Main content

Campus Technology Services

5
27
Our Hours Today:
8:00am-4:45pm

Virtual Private Network (VPN) Policy

Purchase College Virtual Private Network (VPN) Policy

1.0 Purpose
The purpose of this policy is to provide guidelines for Remote Access Virtual Private Network (VPN) connections to the Purchase College network.

2.0 Scope
This policy applies to all Purchase College employees, contractors, consultants, and other workers including all personnel affiliated with third parties utilizing VPNs to access the Purchase College network. This policy applies to implementations of VPN that are directed through an IPSec Concentrator.

3.0 Policy
Approved Purchase College employees, affiliates, and authorized third parties (vendors, etc.) may utilize the VPN. The user is responsible for coordinating installation, installing any required software, and paying any associated fees.

Additionally:

    • The user is responsible for ensuring that unauthorized users are not allowed access to Purchase College VPN.
    • VPN use is to be controlled using either a Purchase College credential and Multi-Factor authentication.
    • VPN gateways are set up and managed by Purchase College.
    • All computers connected to Purchase College via VPN or any other technology must have up-to-date anti-virus software, and up-to-date operating system and software patches.
    • VPN users will be automatically disconnected from Purchase College’s network after 24 hours. The user must then logon again to reconnect to the network.
    • Only Purchase College approved VPN clients may be used.
    • Users of computers that are not Purchase College-owned equipment must configure the equipment to comply with Purchase College’s VPN and Network policies. (AV and Patches.)
    • By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of Purchase College’s network, and as such are subject to the same rules and regulations that apply to Purchase College-owned equipment, i.e., their machines must be comply with AV and Patch requirements.

4.0 Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

5.0 Definitions
Term Definition



6.0 Revision History