AnyConnect VPN Access to DirigoHost10/06/2015
[NOTICE: Access to our network via Cisco AnnyConnect will cease on 10/28/2015.]
All DirigoHost servers sit behind redundant hardware firewalls and an intrusion detection system. This provides an extra layer of security for our hosting customers. We lock down all non-essential ports. Generally, only port 80 and 443 are opened to the outside world. These two ports allow web browsing. Traffic on all other ports including RDP, SQL, file transfer (SSH), email, etc. is rejected.
This means that the only way to transfer files to and from a DirigoHost server is through a Virtual Private Network or VPN. A VPN, as its name suggests, is just a virtual version of a secure physical network or a collection of computers linked together to share resources. VPN's connect to the outside world over the Internet, and they can serve to secure general Internet traffic in addition to corporate assets. The lion's share of modern VPN's are encrypted, so computers, devices, and other networks that connect to them do so via encrypted tunnels. This is the case with our VPN. By locking down services and only providing access through and encrypted tunnel we thwart many security issues.
DirigoHost can be accessed from a browser at https://gwi.dirigodev.com or 18.104.22.168. Dirigo will assign you a VPN username and password. Sometimes (but not always) it is possible to use our VPN website address to install VPN software. This works most of the time. Others are required to install software that we provide. Cisco AnyConnect is a licensed piece of software. It should not be openly distributed. It is legal for use with our Cisco Firewall.
If you are provided software, install one of the three options: Cisco AnyConnect software for either 32/64-bit Windows (AnyConnect-win.zip), Mac PowerPC (AnyConnect-macosx-powerpc.zip) or Mac i386 (AnyConnect-maxosx-i385.zip). After installing the software use https://gwi.dirigodev.com and your username/password to create a VPN tunnel. Once the VPN is connected you'll be able to connect to a service such as SSH and perform file transfers. When you are finished, always remember to disconnect from the VPN. Remember - ALWAY CONNECT TO THE VPN prior to file transfer. Otherwise you'll receive an error.
Dirigo's VPN Security Policy
This policy applies to the use of Dirigo’s Virtual Private Network (VPN) service, which is one mechanism Dirigo provides for authorized users to access corporate computing and network resources from remote locations.
All VPN users must actively use anti-virus software on each computer from which the VPN server is accessed. The anti-virus software must be updated regularly with new anti-virus definitions. Users are required to keep their computer updated with the latest operating system and software patches available from their respective vendors. Microsoft Windows-based PC’s should have the automatic updater configured. Mac OS users should have the software updater configured through the OS system preferences, and Linux users should have the RTM manager configured.
Users connecting to the VPN server using a wireless connection, must install and enable a software or hardware firewall. The software firewall built into Windows is acceptable, as is Zone Alarm.
While a computer is connected to the VPN server, it is logically connected to both the internal DirigoHost network and the Internet. For security reasons, each VPN user should disconnect from the VPN server when access to DirigoHost is no longer required. VPN users should be aware that if their VPN connection remains open and is not configured correctly, their Internet connection will be routed and logged through the VPN server and the Dirigo network. This will result in a slower Internet connection for the VPN user and brings about privacy issues/concerns. Don't use DirigoHost as the default gateway.
Consult with David Addison or Peter McCabe or the designated Dirigo Information Security Officer (ISO) if you have questions about any of the above policy.
Consult with the Dirigo Information Security Officer (ISO) if you have questions about any of the above policies.