VPN FAQ

 

1).  What is a Virtual Private Network?

    The Ball State University Virtual Private Network (VPN) provides two primary functions:  

• Remote Access: The VPN provides a secure way to connect to services inside the BSU network from a remote location, such as from an off-campus apartment or even another part of the world. If you are traveling away from campus you can use the VPN to connect to on-campus resources, just as if you were in an on-campus office.  
• Secure Wireless Access: The VPN also provides a secure connection to the Ball State University Wireless Network. If you are a wireless user, you should acquaint yourself with the information in these instructions and learn about when using the VPN is critical to protect your privacy.

2).  When Should I Be Using The VPN?

From off-campus, the VPN is needed to access on-campus resources such as file servers, printers, and certain servers not open through the campus firewall. On-campus users do not need the VPN to access these resources when they are connected to the wired network or the wireless network using the 'bsusecure' SSID. As a general rule, you should always consider using the VPN whenever privacy is a concern and where some other means of encryption is not already provided. For example, privacy might not be a concern during casual web browsing where confidential information is not being exchanged. Most people would not feel the need to protect the privacy of the CNN home page, weather forecasts, sports scores, and other similar web sites which do not solicit personal information and which are open to everyone already. When privacy is absolutely a concern, such as entering passwords or credit card information, most web sites already provide encryption through HTTPS, making the VPN connection unnecessary. If the web site does not use HTTPS encryption, you should avoid entering confidential information, even if you are using the VPN. Instructions for determining whether or not a web site uses HTTPS security are provided below. 3).  How Can I Tell If A Web Site Uses HTTPS Security?You can tell if the web site uses this security by looking for the HTTPS in front of the address and the “lock” icon, which may appear in different locations depending on your choice of web browser:   In addition to the “https” and “lock” icon circled above, you also need to check the address of the site to be sure you trust it before entering your password or other confidential information. For example, the page above is a “bsu.edu” page which requires login by username and password, and which uses the HTTPS and lock for browser security. Compare this with a phishing page below, which an attacker might use to try to steal your password:   Notice that in this example above, the “HTTPS” and lock are missing, and the page is hosted on “fakesite.biz” instead of “bsu.edu” as in the earlier example. It is important to note that an attacker able to get you to visit this page (either by a link in a false e-mail message or any number of methods) would only be stopped by your diligence in noting these discrepancies and choosing not to enter your confidential information. The only way you can protect yourself from this kind of attack is to:

1. Check the address of the web site, be on the lookout for an address appears suspicious (is not a name you recognize, or is a number).
    
2. Be especially suspicious of any address or web link you receive in an e-mail message. A link may appear to be directed towards a bank account, however it might be pointing to a look-a-like website that can steal usernames and passwords. Rather than clicking on the link, it is safer to type it  directly into a browser window.
    
3. Check for the HTTPS and “lock” icon as shown in the previous example.
    
4. If the site is not a BSU.EDU hosted site, do not enter your BSU password!
    
5. Carefully consider whether or not you trust the site with your confidential information.
    
6. Remember that the VPN will not protect you from this kind of phishing attack; you must pay attention to the issues discussed above.

4).  What About Web Sites That Don’t Use HTTPS Security?Unlike the first example above, the following web page does not display the lock and https indicator:
  As you can see, this page is not encrypted. It would be unsafe to enter confidential information on this web page, but that is probably not a problem with a web page like the CNN home page where confidentially is not likely an issue. If this web site did solicit confidential information such as a password or a credit card number and also did not offer HTTPS security, you should not utilize the site and instead alert the web site administrator about the web form or page which lacks HTTPS security. 5).  What Happens If I Don’t Use The VPN For Wireless Access On Campus, Am I At Risk?You should be aware that “sniffing” wireless internet connections is easy to do, and at any given time there may be attackers attempting to engage in this activity. Your confidential information, including your passwords, may be intercepted if you do not either use the VPN or limit entering confidential information to web sites which use HTTPS security. As discussed above if the web site does not use HTTPS encryption, you should avoid entering confidential information, even if you are using the VPN. Using the VPN is important when using services like FTP and TELNET which do not encrypt your confidential information (including your password) from attackers who may attempt to intercept your communications. 6).  If I Am Accessing HTTPS Protected Web Sites, Can I Also Use The VPN?Yes, however keep in mind the VPN does not substitute for the six steps described above in the How Can I Tell If a Web Site Uses HTTPS Security section. The VPN does not substitute for these steps. 7).  Will Using The VPN Or HTTPS Protected Web Sites Guarantee My Security?No. Remember that both HTTPS and VPN connections only secure your connection; they do not prevent attack of the remote server where your information is stored. If you do not know that the remote site is trustworthy, do not enter any confidential information there, and under no circumstances should you use the same password you use on Ball State University systems. Only make credit card purchases from reputable vendors. Do not enter any personal or confidential information on web sites you do not trust. 8).  Can I Use The VPN To Connect To My Office Computer From Off-Campus?Yes, this is possible if you have configured your computer to accept incoming connections. Most Microsoft Windows operating systems for example supports Remote Desktop Connection service, which allows you to connect to your Desktop remotely and use your office computer from anywhere in the world. Older Windows systems and Macintosh systems can also be configured to support this type of remote desktop capability using third-party software such as pcAnywhere. 9).  How Do I Prepare My Home Computer To Connect To The BSU VPN?Make sure your home computer is free of viruses and other malicious software by running the latest BSU Supported anti-virus program and keeping it up-to-date. A poorly secured computer connected via a VPN into the Ball State University campus threatens the security of all other university information services and systems. For example, a home-based personal computer that is infected with a virus may try to spread that virus to hundreds or even thousands of other computers located here at Ball State through a VPN connection. 10).  Is VPN Software Available For Both Windows And Macintosh Computers?Yes versions supporting Windows XP, Vista and Windows 7 are available, as well as a Macintosh version. 11).  Can I Use The Off-Campus VPN From More Than One Computer At A Time?Yes, you can use the VPN from more than one computer at a time, such as a laptop and a desktop. 12).  I Want To Use Outlook From Home; Do I Need To Use The VPN?No, you do not need the VPN to use the full Outlook client from home or from any other off campus location. Instructions for configuration can be found in the “Connect to Exchange server using HTTP” document.