Information Security Supporting Policy

010 Remote Access Policy Trinity College Dublin

CONTENTS:

1 GENERAL POLICY..............................................................................................................2
1.1 Introduction..............................................................................................................2
1.2 Scope ........................................................................................................................2
1.3 Permitted remote access connections ......................................................................2
1.4 Methods of Remote connection ................................................................................2
1.5 Non-standard remote access connections................................................................2
1.6 Protecting Remote Access Credentials ....................................................................2
1.7 Username/Password Authentication........................................................................3
1.8 Remote Access Hosts................................................................................................3
2 ROLES AND RESPONSIBILITIES ..........................................................................................3
2.1 All Individuals/groups granted remote access connection Privileges .....................3
2.2 College Staff or Students providing remote access to Third parties........................3
2.3 Third Parties ............................................................................................................4

Author IT Security Officer 010 Remote Access Policy.doc

Last Revision Date 29/05/2003 Page 1 of 4
Information Security Supporting Policy
010 Remote Access Policy Trinity College Dublin

1 General Policy

1.1 Introduction

The purpose of this policy is to define standards for connecting to the Trinity College Network from a
Computer or other device located outside of the College network. This policy is designed to minimise
the potential exposure to the College from risks associated with remote access connections by
ensuring only secure methods are used to connect to the College network.

1.2 Scope

This policy applies to all College Staff, students or Third parties with either a College owned or
personally owned computer used to connect to the College network.

Third parties are defined as any individual, group contractor, vendor or agent not registered as a
College staff member or student.

1.3 Permitted remote access connections

Remote access connections to the College network may be made for College administrative or
academic purposes only. These include but are not limited to:

• Approved use of network resources by registered Staff and Students.

• Teleworking by registered College Staff.
• Network administration purposes by registered System Administration Staff.
• Administration of College Applications or Systems by approved Third parties.

1.4 Methods of Remote connection

The relevant technical staff in each College area review and define approved methods of remote
connection. Apply to Information Systems Services or the Network Manager\Administrator in your area
for a list of currently approved methods.

1.5 Non-standard remote access connections

Organisations or individuals wishing to implement non-standard Remote Access must obtain prior
approval from the IT Security Officer.

1.6 Protecting Remote Access Credentials

All individuals are responsible for safeguarding the remote access credentials granted to them and

Author IT Security Officer 010 Remote Access Policy.doc

Last Revision Date 29/05/2003 Page 2 of 4
Information Security Supporting Policy
010 Remote Access Policy Trinity College Dublin

making sure that unauthorised individuals do not use them. These credentials may consist of
username and password combinations, digital certificates or other software or hardware.

1.7 Username/Password Authentication

Where Username/Password authentication is used the following apply:

• Where remote access authentication is facilitated using a username and password a strong
password must be used as defined in ‘005 Passwords Standards Policy.doc’.
• At no time should any College staff member or student provide his or her username or password
to any unauthorised third party.

1.8 Remote Access Hosts

All hosts that are used for remote access to the College networks must:

• Use the most up-to-date anti-virus software.

• Be protected by a Corporate or private Firewall.
• Not be made available for use to unauthorised third parties.
• Be available for inspection by Information Systems Services or the Area Network
Manager/Administrator if requested.

2 Roles and Responsibilities

2.1 All Individuals/groups granted remote access connection Privileges

It is the responsibility of all individuals/groups with remote access privileges to the College network to
ensure that:

• Their remote access connection meets security standards as approved by the College.
• The connection is only used for approved purposes.
• The remote access credentials granted to them are held safely and not disclosed to unauthorised
third parties.

2.2 College Staff or Students providing remote access to Third parties

College staff or students may only provide remote access to the College network to third parties with
the express permission of Information System Services or the Network manager or System
Administrator in their area.

College Staff providing remote access to third parties for any purpose must ensure that the method of
remote access meets security standards as approved by the College.

Author IT Security Officer 010 Remote Access Policy.doc

Last Revision Date 29/05/2003 Page 3 of 4
Information Security Supporting Policy
010 Remote Access Policy Trinity College Dublin

The Third party must be made aware of their responsibilities and provided with a copy of this policy
document.

Details of the Third Party connection must be documented and submitted to the Network
Manager/Administrator or Information Systems Services.

2.3 Third Parties

It is the responsibility of all contractors, vendors and agents with remote access privileges to the
College network to ensure that the remote access connection adheres to the Security Standards as
defined in this policy.

All Third parties must comply with the security measures as outlined in ‘011 Third Party Access
Policy.doc’

Author IT Security Officer 010 Remote Access Policy.doc

Last Revision Date 29/05/2003 Page 4 of 4