Division of Information Technology
Policy Document No:
Policy on Remote Network
Access
Title:
Version
Version 6
TRIM file number
Short description
DIT Policy on Remote Network Access
Relevant to
Approved by
Executive Director,
Department of Information Technology
Responsible officer
Executive Officer of Information Technology
Responsible office
Office of Executive Director of Information
Technology
Date introduced
6 March 1995
Date(s) modified
Next scheduled review
date
5 May 2012
Related legislation
Key words
Page 1 of 5
Division of Information Technology
Policy Document No:
Policy for Remote Access Connection to CSU network
Introduction
Scope
Objectives
References
Responsibilities
Method
Records
Amendment History
2
2
3
3
3
4
5
5
Introduction
Charles Sturt University has significant IT infrastructure which in some part may be partially
managed by external vendors under specific maintenance or support level agreements, or may
host services which are required to be accessed by authorised staff and students from remote
locations.
The increasing requirement for CSU staff to access CSU services from external sites through
a secure connection led to the introduction of remote access services at CSU.
Currently the remote access services offered are:
1. VPN via the approved CISCO client.
2. RDP – Remote Desktop Protocol via Terminal Services 2008 Gateway
3. SSH2
The VPN service allow CSU staff and authorised vendors to securely access certain CSU
services as if they were operating local to the CSU network.
The Remote Desktop Protocol via Terminal Services 2008 Gateway provides a virtual
windows desktop environment.
The SSH service allows access to specific hosts for command line configuration.
Scope
This document describes the procedures used to allocate user access through various remote
access services. . The policy applies to use of the remote access services provided by CSU for
external access to CSU services. It outlines the parameters within which a user will operate to
enable them to have, obtain and maintain access to this service.
Page 2 of 5
Division of Information Technology
Policy Document No:
Objectives
The objectives of this policy are;
1. To ensure only valid members of the University and valid vendors obtain and
keep remote access to the University.
2. To ensure that CSU Information Technology security standards are not
compromised by the use of CSU remote access services.
3. To ensure CSU remote access services offer users a method of securely
accessing the available and/or required services.
References
All details for users who currently have, or previously had access to the University's VPN,
SSH and RDP facilities are retained in central administration databases.
Responsibilities
1. The Risk Assessment and Management group (RAM) is responsible for
issuing security advisories to all users.
2. DIT Service Desk is responsible for managing the logging of requests for
remote access
3. Manager, Service Delivery (or delegate) is responsible for authorisation of
access to remote access services for staff and vendors.
4. Users of remote access services are responsible to ensure their personal
computers comply with minimum security standards, (see DIT Policy on
security)
5. CSU Computer Shop will record all licensing information.
6. Responsibility for the operation of the University’s remote access facilities
rests with the Division of Information Technology with specific responsibility
assigned to the Manager, Service Delivery Unit and the designated Operations
Support Officer.
Page 3 of 5
Division of Information Technology
Policy Document No:
Method
1. Eligibility for Access
Access is available to Charles Sturt University’s remote access facilities to the following:


all current staff and selected students of the University;
Affiliated bodies of the University (such as approved Vendors)
2. Applications for VPN Access
Application for VPN access is made by submission of a standard service desk request. The
request must include start and end dates and the reason for access. This application is
reviewed by the manager, service delivery (or delegate) who will determine suitability of
request and make determination. Staff requiring VPN access must use a CSU imaged laptop
or desktop which includes the current CSU approved anti virus solution as well as current
CSU approved Operating System. Instructions on installing and using client software are
supplied by the DIT service desk.
3. Applications for SSH access
Application for SSH access is made by submission of a standard service desk request. The
request must include start and end dates and the reason for access. This application is
reviewed by the manager, service delivery (or delegate) who will determine suitability of
request and make determination. Access to some systems may have to be enabled by Service
Delivery-Networks.
4. Applications for Terminal Services access
Applications for Terminal Services access is made by submission of a standard service desk
request. The request must include start and end dates and the reason for access. This
application is reviewed by the manager, service delivery (or delegate) who will determine
suitability of request and make determination. Note that current staff and students have
default access to remote Terminal services.
Page 4 of 5
Division of Information Technology
Policy Document No:
Records
1. VPN Access
The central administration database retains all relevant information for users, as well as log
files detailing creation/termination of users. For VPN access this is controlled via the CSU
Operators page system. VPN client application is available via CSU software downloads but
is ineffective until access is authorised via Operators page.
Access logs are collected by the VPN concentrator and exported to the Network Monitoring
System
2. Terminal Services Access
Non CSU staff and student requests for terminal services access are collected and stored by
the DIT service desk. Access logs are collected by the relevant terminal server and exported
to the Network Monitoring System.
3. SSH Access
Requests for SSH access are collected and stored by the DIT service desk. Access logs are
collected by the relevant server and exported to the log repository.
Amendment History
Date
Author
Version
No Pages
Description
6/3/95
M. Rebbechi
1
3
First Version
23/10/96
J. Eyles
2
3
Web Conversion
22/5/98
G. Taylor
3
3
Changed to reflect the Communications Act
11/3/00
G.Taylor
4
3
Reflect current requirements
11/3/09
B.Roberson
5
3
Include vendor access via VPN
20/4/09
L.Weston
6
4
Include SSH and Terminal services access.
Page 5 of 5