Secure Remote Access

• The approved remote access methods for off-campus access are Virtual Private Network (VPN) and Secure Shell (SSH) for registered hosts (servers).
• For on-campus remote access to high-risk, restricted and/or confidential records, only secure and encrypted remote control tools should be used such as Remote Desktop or SSH (instead of telnet). Any unencrypted remote control tools should not be used, such as telnet and VNC.
• Remote access tools used from off-campus to access systems on campus can only be used when in conjunction with the VPN client.
• The use of remote control services such as GoToMyPC.com are discouraged.
• Individuals who remotely access University servers may only download replicated University data, such as student records, onto a university-owned computer(s). According to University Policy this means that replicas of any high-risk, restricted and/or confidential data are not allowed to be stored on non-university or personally owned computers.
• Any high-risk, restricted and/or confidential data temporarily on a non-university or personally owned computer must be entirely deleted from such computer and equipment.

• Failure to adequately protect university data.
• Evidence of security compromise in login credentials and/or hardware or software used for access.
• Any violation of the WSU Acceptable Use Policy (PPM 10-2).
• At the discretion of a dean or supervisor.

Blocked access may be reinstated with verification that the problems that resulted in access being blocked have been adequately addressed and resolved.

• Antivirus software, with daily updates enabled and full system scans enabled.
• Patched with the latest approved security patches, including those for Internet Explorer.
• Windows Update must be enabled and set to auto-install updates.
• A secure and encrypted remote-control application.
• VPN software installed and used whenever the remote control application is being used.
• Personal firewall.
• A technology or process for detecting and removing spyware.

Individuals must coordinate with their departmental computing support person to determine which specific vendors' tools to use and to obtain information on how the tools will be supported. To receive Service Desk support, staff members must use the listed tools and run Windows XP, MAC or Linux operating system.

• Cisco VPN Client - provides a secure connection between the remote computer and the WSU campus.
• McAfee VirusScan - VirusScan protects against viruses and worms, while the ePo utility allows controlled DAT updates and reporting of problems from VirusScan.
• Microsoft Remote Desktop

Departmental computing support personnel may alternatively specify a different set of tools or may choose to provide a computer that is pre-built and includes the necessary tools. Finally, staff members have the option of selecting their own tools, but support will not be provided for vendor tools not listed above.

Third party users must have a WSU sponsor to complete the Remote Access Registration form located on WSU’s Portal web page on their behalf.

Third parties must adhere to all University policies and standards to ensure University resources are adequately protected.

• The University VPN will be configured to allow remote VPN access to WSU’s network.
• Management of the VPN concentrator is the responsibility of the Network Security Administrator.
• The VPN concentrator must be configured to not use split tunneling, to reduce security risks. By not allowing split tunneling all traffic will go through the VPN “tunneled” connection. This means a home user who is connected through a VPN connection will not be able to connect to a networked printer or other networked resources on a home network.
• Any VPN session after 30 minutes of inactivity will be disconnected.