HomeMy WebLinkAboutContracts_VPN agreements with Vendors_Praece ConsultingVendorRemoteAccessPolicyIT POLICY AND PROCEDURES
TITLE INDEX
Vender Remote Access IT-346
EFFECTIVE DATE PREPARED BY DIRECTORS APPROVAL
1/17/13 Network Engineer Paul Haugan
REVISION DATE
Purpose:
The purpose of this policy is to provide guidelines for Remote Access IPSec or L2TP Virtual
Private Network (VPN) connections to the City of Auburn private network.
Scope:
This policy applies to all City of Auburn employees, volunteers, officials, contractors,
consultants, temporaries, and other workers including all personnel affiliated with third parties
utilizing VPNs to access the City of Auburn network. This policy applies to implementations of
VPN that are directed through an IPSec Concentrator.
Policy:
Only approved City of Auburn employees and authorized third parties (customers, vendors, etc.)
may utilize the benefits of VPNs, which are a "user managed" service. This means that the user is
responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing
any required software, and paying associated fees.
Additionally,
1.It is the responsibility of parties with VPN privileges to ensure that unauthorized users
are not allowed access to the City of Auburn internal networks.
2.VPN use is to be controlled using either a one-time password authentication such as a
token device or a public/private key system with a strong pass phrase or IT managed
security.
3.When actively connected to the corporate network, VPNs will force all traffic to and
from the PC over the VPN tunnel: all other traffic will be dropped.
4.Dual (split) tunneling is NOT permitted; only one network connection is allowed.
5.VPN gateways will be set up and managed by City of Auburn network operational
groups.
6.All computers connected to City of Auburn internal networks via VPN or any other
technology must use an antivirus programs authorized by the Innovation & Technology
department, and the installed program must have the most up-to-date anti-virus pattern
file or .dat file available for that software; this includes personal computers. See
Definitions for a list of authorized antivirus programs. The most up-to-date anti-virus
software that is the Innovation & Technology department standard
(www.symmantec.com); this includes personal computers.
7.VPN users will be automatically disconnected from City of Auburn's network after thirty
minutes of inactivity. The user must then logon again to reconnect to the network. Pings
or other artificial network processes are not to be used to keep the connection open.
8.The VPN concentrator is limited to an absolute connection time of 24 hours.
9.Users of computers that are not City of Auburn-owned equipment must configure the
equipment to comply with City of Auburn's VPN and Network policies.
10.Only Innovation & Technology-approved VPN clients may be used.
11.By using VPN technology with personal equipment, users must understand that their
machines are a de facto extension of City of Auburn's network, and as such are subject to
the same rules and regulations that apply to City of Auburn-owned equipment, i.e., their
machines must be configured to comply with Innovation & Technology Security Policies,
and all other City of Auburn rules, regulations and policies.
Enforcement:
Any employee/parties found to have violated this policy may be subject to disciplinary action, up
to and including termination of employment/agreement. All users of this agreement shall agree
that they have read and comply with the City of Auburn Acceptable Computer Use Policy and
Procedure.
Confidentiality:
The parties acknowledge that by reason of their relationship to each other hereunder, each will
have access to certain information and materials concerning the others technology and products
that is confidential and of substantial value to that party, which value would be impaired if such
information were disclosed to third parties (“Confidential Information”). Should such
Confidential Information be orally or visually disclosed, the disclosing party shall summarize the
information in writing as confidential within thirty (30) days of disclosure. Each party agrees that
it will not use in any way for its own account, except as provided herein, nor disclose to any third
party, any such Confidential Information revealed to it by the other party. Each party will take
every reasonable precaution to protect the confidentiality of such Confidential Information.
Upon request by the receiving party, the disclosing party shall advise whether or not it considers
any particular information or materials to be Confidential Information. The receiving party
acknowledges that unauthorized use or disclosure thereof could cause the disclosing party
irreparable harm that could not be compensated by monetary damages. Accordingly each party
agrees that the other will be entitled to seek injunctive and preliminary relief to remedy any
actual or threatened unauthorized use or disclosure of such other party’s Confidential
Information. The receiving party’s obligation of confidentiality shall not apply to information
that: (a) is already known to the receiving party or is publicly available at the time of disclosure;
(b) is disclosed to the receiving party by a third party who is not in breach of an obligation of
confidentiality to the party to this agreement which is claiming a proprietary right in such
information; or (c) becomes publicly available after disclosure through no fault of the receiving
party.
Term, Termination and Survival
Either party may terminate this Agreement immediately without cause. However, the
confidentiality provisions in section 4.0 shall survive the termination of this Agreement. Upon
termination or expiration of this agreement, any and all computer media or other documentation
containing programs or information used to connect to the City of Auburn will be returned to the
City of Auburn at:
City of Auburn
25 West Main Street
Auburn, WA 98001
Definitions:
Term Definition
IPSec Concentrator A device in which VPN connections are terminated.
VPN Client A software installation providing connection information to be installed on
vendor machine.
Antivirus Programs Antivirus programs from the following companies are authorized for use
with in City of Auburn VPN connections: Symantec, Trend Micro,
McAfee and Kasperky.
Approved Connections:
This agreement between City of Auburn, City of Auburn Customer and City of Auburn
Employee or Vendor has been approved for the below Server and or Database connections. No
other machine access is permitted with out express permission of the City of Auburn Innovation
and Technology department or systems supported by City of Auburn. Any failure of this
agreement or the guidelines set forth will result in immediate termination of Vendor VPN with
the City of Auburn Network and any other services described there in.
Approved VPN Server Connections:
1.
IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be duly executed.
Each party warrants and represents that its respective signatories whose signatures appear below
have been and are on the date of signature duly authorized to execute this Agreement.
Innovation & Technology, City of Auburn
_______________________________ _______________________________
Authorized Signature Authorized Signature
_______________________________ _______________________________
Name Name
_______________________________ _______________________________
Date Date
THIRD PARTY CONNECTION REQUEST - INFORMATION
REQUIREMENTS DOCUMENT
In accordance with the Network Connection Policy, all requests for Third Party Network Connections must be
accompanied by this completed Information Requirements Document. This document should be completed by the
Vendor, person or group requesting the Network Connection and email to: helpdesk@auburnwa.gov.
A. Contact Information
Requester Information
Name: Kevin OBrien
Company: Praece Consulting
Department Number:
Manager's Name:
Director's Name:
Phone Number: 253-740-8838
Email Address: kevin.obrien@praece.com
B. Problem Statement/Purpose of Connection
What is the desired end result? Company must include a statement about the business needs of the proposed
connection.
To build a web app for updating business licenses.
C. Scope of Needs (In some cases, the scope of needs may be jointly determined by the supporting organization and
the Third Party.)
What services are needed? Remote access
What are the privacy requirements (i.e. do you need encryption)?
What are the bandwidth needs?
How long is the connection needed? Until the end of the project, tentatively August
Future requirements, if any.
E. What type of work will be done over the Network Connection?
What applications will be used? Node, python, web server
What type of data transfers will be done? File transfers for the web app
How many files are involved?
What are the estimated hours of use each week? What are peek hours? 7AM to 6PM Monday - Friday
I. What is the approximate duration of the Network Connection?
3 months
J. Has a Non-Disclosure Agreement been signed with the Third Party or the appropriate employees of the Third
Party?
Yes
K. Are there any existing Network Connections at City of Auburn with this company?
No
L. Other useful information
Revision History:
Rev 1.0
1/04/13