Security Spotlight: Safe @ Home
If you use a computer at home or when traveling and you're not taking basic security precautions, it could mean big trouble for you and possibly for Brown. You could be the network's weak link if you're not patched, immunized, firewalled and securely tunneling into Brown via VPN. An unsecured computer could, for example, provide the backdoor for a nasty virus or worm that could infect and possibly control your computer. (See Botnet 101: Don't Get Own3d! to learn why you don't want this to happen to you.)
In the June 2005 issue of this newsletter, Paul Asadoorian's article, Advanced Wireless Security for the Masses, provided some detailed security tips on safe wireless computing, which more and more people are using at home and when traveling. This article will focus on how to securely connect to Brown when off-campus using VPN.
Your own Virtual Private Network
Brown has a number of electronic resources that are limited to use on the Brown network. Using VPN gives you access to many of those campus-limited web resources, including “keyed” software such as Dreamweaver, Adobe Photoshop, FlashMX, and others.
How does it work? The method used to determine if a computer is in Brown's network is the IP address of the computer. VPN gives you the appearance of being on Brown's network by assigning you a Brown IP address (indicating that you are on campus) for up to eight hours. This gives you a secure tunnel to connect to network services when off-campus or running wireless.
Your first step in using VPN is to install the software on your computer. From the software distribution pages ( Windows | Mac ), install the Cisco VPN client as outlined in the accompanying documentation, then start up the VPN client.
If you computer is already set up to support VPN, you will still need to install Brown's VPN software. CIS only supports Cisco VPN clients as others have been shown to be problematic in Brown's computing environment. For technical questions or troubleshooting tips, see the VPN@Brown FAQ.
Connecting to VPN
The launch and connection instructions are found on the CIS Documentation pages ( Windows | Mac ). Note that before launching your connection to the Brown VPN, you must first be actively connected to your Internet Service Provider (ISP). For increased security, be certain that your computer is running an antivirus program with up-to-date virus definitions.
There are certain limitations on Brown's VPN service. Dial-up modem connectivity is not supported by the Brown VPN. It also does not work on Mac OS 9 or earlier, and Mac OS 10.4 has been reported to exhibit inconsistent behavior. While most on-campus keyed software is available via VPN, the Mac version of Tecplot and the Windows version of Stata SE 9.0 do not to work over a VPN connection.
Note: Your computer cannot be physically connected to the Brown campus network when attempting to connect to the VPN, as it is for off-campus or wireless network use only.
Congratulations. You're ready to securely access of Brown's network while away from campus. If you have technical questions or troubleshooting tips, please read through the VPN@Brown FAQ to see if it answers your questions. If you are experiencing problems not covered by the FAQ, contact the staff at the CIS Help Desk.
Other tips for those working off-campus:
- Are you a student with a need for some virtual storage. Try MyStuff, a
central location on the network where you can store up to 250MB of data.
- Purchase a computer that meets CIS recommendations. These computers
work best in Brown's computing environment.
- Install free software. CIS's licensing agreements are detailed on the Software Services download site. Some agreements, such as the Microsoft Campus Agreement, allow for the use of specified products at home.
- Use library resources off-campus via its proxy server.
- Home sick or traveling and you'll be away from your main computer for awhile? You can turn on an "Out Of Office" message using OWA.
- Need to contact someone at Brown but you don't have their number handy? Talk to the .
No more remembering or looking up faculty and staff telephone numbers, just say dial the PhoneticOperator (401-863-6001) and speak the name of the person or department's name you wish to reach. Forget how to use your voicemail when away. The instructions are online.
- Links for accessing services from home have been collected on CIS's Off Campus Access web page, linked right from the CIS home page.
Author: Pat Falcon
Date: February 9, 2006