Remote Access Procedure Via the Barracuda VPN Appliance

Background:

There exists a family of products that provide remote access to a user's desktop.  The most common scenario is for an employee to access their work computer from home.

 

While there are many scenarios where this is useful to a student and to an employee, the University needs to maintain secure and authorized access to the CampusNet (defined as all offices, classrooms, and computer labs) particularly where computers are setup for Colleague access.

 

While some of these services/systems are sound and secure, many are not and these represent a security risk to the University.

Procedure:

The University is not opposed to remote desktop access, it simply must ensure that the connection is secure and authenticated.

 

Remote access to a user's desktop may not always be the most efficient service to use. Sometimes access to a specific application or to user files directly is a better solution then remote access to a desktop which can be problematic at times.

 

As such, the University will provide an encrypted, authenticated VPN connection that will enable an appropriate level of secure remote connectivity.  The ITS department will consult with users on the appropriate connectivity.

 

For the detailed procedure on implementing remote access:  Click Here.

Technical Background:

 

  1. SVSU has always and will continue to block direct access from the Internet directly to student computers in ResNet and office computers in CampusNet via IP address.  Services like logmein and gotomypc get around that by using a proxy. These services currently work in ResNet and CampusNet, represent a significant security risk, which is the basis for this SVSU VPN system.  Once the VPN has been phased in, a combination of firewall, and packetshaper rules will block these remote access services and leave only the VPN enabled.

  2. The VPN remote desktop ties a user to a particular desktop, via IP address (which will have to be made static on the computer being accessed remotely).

  3. Access to the computer being accessed remotely via the VPN is also password protected

  4. RDP (Remote Desktop Protocol): The University will also block RDP into CampusNet and within CampusNet to secure the RDP enabled desktops.   Similarly RDP will be blocked for access into and within ResNet.