Close Menu

VPN / Remote Access

Introduction

The IIT Virtual Private Network (VPN) provides a secure encrypted network connection over the Internet between authorized IIT users and the University network. The VPN offers secure access for faculty and staff who need access to information technology systems that are not otherwise available from off-campus networks.

VPN - Setup and Connect using the Cisco AnyConnect

Policy

  • VPN does not provide Internet connectivity; it provides secure access into the IIT Network. Individual users are responsible for selecting an Internet Service Provider (ISP), coordinating installation, and installing any required software necessary for Internet service.
  • VPN accounts will only be provided to IIT faculty and staff upon request.
  • Students will only be provided a VPN account for academic purposes on a case-by-case basis, and requests for student accounts must be sponsored and submitted by a full-time faculty member.
  • All requests for VPN accounts must be routed through the OTS Support Desk.
  • Only the VPN client software that is distributed by OTS may be used to connect to the IIT VPN servers.
  • By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of IIT’s network, and as such must comply with the IIT Acceptable Network Usage Policy.
  • The VPN client is currently available for Windows 7, Mac OS X, and Linux. Approved users are responsible for the installation of the VPN client software.
  • All computers connected to IIT's internal networks via the IIT VPN, must use the most up-to-date anti-virus software and operating system patches. IIT periodically scans computers connected to the network to assure compliance with the above. Devices identified as a potential security threat may be blocked from the IIT network until further action is taken by the user.
  • It is the responsibility of users with VPN privileges to ensure that unauthorized persons are not allowed access to IIT internal networks.

Virtual Private Network (VPN) Vendor Policy

Access to IIT networks or systems must not be granted to third-party vendors, unless an IIT sponsor determines that these vendors have a legitimate business need for such access.  These privileges must not be provided unless they are enabled for specific individuals and only for the time period required to accomplish approved tasks. An IIT employee must sponsor the vendor and obtain approval for all such systems accessible to vendors. Access to IIT systems will not be granted until the vendor is sponsored.   

IIT prohibits the establishment of any inbound Internet connections from vendors unless prior management approval was obtained. To obtain sponsorship, an IIT employee must fill out the IIT VPN account – Request Form.

All vendors accessing IIT systems will be granted a VPN account after they are sponsored.  It is the responsibility of the vendor’s sponsor to inform OTS (Office of Technology Services) that the vendor’s employee or contractor is no longer responsible for certain activities.

On a regular basis, OTS reviews the privileges and activity of vendor accounts used for production, test and development computers, or virtual machines.  Vendor accounts will be disabled when no longer in use.  Vendor VPN usernames will be as follows:  first initial, last name of individual from vendor.  This information will be distributed and documented by OTS.  OTS keeps documentation where all access privileges can be seen, so that incompatibilities and conflicts of interest can be readily determined.  A vendor system that is scanning other computers or determined to have vulnerabilities will be blocked from the IIT network.

Vendor Responsibilities Regarding IIT VPN Access

  • All vendor systems must run a firewall and updated version of antivirus software.
  • Vendors must not attempt to eradicate a computer virus from their system unless they do so while in communication with IIT OTS.
  • Vendor employees will be assigned a VPN username and password.  These usernames are not to be shared.
  • Every user-ID employed on IIT vendor systems is documented by IIT OTS.  This is to allow the immediate termination of all access privileges if an individual were to leave the organization.
  • The vendor is limited to working only on the systems for which they have been granted access

Enforcement

Any user found to have violated this policy will be subject to loss of certain privileges or services, including but not necessarily limited to loss of VPN access.