Remote Access via VPN for Employees

Ferris State University, in an attempt to better secure its network and to comply with various laws and regulations, is enacting a virtual private network (VPN). The VPN network will facilitate necessary network access beyond what services are deemed publicly available by the Chief Technology Officer and Infrastructure Team. Services that are publicly available are services in which the customer base is too broad or unknown and VPN is not a viable solution. The services that are both publicly available and through the VPN will be under constant review and may change to comply with Local, State, and Federal laws as well as adhere to security best practices and procedures. In order to stay compliant with regulations and have a secure network environment, the following guidelines must be adhered to at all times:

Private usage of a VPN is prohibited and is defined as any usage not directly related to Ferris State University business.

Passwords are required to be complex. A complex password is one that has eight (8) or more characters and numbers. It must meet at least two of the three following requirements; contain a capital letter, a number, or a special character. The characters should be a combination of upper and lower case and not easily guessable. If your password has been found not to be complex, you will be required to change your password. Never share your password with anyone for any reason. If you think your password may have been compromised, please change your password immediately and notify your support area and the Technology Assistance Center (TAC), at extension 4822, as soon as possible. Make sure that you note any and all details including date, time, location, accounts, and peculiar events. The support areas, as well as the TAC, will notify the appropriate personnel and an investigation will commence.

Service accounts are not to be used for VPN access at any time. Service accounts will not be granted VPN access as they can pose a significant security risk. Service accounts are accounts that are used either as generic login accounts or by computer applications to perform a designated task. Service accounts should follow the password guidelines and be complex passwords.

Student accounts are not to be used for VPN access, unless specifically authorized by the ITS Infrastructure Team. A student account is an account that is used by one or more students or by a student employee.

Client installation should not be performed on any machines not owned by the currently employed Ferris State University employee or the University itself. Doing so can cause an unnecessary security risk. Employees who separate from the University must remove the client from their personal computers immediately. The client may be obtained by the employee’s designated support staff and TAC will be able to assist customers in setting up the client on their personal machines. If the employee has a laptop, it is suggested that the employee schedule an appointment with their support team via TAC to install the VPN client. Employees can also download the VPN instructions and client software from the Home CD site.

Access to VPN usage will be granted on a case-by-case basis, as determined by the Data Security Office and the ITS Infrastructure Team. To request VPN access, users will need to contact TAC. Each user must meet the following requirements when requesting VPN access:

  • Cannot be a student or a student employee.
  • Cannot use a service account.
  • Must have a complex password.
  • Specify the buildings requiring access to and why.
  • Specify the full MyFSU username.
  • If you have had VPN access before, either under your current account or another account, please list the full details of the situation, including why you are requesting additional VPN access. If you used a different username, please specify the full MyFSU username you used.

Approved on February 13, 2008

Updated: 10/04/11