WT67-1
Administration Policy:
Remote Access and Network Security
Classification:
Administration Policy
First Issued:
8 February 2005
Dates of Review:
2011, 2016, 2017
Version Number:
4.1
Objective ID:
A4730
Next Review Due:
2022
Applicable Legislation:
Related Policies or
Information Technology and its Use Administration Policy
Corporate Documents:
Mobile Device Administration Policy
Disposal of Computer and Related Equipment
Administration Policy
Associated Forms:
Note:
Responsible Manager:
Manager Information Services
Confirmed by General Manager:
General Manager Corporate
Date
14 February 2017
and Compliance
Approved by Executive:
Date
14 February 2017
City of West Torrens Administration Policy Remote Access and Network Security
Table of Contents
1.
Introduction...................................................................................................... 3
2.
Purpose.............................................................................................................3
3.
Scope................................................................................................................ 3
4.
Definitions........................................................................................................ 3
5.
Policy Statement.............................................................................................. 4
Object ID A4730
Page 2 of 6
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Remote Access and Network Security
Administration Policy Remote Access and Network Security
1.
Introduction
1.1
The City of West Torrens (CWT) is committed to ensuring that users have access to information
technology (IT) from remote locations in a secure and effective manner.
2.
Purpose
2.1
This policy sets out the requirements for remote access to the computer network of the CWT.
3.
Scope
3.1
This policy covers al remote access to the CWT network by:
Employees; and
Organisations that have software maintenance responsibilities or otherwise have a
working association with the CWT.
4.
Definitions
4.1
ADSL refers to asymmetric digital subscriber line and is a broadband communications
technology for connecting to the Internet.
4.2
Executive Management Team refers to the Chief Executive Officer (CEO) and General
Managers.
4.3
The term "
RSA tokens" refers to both physical and software devices that are used to prove an
authorised person’s identity electronical y before network access is possible. RSA tokens
generate an authentication code at fixed intervals (usual y 30 seconds) that is uniquely
associated with a computer user.
4.4
VMware Horizon is a col ection of products and technologies used by information technology
(IT) administrators to manage and deliver desktops and applications and secure data on a
variety of devices.
4.5
The National Broadband Network (
NBN™) refers to the fibreoptic, fixed wireless and satel ite
infrastructure that is replacing existing broadband infrastructure with a faster and more reliable
broadband service.
5.
Policy Statement
5.1
The CWT networks and servers are to be protected from the risks inherent in remote access,
and this wil be achieved without impacting adversely on the quality of service available to
remote users.
5.2
Remote Network Access
5.2.1
Al remote access to the CWT network from an external connection wil only be
available via VMware Horizon.
5.3
Remote Network Access Authorisation
Object ID A4730
Page 3 of 6
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Remote Access and Network Security
5.3.1
Remote access to the network must be justified in writing for authorisation by the
responsible member of the Executive Management Team. The justification must clearly
identify:
Whether a CWT owned desktop computer is to be supplied to an employee for
remote access;
Whether remote access is authorised when a CWT owned laptop computer is
supplied to an employee; or
Whether access is authorised when the equipment is not CWT owned but is used
by either:
(a)
an employee of the CWT; or
(b)
an organisation that maintains software or otherwise has a working
association with the CWT.
5.4
Remote Network Access with a CWT Owned Desktop Computer
5.4.1
An employee wil be provided with a CWT owned desktop computer for remote use if
required under a contract of employment or otherwise justified on the basis of a
genuine business requirement. An employee’s preparedness to work from home, or the
convenience of such an arrangement, wil not normal y constitute a genuine business
requirement.
5.4.2
When the approval of an Executive Management Team member is given, the fol owing
wil apply:
CWT wil fund a homebased internet connection equivalent to the basic 500gb
ADSL Telstra BigPond connection.
The connection method wil be via NBN, cable or ADSL, subject to availability,
but if none are available, a 4G connection wil be supplied.
The total payment by CWT, notwithstanding the connection method), wil not
exceed $60.00 per month.
5.4.2.1
Any additional charges must be paid by the employee concerned.
5.4.2.2
ISDN wil only be used if alternatives are either unavailable or unsuitable. A
higher rate of reimbursement may be approved by the CEO.
5.4.3
It is preferred that the connection account be in an employee’s name.
5.4.4
If ADSL is available at the employee’s residence, CWT wil not fund a separate
telephone line. Al ADSL connections are to be enabled via an existing telephone line.
5.4.5
Al setup and instal ation costs are to be funded or supplied by CWT, including any
devices such as routers, modems, line filters and extra phone points. This also includes
any labour charges associated with the instal ation.
5.4.6
Only one additional phone point wil be funded by CWT, to cover the location of a
computer in a study or utility area.
5.4.7
The CWT IT Unit wil provide remote support.
5.4.8
Employees wil be supplied an RSA ID token for 2 factor authentication. This cost wil
be funded as part of the IT budget of CWT.
5.4.9
Use of the Internet via the CWT supplied computer is the responsibility of the CWT
employee and use should be consistent with the requirements of the
Information
Technology and its Use Administration Policy.
Object ID A4730
Page 4 of 6
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Remote Access and Network Security
5.5
Remote Network Access with a CWT Owned Laptop Computer
5.5.1
An employee may be provided with a CWT owned laptop computer for remote network
access, rather than a desktop computer, if remote use is required under a contract of
employment or is otherwise justified on the basis of a genuine business requirement.
5.5.2
The provision of a laptop computer does not necessarily entitle an employee to remote
access, and it is a requirement that remote access be authorised specifical y by a
member of Executive Management Team.
5.5.3
Network access terms applying to remote desktop computer use wil apply to remote
laptop computer use (refer to 5.8).
5.6
Remote Network Access Without a CWT Owned Computer
5.6.1
Employees who do not qualify for a laptop or home PC, but can justify remote access
to the network, wil need to secure the approval of the responsible member of the
Executive Management Team to access the CWT network remotely.
5.6.1.1
If approval is given, the user wil be supplied an RSA ID token for 2 factor
authentication. The cost of this token is to be funded by the IS Department.
5.6.2
Al line and Internet arrangements wil be in the employee’s name, and the employee
wil pay al initial and ongoing costs. As a general rule, the CWT wil not reimburse
these costs, either whol y or in part. However, the reimbursement of certain costs
incurred may be authorised by the responsible member of the Executive Management
Team, if appropriate under a contract of employment or when a general business
requirement is substantiated.
5.6.3
An arrangement that is largely based on the convenience of working from home, or an
employee’s preparedness to work at home, does not constitute a genuine business
requirement and wil not therefore justify a payment by CWT.
5.7
Remote Network Access by Organisational Users
5.7.1
Organisations that supply core software or otherwise have a working association with
CWT may be authorised to access CWT's network remotely, subject to compliance with
the requirements of this policy.
5.7.2
Organisational users wil not be supplied with RSA security token keys, however, if
justified, supply may be authorised by either the General Manager Corporate and
Compliance.
5.7.3
Authorised organisational users are otherwise required to contact the IT help desk for a
sixdigit RSA ID token number on each occasion network access is required. Help desk
employees wil hold two RSA ID token keys to facilitate the required access. This
access wil incorporate connecting via a web interface and the use of a password.
5.7.4
Remote organisational users are required to contact the help desk by email to confirm
connection details and the nature of work undertaken.
5.7.5
Remote organisational users are required to contact the help desk during business
hours to prearrange after hours' access whenever required. Weekend and public
holiday access wil only be authorised by the Manager IS where justified under the
circumstances.
5.7.5.1
Access to the CWT network by remote organisational users is not permitted
between 9.00 pm and 7.30 am CWT’s backup window unless authorised
Object ID A4730
Page 5 of 6
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
City of West Torrens Administration Policy Remote Access and Network Security
by the Manager IS.
5.7.6
Al remote access users must be advised in writing by the Manager IS of network
access requirements. Acknowledgement and acceptance of these terms must be
documented and saved in the corporate EDRMS.
5.8
Remote Network Access Protocols for all Users
5.8.1
When accessing the CWT network remotely, the fol owing CWT requirements must be
observed:
5.8.1.1
Remote computer users must agree to log off immediately when a remote
connection is completed.
5.8.1.2
Whenever possible, remote users must avoid using less secure public
access facilities and locations (such as libraries and airport lounge facilities).
5.8.1.3
Remote access equipment must not be left unattended for any period of
time, particularly if a connection is stil active or use is via public access
facilities or locations.
5.8.1.4
Users must always safeguard their RSA token. If it is lost or stolen, notify the
IT help desk immediately so that the token can be disabled.
5.8.1.5
Remote users must protect their username and password to the network.
Object ID A4730
Page 6 of 6
The electronic version on the Intranet is the control ed version of this document.
Printed copies are considered uncontrol ed. Before using a printed copy, verify that it is the control ed version.
