Frequently Asked Questions - ISO Services

Common questions about The Information Security Office service offerings

How does the rVPN monitoring differ from that of the normal VPN?

The normal VPN has only minimal traffic monitoring beyond information about logins. In comparison, the Restricted VPN monitors all traffic as it exits the VPN and employs the vulnerability, anti-spyware, AV, file monitoring, and threat detection and blocking features of the Palo Alto firewalls.

What can I do to prepare for an OS upgrade?

Begin by backing up your files. You can do this to a local device or move your data from the computer to servers or cloud-based platforms. Please note that location is dependent on the protection level of the data you have: UC P1 and UC P2/P3 data can be stored on Google Drive and Box. UC P4 data may only be stored on Calshare Confirm that any software (outside of the standard MS Office, Chrome, Adobe Acrobat) is...

How is the rVPN monitoring different from being on campus?

The degree of monitoring on campus varies depending on the location of the system. For most users the only traffic that is inspected for signs of compromise is traffic that goes off of the campus network or is directed at systems protected by our firewalls. For people on networks protected by a firewall there is additional monitoring at the firewall location.

When it comes to the Restricted VPN the monitoring occurs for almost every packet that leaves the systems connected to the VPN.

Should the Restricted VPN (rVPN) be used full time?

Because of the increased monitoring, most users will only want to use the Restricted VPN for access to the systems that host the restricted data. Beyond that, it is probably preferable to use the normal VPN.

Who is eligible for the Restricted VPN (rVPN) service?

Individuals who access and control a large quantity of restricted data or key IT infrastructure as part of their normal business activity may be eligible for this service. Individuals who use the data are not necessarily eligible. This service is for those with a high level of access to bulk quantities of this data. Additionally, researchers working in heavily targeted areas may be eligible for this service.

To confirm eligibility, please contact rvpn@...

What traffic is blocked by the rVPN?

Traffic from this service is blocked if it is going to or coming from a list of IP addresses, hostnames and URLs the security department believes are involved in malicious activity. These lists are derived from both our own monitoring and from reputable third party sources. Additionally, traffic that is detected as malicious, where the severity of the activity is set as a medium (or higher) level by Palo Alto networks (our VPN and firewall vendor), is also blocked.

How is the rVPN different from the regular VPN service?

The regular VPN service is intended to allow members of the campus community to access campus resources without having to be physically present on the campus. The Restricted VPN is meant to not only allow people remote access to the network, but to also enforce stricter security controls including blocking some traffic, logging all network traffic, detecting signs of unusual activity to or from the clients and using security profiles to block any malicious or vulnerability related traffic that has a rating of medium severity or higher.

As part...

What happens if I am running a Windows 7 computer after Jan. 14, 2020?

If you are running Windows 7 you are unsupported and out of compliance with campus policy. What happens next: Feb. 1, 2020 - ISO notifies Windows 7 systems users to disconnect from the campus network Mar. 1, 2020 - ISO blocks Windows 7 devices seen on the campus network

Please note: In the event that a Windows 7 exploit is released before Mar. 1, ISO reserves the right to immediately block any vulnerable device per the Blocking Network Access Policy.

Exceptions

...

What do I do if I've disclosed or shared data that was protected?

First off, what is a disclosure?

It's the intentional or unintentional release of protected or private/confidential information to an untrusted environment or to unauthorized individuals.

Process for reporting a disclosure Remove the disclosed information as soon as possible Immediately report the incident to the Information Security Office Notify your supervisor