2-Factor VPN Contractor Service
Service description
This service provides a secure method of connecting to the University of Warwick campus IT systems from remote contractor office locations. The service is available to all third party external contractual service teams that require limited access to a range of university network based services for support.
All contractor VPN services built will be reviewed on a year by year basis and deleted as necessary, if the contract is no longer in place. Any enhancements to the service will be reviewed from time to time.
Availability:
This service is available 24hrs a day, 7 days a week, apart for periods of non-availability required for planned maintenance. Support for the service is available during standard support hours (8:30 - 17:30 Monday to Thursday, 8:30 - 16:30 Fri
About the service
What is 2-Factor Authentication ?
2-factor authentication is used to enhance the security for access to University systems.
2-factor is a system that uses OTP (One Time Password) technology where users login with their created account credentials and then are further challenged for a 2-Factor OTP code. A hard token key-fob (posted to contractors) generates the changing code. The hard token is about the size of a USB pen.
A defined VPN private IP address range:
The service uses 1918 private address space using the 172.20.0.0/16 range. 172.20.0.0/16 to 172.20.9.0/16 will be reserved for contractor use. If the reservation becomes exhausted, it can be expanded.
The range will further be sub-netted down to 172.20.0.0/28 to provide 14 IP host addresses per contractor. Should more host addresses be required, a
second profile can be created to provide an additional 14 IP addresses.
Note:
The Network Services team control the private address space in use and will dictate any changes they see fit. Contractors connecting to the service should make provisions to use alternate address space within their own networks, and avoid using the same University defined VPN address range as mentioned above. If their is a chance that the contractors internal IP address range will clash with the University's defined range, they should ensure they use an alternate internal range before connecting.
PCI Compliance:
The service is fully compliant to PCI industry standard regulations and will comply to any necessary changes or recomendations from time to time.
Standard System Remote Access:
When contractors are using this service, they will be allowed access to defined Warwick systems under their support. They will also have access to their local LAN services and internet connection.
PCI System Remote Access:
When contractors are using this service, they will be allowed access to defined Warwick systems under their support, but will NOT have access to
their local LAN services or internet connection from the VPN connected PC.
Third Party Contractor Account Management:
ITS Identity Management Team will be responsible for the creation and control of accounts.
Password changes
Account holders will be periodically prompted to change their passwords at intervals in line with University security policy. Account holders will be responsable for changing their password prior to expiry. Account holders will be sent an email when the password is about to expire. Failure to comply will result in loss of connectivity, whereby they will have the inconvenience of contacting the University to raise a help-desk call for password reset.
The password change service is via www.warwick.ac.uk/changepassword. Each account has the user and mananger email address associated. When the account password has 7 days left to expire a notification email will be sent as a reminder to the user and manager with a link containing instruction for password changes.
How to request the service
Request the service by clicking on: Third Party Contractor VPN Service , and proceed to fill out the form presented to you with all details and submit.
How to cancel the service
Pleaase raise a standard Service Now request on: Third Party Contractor VPN Service Cancellation, and proceed to fill out the form presented to you with all details and submit.