Securing Access to UW-W Network
Approved by Executive Tier on 11/22/2021
Purpose
This policy is intended to minimize risk to the UW-Whitewater (UWW) information technology environment from cybercriminals and ensure compliance with UW System Policies, Regent Policies, State Statutes, and Federal Statutes regarding information security risk management.
Scope
This document defines and clarifies policies and procedures for accessing the UWW Network remotely or through a wired a connection. It applies to all staff, faculty and students who access the UW Whitewater network through VPN or the wired network.
Remote Access
In December 2020 the Executive Tier approved disabling direct remote access (RDP Protocol) through VPN to office computers to protect UWW from security risk (direct remote access to computers can provide a gateway for cybercriminals to access sensitive internal resources. Attackers can also exploit remote access to take control over these computers, gaining access to the rest of the network). A secure alternative solution – Citrix Remote PC was made available to individuals who require this kind of access to fulfill their job responsibilies. Direct remote access to computers (RDP) through VPN was closed off on February 10, 2021.
UWW employees and students use VPN to gain access to campus resources that are generally not available through a browser, primarily to the network document storage. VPN access requires authentication. However, to be fully compliant with UW System Administrative Procedure 1031.B Information Security: Data Protections, access to High Risk data must also be protected by multi-factor authentication (MFA). MFA will be enabled for VPN access.
As computers connect to the campus network, to assure security of UWW network and compliance with UWSA policies, posture checking will be conducted. Posture checking includes confirmation that required malware protection or antivirus software is installed and functioning.
Access to Wired Network
Network authentication is identified as one of the network security requirements in the UW System Administrative Procedure 1031.B Information Security: Data Protections. Access to the wired network will be controlled by allowing access only to those devices that are identified in the IT Asset inventory. Guests (personal or campus devices) access may be restricted based on the resources they are trying to access.
In addition to the network access controls, UW System Administrative Policy 1035 Information Security: IT Asset Management stipulates that “All UW institutions must inventory all UW-owned or leased IT assets”. In order to assure completeness of this inventory, all IT assets must be registered in the IT database before accessing UWW network.
Posture checking will be performed to make sure that computers connecting to UWW wired network are free of malware and have supported and patched versions of software and antivirus installed and functioning.