass phrase.
3. When actively connected to the university network, VPNs will force all traffic to and from the PC over the VPN tunnel: all other traffic will be dropped.
4. Dual (split) tunneling is NOT permitted; only one network connection is allowed.
5. VPN gateways will be set up and managed by University of Kansas, School of Medicine - Wichita Information Technology Services group.
6. All computers connected to University of Kansas, School of Medicine - Wichita internal networks via VPN or any other technology must use the most up-to-date anti-virus software; this includes personal computers.
7. VPN users will be automatically disconnected from University of Kansas, School of Medicine - Wichita's network after two hours of inactivity. The user must then logon again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open.
8. The VPN concentrator is limited to an absolute connection time of 10 hours. There is no notification when the connection is dropped due to reaching the 10 hour limit.
9. Users of computers that are not University of Kansas, School of Medicine - Wichita-owned equipment must configure the equipment to comply with University of Kansas, School of Medicine - Wichita's VPN and Network policies.
10. Only IT Services provided and approved VPN clients may be used.
11. By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of University of Kansas, School of Medicine - Wichita's network, and as such are subject to the same rules and regulations that apply to University of Kansas, School of Medicine - Wichita-owned equipment, i.e., their machines must be configured to comply with the University of Kansas, School of Medicine - Wichita security policies.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Top