One Step Ahead: Changes Coming to Remote Access to the Penn Network
Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy
The purpose of the Information Technology Policy Committee (ITPC), established in 2018, is to oversee the process of researching, creating, and updating IT policy and standards at Penn. The ITPC advises the chief information officer (CIO) concerning decisions about new policies, policy revisions, and variance requests. ITPC members include representatives from across the University’s schools and centers and staff from Information Security and ISC.
ITPC announced that two new policy statements, dealing with multi-factor authentication (MFA) for remote access, are coming into effect at the end of the fiscal year, June 30, 2023.
The new policies require that any remote access from outside of PennNet, including use of a Virtual Private Network (VPN), such as Global Connect, to on-campus computing be protected by MFA. In addition, access to non-interactive devices (such as printers) on the network from outside of PennNet will require other security controls such as strong passwords. This will impact local support providers (LSPs) and their networking infrastructure for all schools and centers. Any faculty, staff, or students working remotely should expect to need a second factor, such as two-step verification with Duo Mobile, by that date.
What does this mean for you? If you use a VPN, please ensure that MFA is enabled for its use. If you are an LSP, feel free to consult with ISC Client Care or with your Office of Information Security (OIS) security point of contact (SPOC) to determine how best to comply with these new policies.
Further information on the new policy can be found on the ITPC web page by navigating to: Policies Under Review. Questions about the policies may be directed to IT-POLICY-ADM@lists.upenn.edu.
The ITPC web page is located here: https://www.isc.upenn.edu/ITPC.
—
For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.