Virtual Private Network (VPN) Policy

Tags vpn Policy

Questions

  • What is Bowdoin's VPN policy?
  • What are the requirements for using Bowdoin's VPN on a personal computer?
  • Who is responsible for ensuring a VPN-connected device is secure?
  • What happens if my device doesn't meet Bowdoin's VPN security requirements?
  • Which VPN clients are approved for use at Bowdoin?

Environment

This policy applies to all Bowdoin employees, contractors, consultants, temporary workers, and any other individuals using VPN to access the Bowdoin network from off campus.

Resolution

Policy Statement

All users wishing to establish a real-time connection with Bowdoin's internal network through the internet must employ a Virtual Private Network (VPN) product approved by the Chief Information Officer (CIO) or Chief Information Security Officer (CISO) that can authenticate the user and encrypt all traffic exchanged.

This policy is approved by the CIO.

Summary

The purpose of this policy is to define standards for connecting to Bowdoin's network from hosts on the internet by using a VPN to the internal network. These standards are designed to minimize potential exposure to Bowdoin from damages which may result from unauthorized use of Bowdoin resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, and damage to critical Information & Technology systems.

1. Remote Computer Security

Remote computers become an extension of the Bowdoin network and are therefore subject to the same rules and regulations that apply to Bowdoin-managed computers.

  • Software security patches: Remote computers must have up-to-date security patches for the operating system and all installed applications.
  • Anti-virus software: Remote computers must have up-to-date and active anti-virus software (including personal computers) and be free from viruses.
  • Remote vulnerability scanning: Remote computers using VPN technology are subject to being remotely scanned to determine that software is current and that the system has been properly secured. Computers that do not meet requirements will be disconnected automatically from the Bowdoin network until a secure computing environment has been re-established.
  • Non-Bowdoin-owned equipment: Users of computers not owned by Bowdoin must configure the equipment to comply with Bowdoin's VPN and Computer and Network Usage policies.
  • Approved VPN client: Only VPN clients approved by the CIO or CISO may be used.

2. Responsibilities

Users

It is the responsibility of users with VPN privileges to ensure that unauthorized users are not allowed access to Bowdoin internal networks. By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of Bowdoin's network and are therefore subject to the same rules and regulations that apply to Bowdoin-owned equipment. Users are responsible for all communications from their computers while connected to the VPN.

VPN Administrator

VPN gateways and concentrators will be set up and maintained by a VPN administrator from the Network Operations group to meet minimum requirements:

  • The VPN requires the user to authenticate.
  • All communication over the VPN is encrypted.
  • All authentication attempts will be logged.
  • VPN users will be automatically disconnected from Bowdoin's network after 2 hours of inactivity. The user must re-authenticate to reconnect.
  • Pings or other artificial network processes are not to be used to keep the connection open.

3. Notification of Changes

Information & Technology will provide users with a copy of this policy (or a link to it) and notify users of any changes.

4. Enforcement

Any employee found to have violated this policy may be subject to disciplinary action according to HR policy.

Additional Help

If you need further assistance, you have several options:

  • Bowdoin Bot: Chat with Bowdoin Bot directly from any KB page for instant answers.
  • Phone: Call the Bowdoin College Service Desk at (207) 725-3030.
  • In person: Visit the Tech Hub in Smith Union during business hours.
  • Submit a ticket: Request assistance through the Service Catalog.
100% helpful - 1 review
Print Article

Related Articles (4)

About Bowdoin's VPN Service
Explains what Bowdoin's Virtual Private Network (VPN) service is, which resources require VPN when working off campus, which services do not require VPN, and where to find installation and setup guides for GlobalProtect.
Troubleshooting GlobalProtect VPN
Troubleshooting steps for Bowdoin students, faculty, and staff who cannot connect to the GlobalProtect VPN, receive error messages, or can connect but cannot access Bowdoin resources such as Microwave from off campus.
Using GlobalProtect VPN on macOS
Step-by-step instructions for connecting to Bowdoin's VPN using the GlobalProtect app on a Mac. Covers first-time setup, connecting on subsequent uses, and disconnecting. Requires GlobalProtect to already be installed.
Using GlobalProtect VPN on Windows
Step-by-step instructions for connecting to Bowdoin's VPN using the GlobalProtect app on a Windows 11 computer. Covers first-time setup, connecting on subsequent uses, and disconnecting. Requires GlobalProtect to already be installed.