Remote Access to University IT Systems
Policy Supported: / University Policy on: IT Security (UP16/3)
Preamble
This IT Standard establishes the principles and methods for all UWA staff,contractors, vendors and third party agents with University- or personally-owned computers for remote access to University IT systems (i.e. other than directly through the University network).
Accessing University IT systems from a remote location carries an increased risk. If accessed by unauthorised persons, confidential and/or sensitive data stored on University IT systems can be compromised. This IT Standard specifies the rules that must be followed in order to mitigate this risk.
Relevant Definitions
For definitions of the conceptions and terms in this IT Standard, please refer to the BITS Policy and Standard Definitions
Standard
1Remote Access Methods
The following are the only two acceptable options for secure remote access to University internal applications or electronic systems.
1.1Citrix
The University’s Citrix Service provides secure remote access for staff and vendors to published applications.
1.2UniConnect
UniConnect is UWA’s centrally supported Virtual Private Network (VPN). UniConnect allows remote users to securely access the University’s electronic resources.
2Responsibilities
2.1The Remote User
2.1.1Users are responsible for the security of any University-owned data stored on their remote devices;
2.1.2Users accessing University IT systems remotely must ensure that the point of access provides an adequate level of security to ensure that any private or confidential information is not exposed to third parties and that the remote device does not pose a threat to the operation of the University network in any way. This can be achieved by:
- maintaining the remote device with up-to-date software including operating system patches, anti-malware, anti-virus and personal firewall software;
- ensuring that the remote device is appropriately password or code-protected at all times.
2.1.3Users must take reasonable measures to secure and protect their remote device from loss or compromise;
2.1.4Remote users must comply with University IT Security and Acceptable Use policies;
2.1.5Users are responsible for removal of University-owned data prior to disposing of, or transferring their remote device to another user.
2.2The University
2.2.1The University is responsible for providing, maintaining and securing highly available and remote access infrastructure and services for authorised University remote users, ensuring that all data travelling between University systems and remote devices are encrypted;
2.2.2The University provides remote access software for use on remote devices in order to connect safely with University electronic systems;
2.2.3The University maintains logs of all remote connections – successful and unsuccessful;
2.2.4The University is responsible for applying the appropriate policies and procedures to protect the University’s system from attempted unauthorised access;
2.2.5The University provides advice on the appropriateness of two-factor authentication for remote users as required.
ReferencesComputer and Software Use Regulations
University Policy on: IT Security
IT Standard on: Firewall Rule Sets
IT Standard on: Malware Protection
IT Standard on: Authentication and Passwords
Approval
Approval Authority / Chief Information OfficerRevision History:
Version / Date Approved / Next Review Date1.0 / 21.03.2016 / 20.03.2018
Remote Access to University IT Systems v1.0Page 1 of 2