Hello Everyone,


The new VPN is up and running, so it’s time to continue reducing our attack surface.  The new go live date is set for Monday, August 8.  Please review the information below.  If you previously completed an exemption request and were approved, those IP numbers are still in the system for an exemption and don’t have to be redone.


If for any reason you’re having trouble connecting to a host remotely using the VPN on SSH, VNC and SFTP don’t hesitate to reach out.  The Security Team will work with you to make sure your service isn’t disrupted.




From: Michael Rutt
Sent: Monday, February 8, 2016 1:50 PM
Subject: VPN will be required for SSH, VNC, SFTP




In the effort of protecting UNL student, staff, and data Information Technology Services will be implementing new security controls that will affect users utilizing remote access applications to university resources.  If you are a user of a Remote Desktop Protocol (RDP) to remote to a university desktop machine from off campus, you currently have to login to the Virtual Private Network (VPN) first.  We are extending this to also apply to using any remote access protocol such as SSH, VNC, SFTP (just to name a few).  With a target date of March 2016 (Now August 8th), anyone wanting to access a university computer or system via SSH, VNC or like protocols will first have to authenticate to the university VPN service first (hxxp://its.unl.edu/vpn).


Information Technology Services understands this change might provide a challenge for individuals who do not currently have credentials for logging into the UNL VPN service, and secure workarounds will need to be implemented.  There are a number of ways that can be utilized to help secure remote access, so an exception request process has been defined.  Once the request is received, ITS staff will work with requestor to determine a secure workaround.  To request an exception to be considered, go to (hxxps://its.unl.edu/security/security-remote-access-exception-form) and follow the instructions on the form.  If you have questions, please contact a member of the ITS Information Security team by sending an email to [log in to unmask].


I have purposely replaced the https links in the above message to hxxps, so you can verify the URL before filling out the exemption form.  You can also give me a call at the UNL phone number listed in my signature if you have any questions or concerns.






Michael Rutt, CISSP | University of Nebraska – Lincoln | IT Security Coordinator | 402-472-0933 | [log in to unmask]