TITLE: Remote Access
The purpose of this policy is to define standards for connecting to the Fifth Judicial District Department of Correctional Services (District) network from remote locations. These standards are designed to minimize the potential exposure of the District from damages which may result from unauthorized use of District resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical District internal systems, etc.
All policies covering the use of District computing services by authorized users are still in effect when network resources are accessed from remote locations, as are all applicable local, state and federal laws.
This policy applies to all District employees, contractors, vendors and agents with a District owned or personally-owned computer or workstation used to connect to the District network. This policy applies to remote access connections used to do work on behalf of District, including reading or sending email and viewing intranet web resources.
Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, Integrated Services Digital Network (ISDN), Digital Subscriber Link (DSL), Virtual Private Network (VPN), cable modems, etc.
- It is the responsibility of the District employees, contractors, vendors and agents with remote access privileges to District network to ensure that their remote access connection is given the same consideration as the user's on-site connection to the District.
- Access to District owned computer or workstations by nondistrict employees and unauthorized contractors, vendors or agents is forbidden.
- Please review the following policies for details of protecting information when accessing the network via remote access methods, and acceptable use of the District network:
- Use of computer equipment and software (policy I-8).
- Virtual Private Network (VPN) Policy
- Wireless Communications Policy
- Secure remote access must be strictly controlled. Control will be enforced via a network password, crypto key card and PIN assignment, digital certificate, dial-back or any combination thereof.
- At no time should any District employee provide his or her login or email password to anyone, not even family members.
- At no time should any confidential documents or files containing confidential information be copied, moved or stored on a nondistrict computer or workstation.
- District employees and contractors with remote access privileges must ensure that their District owned or personal computer or workstation, which is remotely connected to FDJDOCS' network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.
- Reconfiguration of a home user's equipment for the purpose of split-tunneling or dual homing is not permitted at any time.
- All hosts that are connected to District internal networks via remote access technologies must use the most up-to-date anti-virus software. This includes nondistrict computers and workstations. At its sole discretion, the District may elect to provide anti-virus software for use with remote access client software. Software recommendations can be found below in the section entitled Software Recommendations.
- All Internet connected hosts that connect to District internal networks via remote access technologies must install and maintain a suitable hardware or software based firewall. At its sole discretion, the District may elect to provide a software firewall for use with remote access client software. Software recommendations can be found in Attachment A.
- Personal equipment that is used to connect to District' network must meet the requirements of District -owned equipment for remote access. Hardware recommendations can be found below in the section entitled Software Recommendations.
- All software residing on personal equipment connecting to the District' network must be legally licensed for use. At its sole discretion, the District may elect to provide software licenses to remote users for installation on personal equipment.
- Legal ownership of software licensing provided by the District will be retained by the District.
- Software licensed by the District that resides on the remote user's personal equipment will be used for official District business only.
- The District reserves the right to remove its licensed software from remote user's personal equipment at any time.
- Organizations or individuals who wish to implement non-standard Remote Access solutions to the District production network must obtain prior approval from the District Systems Administrator.
- The District Technical Support staff will be responsible for the setup, maintenance and support of all District owned hardware and/or software.
- The District Technical Support staff will not be responsible for setup, maintenance or support of nondistrict hardware and/or software.
- The District Technical Support staff will assist authorized remote access users with troubleshooting connectivity issues related to District hardware and/or software.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Cable Modem: Cable companies such as AT&T Broadband provide Internet access over Cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps. Cable is currently available only in certain communities.
Dial-in Modem: A peripheral device that connects computers to each other for sending communications via the telephone lines. The modem modulates the digital data of computers into analog signals to send over the telephone lines, then demodulates back into digital signals to be read by the computer on the other end; thus the name "modem" for modulator/demodulator.
Dual Homing: Having concurrent connectivity to more than one network from a computer or network device. Examples include: Being logged into the Corporate network via a local Ethernet connection, and dialing into AOL or other Internet service provider (ISP). Being on a District provided Remote Access home network, and connecting to another network, such as a spouse's remote access. Configuring an ISDN router to dial into District and an ISP, depending on packet destination.
DSL: Digital Subscriber Line (DSL) is a form of high-speed Internet access competing with cable modems. DSL works over standard phone lines and supports data speeds of over 2 Mbps downstream (to the user) and slower speeds upstream (to the Internet).
Firewall: A method of protecting one network from another network. A firewall blocks unwanted access to the protected network while giving the protected network access to networks outside of the firewall.
Frame Relay: A method of communication that incrementally can go from the speed of an ISDN to the speed of a T1 line. Frame Relay has a flat-rate billing charge instead of a per time usage. Frame Relay connects via the telephone company's network.
ISDN: There are two flavors of Integrated Services Digital Network or ISDN: Basic Rate Interface (BRI) and Primary Rate Interface (PRI). BRI is used for home office/remote access. BRI has two "Bearer" channels at 64kbit (aggregate 128kb) and 1 D channel for signaling info.
MINIMUM HARDWARE REQUIREMENTS
- Pentium Class (Pentium, Pentium II, Pentium III, Pentium IV) equivalent computer running at 233Mhz or higher
- 128 Megabytes (128MB) of physical RAM memory
- Windows98, Windows Millennium Edition (ME), Windows2000 (SP3) or Windows XP (SP1) operating system
- 20 Megabytes (20MB) of free hard disk space for installation of VPN Client software and firewall, if applicable
- TCP/IP networking protocol configured on the machine
- 15" CRT or flat panel display capable of 16 bit color at an 800x600 resolution
RECOMMENDED HARDWARE CONFIGURATIONS
- Pentium III/500Mhz equivalent or higher
- 256 Megabytes (256MB) of physical RAM or higher
- Windows2000 (SP3) or WindowsXP (SP1) Operating System
- 17" CRT or flat panel display capable of 16 bit color at an 800x600 resolution or higher
- Norton Anti-Virus version 7.x or higher
- Mcafee VirusScan version 7.x or higher
- Kerio Personal Firewall version 2.1 or higher
- ZoneAlarm version 3.7.x or higher
- Microsoft Office 2000
- Microsoft Office XP
Office Products (individually licensed)
- Microsoft Outlook 2000Microsoft Outlook XP
- Microsoft Access 2000Microsoft Access XP
- Microsoft Excel 2000Microsoft Excel XP
- Microsoft Word 2000Microsoft Word XP
- Microsoft PowerPoint 2000Microsoft PowerPoint XP
- Cisco VPN Client 3.6.4 or higher
- Zephyr Development Passport 3270