Introduction

Illinois Tech's Virtual Private Network (VPN) provides a secure, encrypted, network connection over the Internet between authorized Illinois Tech users and the university network. The VPN offers secure access for faculty and staff who need access to information technology systems that are not otherwise available from off-campus networks.

VPN - Setup and Connect Using the Cisco AnyConnect

• VPN - Setup and Connect using the Cisco AnyConnect for Windows
• VPN - Setup and Connect using the Cisco AnyConnect for OS X

Policy

• The VPN does not provide Internet connectivity; it provides secure access into Illinois Tech's network. Individual users are responsible for selecting an Internet Service Provider (ISP), coordinating installation, and installing any required software necessary for Internet service.
• VPN accounts will only be provided to Illinois Tech faculty and staff upon request.
• Students will only be provided a VPN account for academic purposes on a case-by-case basis, and requests for student accounts must be sponsored and submitted by a full-time faculty member.
• All requests for VPN accounts must be routed through the OTS Support Desk.
• Only the VPN client software that is distributed by OTS may be used to connect to Illinois Tech's VPN servers.
• By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of the university's network, and, as such, must comply with the Illinois Tech's Acceptable Network Usage Policy.
• The VPN client is currently available for Windows 10, Mac OS X, and Linux. Approved users are responsible for the installation of the VPN client software.
• All computers connected to Illinois Tech's internal networks via the university's VPN must use the most up-to-date antivirus software and operating system patches. The univerist periodically scans computers connected to the network to ensure compliance. Devices identified as a potential security threat may be blocked from the university's network until further action is taken by the user.
• It is the responsibility of users with VPN privileges to ensure that unauthorized persons are not allowed access to Illinois Tech's internal networks.

Virtual Private Network (VPN) Vendor Policy

Access to Illinois Tech's networks and/or systems must not be granted to a third-party vendor, unless a univeristy sponsor determines that such a vendor has a legitimate business need for this access.  These privileges must not be provided unless they are enabled for a specific individual and only for the time period required to accomplish approved tasks. An Illinois Tech employee must sponsor the vendor and obtain approval for all systems accessible to the vendor. Access to Illinois Tech's systems will not be granted until the vendor is sponsored.   

The university prohibits the establishment of any inbound Internet connections from a vendor unless prior management approval was obtained. For a vendor to obtain sponsorship, an Illinois Tech employee must fill out the Illinois Tech VPN Account – Request Form.

A vendor wishing to access Illinos Tech's systems will be granted a VPN account only after they are sponsored. It is the responsibility of the vendor’s sponsor to inform the Office of Technology Services (OTS) that the vendor’s employee or contractor is no longer responsible for certain activities.

On a regular basis, OTS reviews the privileges and activity of vendor accounts used for production, test, and development computers, or virtual machines.  Vendor accounts will be disabled when no longer in use.  Vendor VPN usernames will be as follows:  first initial; and last name of vendor's represenative. This information will be distributed and documented by OTS.  OTS keeps documentation where all access privileges can be seen, so that incompatibilities and conflicts of interest can be readily determined.  A vendor system that is scanning other computers or determined to have vulnerabilities will be blocked from the Illinois Tech's network.

Vendor Responsibilities Regarding Illinois Tech VPN Access

• All vendor systems must run a firewall and an updated version of antivirus software.
• Vendors must not attempt to eradicate a computer virus from their system unless they do so while in communication with Illinois Tech's Office of Technology Services.  
• Vendor employees will be assigned a VPN username and password.  These usernames are not to be shared.
• Every user-ID on Illinois Tech's vendor systems is documented by OTS.  This is to allow the immediate termination of all access privileges if an individual were to leave the organization.
• The vendor is limited to working only on the systems for which it has been granted access

Enforcement

Any user found to have violated this policy will be subject to loss of certain privileges or services, including, but not necessarily limited to, loss of VPN access.