Virtual Private Network (VPN) Policy

Virtual Private Network (VPN)
Information Services Policy

Policy Name:  Use of the Virtual Private Network (VPN) Service at Johnson County Community College.  Virtual Private Network (VPN) – Enables data transmissions to travel securely over a public network (the Internet) by tunneling traffic between the origin and the destination over a virtual private sub channel of the network link.

Policy Purpose:  This policy outlines the purpose and approved use of the Virtual Private Network on the JCCC campus network.

Scope:  The VPN Service is limited to full-time exempt staff who have obtained appropriate approvals and have met the system requirements listed below. This policy applies to all approved network users desiring a VPN connection at Johnson County Community College.

System Requirements:
  • Windows XP installed on the dedicated (employee is the only person who logs onto the machine) JCCC campus computer
  • Windows 2000 or XP installed on the JCCC remote or home computer
  • Stable cable modem or DSL internet connectivity
General Policy Provisions:
A VPN is a technique used to create a private and secure path from a remote computer located on a public network into a private network such as JCCC’s campus data network.  The Remote Desktop VPN connection provides a secure connection and protects the campus network from worms and viruses.  Users can connect to JCCC network resources and operate applications such as the full Outlook client and Banner as if they were locally connected to the JCCC network.  This allows greater functionality than the WebVPN option which provides access to file shares on the campus network via a web browser.

Use of the JCCC VPN service is a privilege that comes with responsibilities for the department and the employees, including best practices outlined in FERPA (The Family Educational Rights and Privacy Act of 1974, more commonly known as The Buckley Amendment) and Gramm-Leach-Bliley Act (GLB) guidelines.  In particular, users should disable their JCCC VPN session when it is not actively in use.

Employees should be aware that routing schemes, network configurations, and security measures can be changed without notice by the JCCC Information Services or by the employee’s internet service provider and may affect the employee’s ability to do certain functions with VPN.

Approval Process:
Access to the JCCC VPN will be issued based on the ability to demonstrate work-related need and its use is limited to work-related purposes.  Any employee requesting access to the JCCC VPN will need to complete the VPN Request Form and obtain authorization from their Division Director and Vice President.

Responsibilities of Information Services:
  • Provide the VPN client software and instructions for installing the VPN client on the employee’s computer.
  • Provide a method for granting employees access to the VPN service.
  • Information Services shall “scan” for unauthorized VPNs and disable access of those devices.
  • VPN support is offered during normal business hours.
  • Information Services cannot support home computers.
Responsibilities of Users:
  • VPN service is limited to full time exempt faculty and staff needing secure remote access to resources located on the college’s network.
  • All employees must use the centrally provided VPN and the associated VPN client software.
  • Any remote systems must have the VPN client’s firewall feature enabled.
  • All remote systems must have properly configured anti-virus software installed and enabled.
  • The operating system for all remote systems must be kept current by applying “patches” as they become available.
  • In order to use the VPN service all remote systems must meet or exceed posted system requirements.  
  • Dedicated (employee is the only person who logs onto the machine) JCCC campus computer must be on and employee must be logged into the network on the JCCC campus computer in order to use the VPN.
  • Authorized users with VPN privileges to the JCCC Network must ensure that their Remote Access connection complies with the JCCC Acceptable Use Policy (510.00 Use of Communication Systems: E-mail, Internet, and Related Hardware and Software) and treat it with the same consideration as an on-site connection to the college. 
  • Failure to abide by the requirements of this policy and/or any procedures that are developed to implement this policy may result in termination of the user’s VPN privileges.  
Approval:  JCCC President and Chief Information Officer
Effective:  January 1, 2006