Pottsey Posted October 12, 2007 Report Posted October 12, 2007 After reading a recent threads I started to realise just how useful a VPN could be and started to set one up. Only after setting it up I realised there are data issues. Although I can access any computer at work I would now be able to do the same from home, but that’s the not the main problem. The main problem is child data, are there any guidelines or laws on this? My worry is one of the admin staff might leave their computer on at home logged in unsupervised. Is an AUP enough saying doesn’t leave your self logged in? I guess in some respects it’s no different then taking a laptop home to work on. Searching Becta wasn’t much help all I found are technical documents on what VPN is.
mrforgetful Posted October 12, 2007 Report Posted October 12, 2007 I would say an AUP would be a good idea. Luckily there's only one person here who wants the functionality and he's very stringent on Data issues and security. The instructions I wrote on how to access the Public area from home have some Terms and Conditions in them.
greenfieldsupport Posted October 12, 2007 Report Posted October 12, 2007 We see it as its the same as taking a laptop home, Most child data is held in SIMS at our school, and as well as authenticating on the VPN they have to authenticated against sims aswell with a differnt password. We state that teachers are NOT allowed to click the "remember my password and username" on the VPN connection, also only members of staff that use the vpn are ticked to be allowed to log in remotely, furthermore they have be told that if they lose their laptop, or it is stolen, they must contact Me on my mobile so i can lock their accounts out. Make sure as you can access this on the internet that you protect from dictionary attacks by setting your policys so they lockout anyone whos attempted to guess 5 passwords in a 30 second period + 15 password in any 3 hour period. or something similar. we use something more strict here. also we check the log file once a week to see if there is any "strange" activity. Its a pain but it is worth doing. Also Never enable the administrator account to log on remotely as this is the first thing people will try. As the link is encrypted we dont worry too much about sniffers, If the computers support it we use IPSEC policys aswell. Hope this helps. -Tony
Pottsey Posted October 12, 2007 Author Report Posted October 12, 2007 Thanks for the advice some good points I didn’t think off like remember my password and username.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now