A-to-Z Index

[an error occurred while processing this directive] [an error occurred while processing this directive]


Procedures for Off-Campus Network Access and Provisioning

Because of the vulnerabilities in off-campus access paths and the increased accessibility of servers exposed to off-campus access, it is necessary to increase safeguards in this environment. In addition to the measures described in the general section above, the following apply:

JMU-owned, On-campus Servers Accessible from Off Campus

  • Administrators and implementers of campus servers that pass authentication information between themselves and their off-campus clients are to use software that encrypts the authentication transaction whenever it is available and practical. Systems that make use of the universal JMU Electronic ID (E-ID) and password are absolutely required to encrypt this information in transit.
  • When servers require authentication for access, the administrator will configure the server so that it does not allow more then ten sequential unsuccessful authentication attempts without disabling the account. The account will remain disabled for at least thirty minutes and the administrator should be notified of the action. If the server does not support this precise configuration, all best efforts shall be made to limit unsuccessful login attempts in any available fashion.

Off-campus Clients Accessing On-Campus, JMU-owned Servers

Any compromised computer, including a home computer, may compromise accounts on JMU-owned Servers. To protect those accounts, the following best practices are offered as recommendations. For access to accounts with elevated privileges, the recommendations are mandatory. Access to these accounts from untrusted computers is strongly discouraged.

  • Ensure designated protection software is installed and operating. For example, anti-virus2 and/or desktop firewall software.
  • Follow university procedures concerning computer updates3 at least once a month.
  • Select and use client software that provides encrypted communications whenever it is an available and practical choice.

On-campus Clients Accessing Non-JMU-owned Computers

Note that this includes, but is not limited to, student owned computers and almost every off-campus computer.

  • Increased care and discretion should be used when trusting non-JMU-owned computers with sensitive information, passwords, downloaded code, or access to JMU controlled computers through remote connections.
  • Universal JMU electronic ID and password information should never be provided to Non-JMU-owned Computers.

Non-JMU-owned Servers

  • These servers are not permitted to use the universal JMU Electronic ID and password without specific permission.
  • These servers are required to display information informing users that the system is privately owned and not a JMU-provided service.
  • The operators of these servers are expressly required to follow all other guidelines for servers given in this document for servers connected to the JMU network.
  • The operators are responsible for the behavior of account holders on their servers.