University of Michigan - Flint

Purpose
These policies and procedures apply to the use of UM-Flint’s Virtual Private Network (VPN) service, which is one mechanism UM-Flint provides for authorized users to access University computing and network resources from remote locations. These policies and procedures apply to Faculty and Staff of UM-Flint, and not to students. All other policies covering the use of University computing services by authorized users are still in effect when resources are accessed from remote locations, as are all regulations which protect the confidentiality and integrity of information entrusted to the University’s stewardship.

Benefits
A VPN allows encrypted access to your UM-Flint network resources, such as your UM-Flint desktop and real-time editing of your network documents. This access is available from anywhere, with any computer that has internet access, without having to use FTP.

Definitions

• Virtual Private Network (VPN) – is one or more encrypted connections over a shared public network, typically over the Internet, which simulates the behavior of direct, local connections.
• Point-to-Point Protocol (PPP) – is a communication protocol that enables a user to utilize a dial-up connection (commonly a modem using standard phone lines) to connect to the Internet.
• Digital Subscriber Line (DSL) – is a method for home users and small businesses to have high-speed access to the Internet over standard telephone lines. Because of the technology used, a DSL customer must be within a certain distance from the phone company’s CO (Central Office) for DSL to be available.
• Cable (also referred to as cable modem) – is a type of Internet connection provided by the local cable company, used to transfer data at high speeds over the cable television network.

Account Administration
VPN accounts are automatically created for current faculty and staff of UM-Flint. All VPN users will be authenticated to the VPN server using their UM-Flint LAN account username and password. When a staff or faculty member is no longer employed, the VPN account is terminated at the same time as the LAN account.

Client Connection Setup
UM-Flint’s Information Technology Services Department will provide limited VPN HelpDesk support for the following platforms:

• Windows 2000
• Windows XP (home or professional)
• Mac OS 10.x or higher

Onsite HelpDesk support is available for these operating systems by visiting 207 MSB during normal business hours.

No support is available for any operating systems other than those listed above. Installation on other platforms should only be attempted by experienced users of that platform. Improper setup can result in the complete loss of all network connectivity. Setting up a VPN connection requires changes to the network settings of the computer you are using. Therefore, it is recommended that the VPN connection only be set up on your personal computer, not on computers belonging to other people or institutions.

Client Restrictions
All users must install anti-virus software on each computer from which the VPN server is accessed. The anti-virus software must be updated regularly with new anti-virus definitions. Also, all users are required to keep their computer updated with the latest operating system and software patches available from their respective vendors.

Microsoft Windows-based PC’s should have the automatic updater configured. For information and instructions on automatic updates, visit www.microsoft.com, and search on keywords “automatic update”. Mac OS users should have the software updater configured through the OS system preferences, and Linux users should have the RTM manager configured. Detailed information on configuring supported operating systems for updates is outlined in Quicknote #80 available at the ITS HelpDesk, or online at http://www.umflint.edu/its/helpdesk/quicknotes/QN80.htm.

UM-Flint reserves the right to audit all VPN client systems, and all communication between VPN client systems and the UM-Flint network, for compliance with all applicable Information Technology Services security requirements.

Users connecting to the VPN server using a broadband connection, such as cable or DSL, must install and enable a software or hardware firewall. The software firewall built into Windows XP (Service Pack 2) is acceptable, as is Zone Alarm, available free from http://www.zonealarm.com/store/content/home.jsp.

Other Considerations
While a computer is connected to the VPN server, it is logically connected to both the internal UM-Flint network and the Internet. For security reasons, each VPN user should disconnect from the VPN server when access to the UM-Flint network is no longer required. VPN users should be aware that if their VPN connection remains open, their Internet connection is routed and logged through the VPN server and the UM-Flint network. This will result in a slower Internet connection for the VPN user, as well as affecting on-campus network performance for network users. Increased Internet traffic due to VPN users failing to disconnect will result in increased Internet service provider fees to the university.

Non-UM-Flint Users
Third-party individuals (those other than UM-Flint Faculty or Staff), or vendors wishing to gain access permissions for the VPN should contact the UM-Flint Information Technology Services department by email at nss@list.umflint.edu.