Security

Remote User Access to Systems
IMPORTANT NOTE: As of 3/23/2007, Cisco has not released a "non beta" version of their VPN client software that is compatible with Microsoft's Windows Vista operating system. A beta version is being tested by WWU IT staff and will be made available to Vista users when it has been established that, no problems are associated with the install and that there are no security issues.

Remote access to the University’s network, servers, administrative applications, and all computer resources creates a special security situation. Remote access includes the use of remote desktop control tools such as XP’s Remote Access Sharing, VPN, and dial-up modem access. VPN access extends the wwu.edu network to remote locations such as connecting regional campuses. When an employee uses remote access they must understand the following issues:

Because of necessary security measures, the following areas are not permitted remote access: wireless connections, lab connections, public areas
and the student modem pool
Remote access will not be provided to all employees as a default.
Please refer to the Remote Access Policy before requesting Remote Access.
To get remote access an employee must request that access (using the “Remote Access Request” E-sign Form") and have it approved by the employee’s department head. [Once approved, ITS would then turn on remote desktop sharing for that employee's login ID.]
When accessing Western’s computer resources remotely the employee is operating as an employee of the University. Appropriate use is the same as if the employee was working in their office for the University.

VPN ACCESS
Procedure to Request Individual User Access or Virtual Private Network (VPN) access:
Standard (non-administrative faculty)
     Provides access to WWU file servers and Outlook. Contact ATUS at x3333 to request remote access.
Administrative (Banner)
       Submit an Administrative Remote Access Esign form to ADMCS: https://west.wwu.edu/admcs/forms
       Download the VPN software to your home or remote machine: http://west.wwu.edu/atus/helpdesk/vpn.shtml

In addition to VPN, the Faculty/Staff modem pool also provides remote access to administrative resources. Faculty/Staff modem pool access must also be approved by the employee’s department head. This is done when the employee submits the “Faculty/Staff Modem Pool Access Request” E-sign Form to their department head or supervisor. The department head or supervisor then submits the Account Application Esign form to ATUS.

Student employees are not permitted access to the Faculty/Staff modem pool and are not normally authorized remote access to departmental workstations. Departments that have a full-time employee sharing the same workstation with a student employee should not as a rule, authorize remote access to that workstation. If remote access to that workstation is needed for a full-time employee then the student employee is NOT to be provided their administrative (Banner) password.

Workstation security becomes even more important when that workstation has remote desktop access activated. Departments should configure department workstations as follows:
Require hardened passwords (8 characters without words and with at least one number or special character)
Require password protection on the screen saver.

INSTALLING THE BANNER 7 SECURITY CERTIFICATE
Users that require Banner 7 access from remote offices and those currently using Banner from home are required to perform the following:
Mouse Right click on the following certdb.txt link, save it to the following location on your PC: C:\Program Files\Oracle\JInitiator 1.3.1.18\lib\security
Close ALL connections to IE
Click on this link to access INB: https://inb.wwu.edu/ (new Jinitiator will install. This will take 5+ minutes depending on your line speed)

Please address any questions regarding Administrative Access to the ADMCS Help Desk x4444.

Contact ADMCS: E-mail
Send comments to: Bob Schneider, Director ADMCS