Procedures for Off-Campus Network Access and Provisioning
Because of the vulnerabilities in off-campus access paths and the increased
accessibility of servers exposed to off-campus access, it is necessary to
increase safeguards in this environment. In addition to the measures described
in the general section above, the following apply:
JMU-owned, On-campus Servers Accessible from Off Campus
- Administrators and implementers of campus servers that pass authentication
information between themselves and their off-campus clients are to use software
that encrypts the authentication transaction whenever it is available and
practical. Systems that make use of the universal JMU Electronic ID (E-ID) and
password are absolutely required to encrypt this information in transit.
- When servers require authentication for access, the administrator will
configure the server so that it does not allow more then ten sequential
unsuccessful authentication attempts without disabling the account. The account
will remain disabled for at least thirty minutes and the administrator should
be notified of the action. If the server does not support this precise
configuration, all best efforts shall be made to limit unsuccessful login
attempts in any available fashion.
Off-campus Clients Accessing On-Campus, JMU-owned Servers
Any compromised computer, including a home computer, may compromise accounts
on JMU-owned Servers. To protect those accounts, the following best practices
are offered as recommendations. For access to accounts with elevated
privileges, the recommendations are mandatory. Access to these accounts from
untrusted computers is strongly discouraged.
- Ensure designated protection software is installed and operating. For
example, anti-virus2 and/or desktop firewall software.
- Follow university procedures concerning computer updates3 at least once a
- Select and use client software that provides encrypted communications
whenever it is an available and practical choice.
On-campus Clients Accessing Non-JMU-owned Computers
Note that this includes, but is not limited to, student owned computers and
almost every off-campus computer.
- Increased care and discretion should be used when trusting non-JMU-owned
computers with sensitive information, passwords, downloaded code,
or access to JMU controlled computers through remote connections.
- Universal JMU electronic ID and password information should never be
provided to Non-JMU-owned Computers.
- These servers are not permitted to use the universal JMU Electronic ID and password without specific permission.
- These servers are required to display information informing users
that the system is privately owned and not a JMU-provided service.
- The operators of these servers are expressly required to follow all
other guidelines for servers given in this document for servers
connected to the JMU network.
- The operators are responsible for the behavior of account holders on their servers.