SSL VPN User Guide

yazooalbumSecurity

Nov 3, 2013 (4 years and 10 days ago)

110 views

SCHOOL DISTRICT OF PALM BEACH COUNTY

Division of Information Technology







SSL
VPN User Guide

A Guide to Using the SSL VPN for Remote
Access to District Technology Services











Table of Contents

Introduction to the SSL VPN Service

................................
................................
................................
.............

3

Requirements for Using the SSL VPN
Service

................................
................................
...............................

4

Management Approvals

................................
................................
................................
............................

4

Username and Password Requirement

................................
................................
................................
....

4

RSA SecurID Key Fob Requirement

................................
................................
................................
...........

4

Computer Requirement

................................
................................
................................
............................

4

Internet Access Requirement

................................
................................
................................
...................

4

In
formation for New Users

................................
................................
................................
...........................

5

RSA SecurID Key Fob

................................
................................
................................
................................
.

5

New PIN Mode

................................
................................
................................
................................
..........

5

Signing In

................................
................................
................................
................................
...................

5

Create New PIN

................................
................................
................................
................................
.........

6

Installation o
f VPN Programs

................................
................................
................................
....................

6

Host Checker

................................
................................
................................
................................
.............

6

Common Error Messages

................................
................................
................................
..........................

6

VPN Home Page

................................
................................
................................
................................
............

7

User Toolbar

................................
................................
................................
................................
..............

7

Welcome Message

................................
................................
................................
................................
....

7

Web Bookmarks

................................
................................
................................
................................
........

7

Terminal Session Bookmarks

................................
................................
................................
....................

7

File Bookmarks

................................
................................
................................
................................
..........

7

Client Applica
tion Sessions

................................
................................
................................
.......................

7

Preparing Your Desktop for Remote Desktop Access

................................
................................
...................

8

Turn On Computer

................................
................................
................................
................................
....

8

Allow Remote

Desktop Connections

................................
................................
................................
........

8

Windows XP

................................
................................
................................
................................
..........

8

Windows Vista

................................
................................
................................
................................
......

8




Introduction to the SSL VPN Service


Requirements for Using the
SSL
VPN

Service

Management Approvals

Not
all District users are eligible for the VPN service. Due to resource constraints, currently only home
-
bound users, information system technical support personnel, principals and District administrators, and
other users specifically approved by the Superint
endent or designee. Qualified user
s

that wish to
request access to VPN
services

should fill out a VPN Service Request Form at http://
????????

and
forward it to their principal or department head for approval. Principals and department head
s shall
forwar
d

request
s

to IT Security which will
need to give final approval for the requests

based on user
qualifications and availability of VPN resources.

Username and Password

Requirement

All VPN users will need a District username and password. All employees a
re assigned a username and
password when they begin employment at the District. Third party VPN users will need to be assigned a
District username and password before they can use any VPN services.

RSA SecurID Key Fob

Requirement

In addition to your
Dist
rict
username and password,

y
ou

will be required to
use a RSA SecurID key fob
1

to verify your

identity.

Users
will receive the key
fob after

they have been approved for VPN services.

Computer Requirement

Computer
s

accessing VPN services must be running Wi
ndows XP, 2000, or Vista with the Internet
Explorer web browser or Mac OS X 10.x and abov
e with the Safari web browser.

Note: The Firefox web browser is not supported for accessing VPN services.

Y
our computer is required to be using up
-
to
-
date anti
-
virus s
oftware.

Internet Access

Requirement

User
s

must have access to the Internet to be able to access VPN services. The user is responsible for
providing
the access to the Internet.






1

A key fob is a
n item carried on a key
ring either as decoration or security.

Information for
New

Users

RSA SecurID Key Fob

VPN users are required to use a RSA SecurID key fob to provide two
-
factor authentication for enhanced
remote access security.


ATM users are familiar with two
-
factor authentication. Two
-
factor
authentication requires you to have ‘something you know’, li
ke your ATM PIN
(personal identification number), and ‘something you have’, your ATM card.
You must use them together to access your bank account. VPN users will be
assigned a RSA SecurID key fob (something you have) and create a RSA Security
PIN (someth
ing you know) that’s required when the user logons on to the VPN.


The fob displays a six digit code, called the
tokencode
, which
changes every minute. The bars on the left hand side of the display
are a countdown to indicate when the tokencode is about t
o change.


The PIN and tokencode entered together is called your
passcode
. Your passcode will be required to sign
in to the VPN. For example, if your PIN is ‘123456’, using the fob shown above, your passcode will be
‘123456159759’.

New VPN users will be

assigned a RSA SecurID key fob
in ‘new PIN mode’
.


New PIN Mode

All new VPN users and VPN users that have had their RSA Security PIN reset are in ‘New PIN Mode’
which means their current RSA Security PIN is
blank

and they will be required to create a RSA
Security
PIN immediately after signing in with the blank PIN.

Sign
ing

In

The VPN Sign In page
(https://telework.palmbeach.k12.fl.us) requires that the
user enter their District username and password along
with the RSA passcode (PIN + tokencode).


Since fi
rst
-
time users have
a blank

RSA Security

PIN
, they
need to enter only the tokencode
.



Create New PIN

After successfully signing in to the VPN for
the first time, the user will be required to
create a PIN. Once the PIN is created, the
user will be
required to sign in again, this
time using the PIN and the tokencode.

The user should use the PIN + tokencode
for all subsequent sign in attempts.

Note: The RSA Security PIN
does not

change when the user’s password changes.

Installation of VPN Programs

H
ost Checker

Immediately following a successful sign in, a host checking agent be executed on your computer to
verify that your computer meets the minimum security requirements to use the VPN. For example, your
computer may be checked for an installation o
f an up
-
to
-
date anti
-
virus program and you may be
prevented from accessing any VPN services if one is not found.

Common Error Messages

The user’s password was invalid.

If you get this message after

trying several times, the user may have to
contact IT
Security

The RSA SecurID Passcode was invalid. The passcode is the RSA Security PIN + RSA SecurID tokencode.
If you get this message after trying
several times
, the user may have to contact IT Security to put the PIN
in ‘new PIN mode’ and the user will be required to create a new PIN.



VPN Home

Page

Once users have successfully signing in to the VPN and passing all of the Host Checker requirements, the
VPN Ho
me Page, shown below, will be displayed.



User Toolbar

The toolbar will display on all VPN pages.


Welcome Message


Web Bookmarks

These bookmarks pr
ovide remote access to

internal web services using an SSL
-
encrypted tunnel.



Terminal Session
Bookmarks

These bookmarks will open a remote desktop session with a remote computer.


File Bookmarks

These bookmarks provide remote access to internal file systems

using an SSL
-
encrypted tunnel.


Client Application Sessions

If authorized, a button to s
tart the Network Connect (NC) client will be displayed. The NC client
will give your computer network access to internal network resources. Your computer will have
the same access as if it were connected to an internal network. Note: The NC Client is on
ly available to
information system technical support personnel.

If authorized, a button to start the Windows Secure Application Manager (WSAM) will

be
displayed. Once

WSAM is started, you will be able to use applications

on your computer

to
access interna
l
information systems. For example, Microsoft Outlook clients will be able to remotely
access the mailboxes located on the District’s internal Microsoft Exchange e
-
mail system using WSAM.



Preparing Your Desktop for Remote Desktop Access

Turn On Computer

The computer that you want to access remotely must be turned on to be able to accept connections.

Users may have to submit an IT work order to prevent the computer from turning off automatically.

Allow Remote Desktop Connections

Users must set their
computers to allow remote connections by following the steps below:

Windows XP

First, g
o to Start, then right
-
click My
Computer and select ‘Properties’
,

t
hen c
lick the Remote tab and
check

the box to allow Remote Desktop.




Windows Vista

First, go
to Start, then right
-
click My
Computer and select ‘Properties’,

then click the Remote tab and check

the box to allow Remote Desktop.