Chapter Five: Fiscal Affairs

Procedure Title: SouthArk Remote Access Services (VPN)
Based on: Board Policies 4 & 7
Procedure Number: 5.40a
Date Adopted/Revised: March 16, 2015; November 30, 2015; August 9, 2017

  1. The purpose of this procedure is to state the requirements for remote access to computing resources hosted at South Arkansas Community College (SouthArk) using remote access technologies.
  2. In order to access computing resources hosted at SouthArk from off-campus, use of SouthArk remote access services (VPN) is required. A remote access connection is a secured private network connection built on top of a public network, such as the Internet. Remote access provides a secure, encrypted connection, or tunnel, over the Internet between an individual computer (such as a computer off campus) and a private network (such as SouthArk's). Use of remote access allows authorized members of the SouthArk community to access SouthArk network resources securely as if they were on campus.
  3. Allowing such connections is not entirely without risk. Remote access connections, by definition, allow an outside computer to connect directly to the College’s network. This arrangement provides convenience for the remote worker, but bypasses any firewall restrictions that may be in place. This risk is particularly pronounced for remote access connections from privately owned computers, as the College cannot ensure the computer has sufficient protection configured (e.g. anti-virus, anti-spyware). The risk posed by SouthArk-owned computers is still present, but to a lesser degree.
  4. The Office of Information Technology (OIT) is responsible for implementing and maintaining the College’s remote access services. Therefore, OIT is also responsible for activities relating to this policy. Accordingly, OIT will manage the configuration of the College’s remote access service.
  5. SouthArk employees, and authorized third parties (i.e. vendors) may, under some circumstances, use remote access to access SouthArk computing resources for which they have been granted access.  Regular, full-time SouthArk faculty or staff employees that have a valid SouthArk Domain User Account may request remote access to the SouthArk network by completing a letter of justification. The letter should address, in sufficient detail, what resources will be accessed and how they cannot be accessed by conventional means (i.e. web services). Finally, the letter should include details about the accessing system’s operating system, patch level, and anti-virus and anti-malware software.  Requestor should indicate the date remote access should take effect and the date access should expire.
  6. Guidelines for Access:
    1. Temporary accounts shall not be granted remote access
    2. Student accounts shall not be granted remote access
    3. Clerical or support accounts shall not be granted remote access without prior telecommuting approval (vice president/cabinet endorsement required)
    4. Faculty and administrative accounts may be granted remote access
    5. Vendor accounts are set up specifically for vendors to access SouthArk resources for support purposes. Vendor accounts must be sponsored by a SouthArk employee. The account sponsor bears responsibility for the account and its use by the vendor. If the vendor account does not already exist, a request to establish one must be made at the same time remote access is requested.
  7. Operational Procedures:
    SouthArk currently implements the following remote access solutions:
    1. Juniper Junos Pulse (VPN)
      1. Allows user to connect to the SouthArk network from off-campus
      2. Requires software installation
      3. Restricted through NPS network policy
      4. Must be authorized by the President or a member of the Executive Cabinet
    2. Microsoft Remote / RealVNC Desktop
      1. Allows connection to the a specific computer on the SouthArk network from off-campus
      2. May require software installation
      3. Limited to vendor access with defined IP address source
    3. Real-time collaboration (LogMeIn, Bomgar, GoToAssist)
      1. Allows SouthArk personnel to temporarily grant access to a specific computer on the SouthArk network from off-campus (this is the preferred method for granting vendor access as the SouthArk employee is present and monitoring the session)
      2. May require software installation
  8. In order to use remote access, one needs a connection to the Internet from an off-campus location. SouthArk does not provide remote access users with an Internet connection, their Internet Service Provider does. While dial up Internet connections may use a remote access connection, performance is very slow and is not recommended or supported.
    1. Remote access users will be automatically disconnected from the SouthArk network after thirty (30) minutes of inactivity. The user must then log on again to reconnect to the network. Pings or other artificial network processes to keep the connection open are prohibited.
    2. Support will be provided only for remote access clients approved by SouthArk's Office of Information Technology.
  9. Remote Access Terms of Use:
    Any user found to have violated the terms of use may be subject to loss of privileges or services and other disciplinary action.
    1. It is the responsibility of all SouthArk employees and authorized third parties with remote access privileges to ensure that unauthorized users are not allowed access to internal College networks and associated content.
    2. All individuals and machines, including college-owned and personal equipment, are a de facto extension of SouthArk's network, and as such are subject to the College's Acceptable Use Policy.
    3. All computers connected to SouthArk's internal network via remote access or any other technology must use a properly configured, up-to-date operating system and anti-virus software; these include all personally-owned computers. Antivirus software may be available for SouthArk faculty and staff.
    4. Redistribution of the SouthArk remote access installers or associated installation information is prohibited.
    5. All network activity during a remote access session is subject to SouthArk policies.
    6. All users of the SouthArk remote access services shall use only resources for which they have been granted permission and rights to use.
  10. The Chief Information Officer is charged with the responsibility to review periodically the procedure and propose changes to the Executive Cabinet as needed.