Remote access policy

Objective: To secure university network remote access, minimizing risks and ensuring data integrity.

Scope: All remote access components, wired and wireless.

General Rules:

• Permissions: Role-based access, regularly reviewed.
• Credentials: Confidentiality of login data.
• Encryption: Mandatory IPsec/SSL VPN with strong passwords.
• Control: Access via a secure control point.
• Logging: Centralized logs, regular reviews.
• Device Security: Compliant personal devices, documented.
• Network Safety: Avoid unsecured public networks.
• Branch Connections: Secure, encrypted Site-to-Site connections.

Acceptable Policy Example:

• Strict, role-based access.
• SSL VPN encryption.
• Device security compliance.
• Regular log reviews.
• Result: Secure remote work, verified by logs.

Unacceptable Policy Example:

• Uncontrolled access.
• Lack of encryption.
• No log reviews.
• Use of unsecured public networks.
• Result: Data breach via unsecured connection, undetected.

Conclusion:

• Effective policies require controlled access, encryption, and monitoring.
• Poor policies lead to security breaches and data loss.
• Proper implementation protects university resources.