Network Security and VPN Acceptable Use Policy
Overview
This policy is to protect Pitt Community College’s electronic information from being inadvertently compromised by authorized personnel connecting to the Pitt Community College network locally and remotely via VPN.
Purpose
The purpose of this policy is to define standards for connecting to Pitt Community College’s network from any host. These standards are designed to minimize the potential exposure to Pitt Community College from damages that may result from unauthorized use of Pitt Community College resources.
Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Pitt Community College internal systems, etc.
Remote access implementations that are covered by this policy include, but are not limited to, ISDN, DSL, VPN, SSH, cable modems, etc.
Audience
This policy applies to all Pitt Community College employees, volunteers/directors, contractors, vendors, and agents with a computer or workstation used to connect to the Pitt Community College administrative network. This policy applies to remote access connections used to do work on behalf of Pitt Community College, including reading or sending email and viewing intranet resources.
Network Security
Users are permitted to use only those network addresses assigned to them by Pitt Community College IT Department.
All remote access by faculty and staff to Pitt Community College resources will be through a secure single-sign-on portal, including multi-factor authentication or a VPN connection. MFA for students will be implemented as soon as there is an approved policy.
Remote users may connect to Pitt Community College Information Systems using only protocols approved by IT.
Internal users must not extend or re-transmit network services in any way. This means a user must not install a router, switch, hub, or wireless access point to the Pitt Community College network without approval.
Users must not download, install, or run security programs or utilities that reveal weaknesses in the security of a system. For example, Pitt Community College users must not run password cracking programs, packet sniffers, network mapping tools, or port scanners while connected in any manner to the Pitt Community College network infrastructure. Only the OITS Department is permitted to perform these actions.
Remote Access
It is the responsibility of Pitt Community College employees, volunteers/directors, contractors, vendors, and agents with remote access privileges to Pitt Community College’s corporate network to ensure that their remote access connection is given the same consideration as the user’s on-site connection to Pitt Community College.
Pitt Community College employees bear responsibility for the consequences should access be misused.
Requirements
Only OITS-approved VPN software clients may be used.
Pitt Community College employees, volunteers/directors, and contractors should never provide their login or email password to anyone, including family members.
Organizations or individuals who wish to implement non-standard Remote Access solutions to the Pitt Community College administrative network must obtain prior approval from OITS.