July 26, 2017

New Security Controls for VPN and Local Administrator Accounts

UMW Staff,

The Commonwealth of Virginia Auditors of Public Accounts conducts an annual audit of the UMW’s technology security program. As a result of their last audit, the auditors have asked the IT Department to implement additional security controls around VPN access and local administrator accounts. This email outlines the important changes we are making to comply.

These new security controls have been presented for review and comment to the Staff Advisory Council, University Faculty Council, CAS Department Chairs, and the President’s Leadership Council.

VPN Access

VPN (virtual private network) access is used by some faculty and staff to access certain internal UMW systems from off-campus. In the past, the use of VPN has been available to all faculty and staff by downloading and installing the VPN client software, and logging in using a UMW NetID and password. In the future, the following additional security controls must be followed to use VPN:

  • A request must be submitted to the IT Security Office for you to be given, or to retain, the ability to use VPN to access UMW systems.
  • When your request is submitted, your supervisor will be copied and must review and approve the request.
  • A two-factor authentication system, called Duo, must be used when authenticating into a VPN connection.
  • A VPN connection used to access internal UMW systems can only be made using a UMW-issued device. A personally-owned computer or laptop cannot be used to access UMW internal systems.
  • A personally-owned computer or laptop can be used to establish a VPN connection to access the Internet only.

Who needs to go through this VPN approval process now? 

If you don’t currently use a VPN connection, then you probably don’t need this type of connection and don’t need to go through this process.  If you do have a current VPN connection and want to keep it, then you will need to complete this process.  If your needs change in the future, you can go through the approval process at that time.  If you are uncertain or have questions, please contact the IT Help Desk and we can help you determine if you need a VPN connection.

If you are currently a VPN user, and would like to continue to utilize this service, please submit your request by April 30, 2017. The new security controls described above will be activated on May 16, 2017

For more detailed instructions on how to request, install, and utilize VPN access, follow this link: http://technology.umw.edu/connecting/off-campus-access-umw-network-using-vpn/

Local Administrator Accounts

In the past, UMW faculty and staff were issued two accounts to login to their UMW-issued computer.  The first account, intended for daily use, was accessed using your NetID and password.  The second “local administrator” account, using a different login and password, was used to perform actions like updating software, or installing programs. The local administrator account has the highest level of system privileges on your computer, and this account can be exploited by viruses or malware. In the future, the following additional security control must be followed to use a local administrator account:

  • A request must be submitted to the IT Security Office to be given, or to retain, a local administrator account.
  • When your request is submitted, your supervisor will be copied and must review and approve the request.

Who needs to go through this Local Admin Account approval process now? 

If you don’t currently use your local administrator account, then you probably don’t need to go through this process.  If you use a local administrator account, and would like to continue to use it, please submit your request by April 30, 2017. Beginning May 16, 2017, IT staff will begin to remove local administrator accounts from faculty and staff computers that don’t have an approved request for a local administrator account.

If your needs change in the future, you can go through the approval process at that time.  If you are uncertain or have questions, please contact the IT Help Desk and we can help you determine if you need a local administrator account.

For more detailed instructions on how to request, install, and utilize local administrator access, follow this link: http://technology.umw.edu/hss/admin-accounts/

Thank you for your understanding and support as we implement these new security controls. If you have any questions or concerns regarding these new security controls, please contact the Help Desk at x2255 or helpdesk@umw.edu

 

Hall Cheshire

Chief Information Officer

University of Mary Washington

540-654-1379

hcheshir@umw.edu