Secure Socket Layer Virtual Private Network (SSL VPN) Usage and Policy
The purpose of this policy is to provide guidelines for Secure Sockets Layer Virtual Private
Network (SSL VPN) connections to the CCSF network. ANY USER WHO DOES NOT AGREE
TO BE BOUND BY THIS POLICY SHOULD STOP USE OF THIS SERVICE AND NOTIFY THE
ITS NETWORK GROUP SO His/Her ACCOUNT MAY BE DISABLED.
This policy applies to all CCSF employees, contractors, consultants, temporaries, and other
workers including all personnel affiliated with 3 party utilizing SSL VPNs to access the CCSF.
This policy applies to implementations of VPN that are directed through an SSL VPN gateway.
Approved CCSF employees and authorized 3 party (customers, vendors, etc.) may utilize the
benefits of VPNs, which are a "user managed" service. This means that the user is responsible
for selecting an Internet Service Provider (ISP), coordinating installation, installing any required
software, and paying associated fees.
1. It is the responsibility of employees with SSL VPN privileges to ensure that unauthorized
users are not allowed access to CCSF internal networks.
2. SSL VPN use is to be controlled using either an authenticated password of 8 characters
(1e0yea21) or more or a strong pass phrase password (my dog ate the cat).
3. When actively connected to the college network, SSL VPNs will force all traffic to and
from the PC over the SSL VPN tunnel: all other traffic will be dropped.
4. Dual (split) tunneling is NOT permitted; only one network connection is allowed.
5. SSL VPN gateways will be set up and managed by CCSF ITS network group.
6. All computers connected to CCSF internal networks via SSL VPN or any other
technology must have the most up-to-date updates, patches and hotfixes for the
computer operating system used; this includes personal computers.
7. All computers connected to CCSF internal networks via SSL VPN or any other
technology must use the most up-to-date anti-virus software that is the college standard
(ftp://ftp.ccsf.edu/pub/Antivirus/); this includes personal computers.
8. All computers connected to CCSF internal networks via SSL VPN or any other
technology must use the most up-to-date anti-spyware software (Spy Sweeper, Ad-
Adware, Spybot); this includes personal computers.
9. All computers connected to the CCSF internal networks via SSL VPN or any other
technology via wireless network. Wireless network must be secure by some type of
encryption (WEP,WPA1/2,PEAP) to protect the data transaction between the remote
computer and the college network.
10. SSL VPN users will be automatically disconnected from CCSF network after 5 minutes of
inactivity. The user must then logon again to reconnect to the network. Pings or other
artificial network processes are not to be used to keep the connection open.
11. The SSL VPN gateway is limited to an absolute connection time of 24 or less hours.
12. Users of computers that are not CCSF owned equipment must configure the equipment
to comply with CCSF VPN and Security Policies.
13. SSL VPN access requests may be restricted or limited due to system capacity limitations.
14. The remote systems access provided by this service is not an authorization of overtime
and the associated compensation. All overtime requests must be approved individually by
15. This VPN usage policy is not to be interpreted as a telecommute policy for CCSF.
Any employee found to have violated this policy may have their VPN access terminated and be
subject to additional disciplinary action per the CCSF Computer Usage Policy.
Extranet A catchphrase that refers to an intranet that is partially accessible to
authorized outsiders. Whereas an intranet resides behind a firewall and
is accessible only to people who are members of the same company or
organization, an extranet provides various levels of accessibility to
outsiders. You can access an extranet only if you have a valid username
and password, and your identity determines which parts of the extranet
you can view.
SSL VPN Gateway A device in which VPN connections are terminated.
Web Browser Software application used to locate and display Web pages. Graphical
browsers, which means that they can display graphics as well as text. In
addition, most modern browsers can present multimedia information,
including sound and video, though they require plug-ins for some
formats. Popular browsers are Internet Explorer, Netscape and Safari.
6.0 Violation of
Acceptable Use Policy
The ITS Department reserves the right to investigate suspected
violations of this Policy, including the gathering of information and the
examination of network traffic from the user's machine.
The ITS department has to the right to disable SSL VPN access and
user accounts with or without notice if security issues appear to
compromise the CCSF internal network resources. The ITS Department
may disable a user's access to the Extranet Network if they violate the
terms set forth in this Policy. Faculty or Staff caught hacking will be
referred to Human Resources for disciplinary action. Outsiders or
Consultants caught hacking will be referred to the police or other law
enforcement agency for criminal prosecution and penalties.
7.0 Non-Supported Items
Information Technology Services (ITS) does not support any personal
computers, hardware and software that does not officially belong to the
CCSF. Also, CCSF does not support any external Internet Service
8.0 Revision History
2/13/2006 Benton Chan, Version 1.3
4/21/2005 Tim Ryan, Version 1.2
2/14/2005 Benton Chan, Version 1.1
Name: ________________________________________ Phone: ( )__________________
Email: ________________________________________ Faculty Staff Consultant
Requester Signature: __________________________________________________________
W00# ID: ____________________________________________________________________
Department: _____________________ Department Manager: __________________________
Building: _________________________________________ Room: ______________________
Department Signature: _______________________________ Date (mm/dd/yy): ____________
Access Type (Check options that correspond to your job function):
Internet Native Banner (INB)
For Server and Software Application IT Support by IT Staff or IT Consultants. Specify access
NOTE: Access request may be denied due to ITPC or ITS policies.