VPN policies/guidelines? Can any school use one?

[Pottsey]

After reading a recent threads I started to realise just how useful a VPN could be and started to set one up. Only after setting it up I realised there are data issues. Although I can access any computer at work I would now be able to do the same from home, but that’s the not the main problem. The main problem is child data, are there any guidelines or laws on this? My worry is one of the admin staff might leave their computer on at home logged in unsupervised. Is an AUP enough saying doesn’t leave your self logged in?

I guess in some respects it’s no different then taking a laptop home to work on. Searching Becta wasn’t much help all I found are technical documents on what VPN is.

[mrforgetful]

I would say an AUP would be a good idea.

Luckily there's only one person here who wants the functionality and he's very stringent on Data issues and security.

The instructions I wrote on how to access the Public area from home have some Terms and Conditions in them.

[greenfieldsupport]

We see it as its the same as taking a laptop home,

Most child data is held in SIMS at our school, and as well as authenticating on the VPN they have to authenticated against sims aswell with a differnt password.

We state that teachers are NOT allowed to click the "remember my password and username" on the VPN connection, also only members of staff that use the vpn are ticked to be allowed to log in remotely, furthermore they have be told that if they lose their laptop, or it is stolen, they must contact Me on my mobile so i can lock their accounts out.

Make sure as you can access this on the internet that you protect from dictionary attacks by setting your policys so they lockout anyone whos attempted to guess 5 passwords in a 30 second period + 15 password in any 3 hour period. or something similar. we use something more strict here.

also we check the log file once a week to see if there is any "strange" activity. Its a pain but it is worth doing.

Also Never enable the administrator account to log on remotely as this is the first thing people will try.

As the link is encrypted we dont worry too much about sniffers, If the computers support it we use IPSEC policys aswell.

Hope this helps.
-Tony

[Pottsey]

Thanks for the advice some good points I didn’t think off like remember my password and username.