Information Security Supporting Policy
010 Remote Access Policy
Trinity College Dublin
CONTENTS: 1
2
GENERAL POLICY..............................................................................................................2 1.1
Introduction..............................................................................................................2
1.2
Scope ........................................................................................................................2
1.3
Permitted remote access connections ......................................................................2
1.4
Methods of Remote connection ................................................................................2
1.5
Non-standard remote access connections................................................................2
1.6
Protecting Remote Access Credentials ....................................................................2
1.7
Username/Password Authentication........................................................................3
1.8
Remote Access Hosts................................................................................................3
ROLES AND RESPONSIBILITIES ..........................................................................................3 2.1
All Individuals/groups granted remote access connection Privileges .....................3
2.2
College Staff or Students providing remote access to Third parties........................3
2.3
Third Parties ............................................................................................................4
Author Last Revision Date
IT Security Officer 29/05/2003
010 Remote Access Policy.doc Page 1 of 4
Information Security Supporting Policy
010 Remote Access Policy 1 1.1
Trinity College Dublin
General Policy Introduction
The purpose of this policy is to define standards for connecting to the Trinity College Network from a Computer or other device located outside of the College network. This policy is designed to minimise the potential exposure to the College from risks associated with remote access connections by ensuring only secure methods are used to connect to the College network. 1.2
Scope
This policy applies to all College Staff, students or Third parties with either a College owned or personally owned computer used to connect to the College network. Third parties are defined as any individual, group contractor, vendor or agent not registered as a College staff member or student. 1.3
Permitted remote access connections
Remote access connections to the College network may be made for College administrative or academic purposes only. These include but are not limited to: •
Approved use of network resources by registered Staff and Students.
•
Teleworking by registered College Staff.
•
Network administration purposes by registered System Administration Staff.
•
Administration of College Applications or Systems by approved Third parties.
1.4
Methods of Remote connection
The relevant technical staff in each College area review and define approved methods of remote connection. Apply to Information Systems Services or the Network Manager\Administrator in your area for a list of currently approved methods. 1.5
Non-standard remote access connections
Organisations or individuals wishing to implement non-standard Remote Access must obtain prior approval from the IT Security Officer. 1.6
Protecting Remote Access Credentials
All individuals are responsible for safeguarding the remote access credentials granted to them and
Author Last Revision Date
IT Security Officer 29/05/2003
010 Remote Access Policy.doc Page 2 of 4
Information Security Supporting Policy
010 Remote Access Policy
Trinity College Dublin
making sure that unauthorised individuals do not use them. These credentials may consist of username and password combinations, digital certificates or other software or hardware. 1.7
Username/Password Authentication
Where Username/Password authentication is used the following apply: •
Where remote access authentication is facilitated using a username and password a strong password must be used as defined in ‘005 Passwords Standards Policy.doc’.
•
At no time should any College staff member or student provide his or her username or password to any unauthorised third party.
1.8
Remote Access Hosts
All hosts that are used for remote access to the College networks must: •
Use the most up-to-date anti-virus software.
•
Be protected by a Corporate or private Firewall.
•
Not be made available for use to unauthorised third parties.
•
Be available for inspection by Information Systems Services
or the Area Network
Manager/Administrator if requested.
2 2.1
Roles and Responsibilities All Individuals/groups granted remote access connection Privileges
It is the responsibility of all individuals/groups with remote access privileges to the College network to ensure that: •
Their remote access connection meets security standards as approved by the College.
•
The connection is only used for approved purposes.
•
The remote access credentials granted to them are held safely and not disclosed to unauthorised third parties.
2.2
College Staff or Students providing remote access to Third parties
College staff or students may only provide remote access to the College network to third parties with the express permission of Information System Services or the Network manager or System Administrator in their area. College Staff providing remote access to third parties for any purpose must ensure that the method of remote access meets security standards as approved by the College.
Author Last Revision Date
IT Security Officer 29/05/2003
010 Remote Access Policy.doc Page 3 of 4
Information Security Supporting Policy
010 Remote Access Policy
Trinity College Dublin
The Third party must be made aware of their responsibilities and provided with a copy of this policy document. Details of the Third Party connection must be documented and submitted to the Network Manager/Administrator or Information Systems Services. 2.3
Third Parties
It is the responsibility of all contractors, vendors and agents with remote access privileges to the College network to ensure that the remote access connection adheres to the Security Standards as defined in this policy. All Third parties must comply with the security measures as outlined in ‘011 Third Party Access Policy.doc’
Author Last Revision Date
IT Security Officer 29/05/2003
010 Remote Access Policy.doc Page 4 of 4