While the rest of the world was locked down due to the coronavirus pandemic, the University of California, San Francisco (UCSF) was still bustling with activity. Thanks to its forward-thinking research and clinical departments, the university not only kept its doors open but also maintained the quality of its education. Now that the world is starting to recover, it’s time for business and consumer VPNs to step up and protect students, faculty, and staff at UCSF as well as everyone else using public Wi-Fi while at the university.
Choosing A VPN For UCSF
With so much traffic on the network, it was inevitable that the university would look for a way to improve its Wi-Fi setup and secure its users’ personal data. Offering virtual private networks (VPNs) to its users was one way of achieving this and it turns out that the university was right to do so. VPNs can be a great solution for enterprises and businesses that want to make sure that no one is eavesdropping on their encrypted communications or hijacking their digital assets while online.
UCSF already had a VPN set up for a research project, which it used for internal communications, and it decided to extend this to the whole university. After all, with so many staff, students, and professors connecting online all the time, it was bound to happen that some would abuse the service and cause unnecessary damage. Better to be safe than sorry, so the university turned to the pros at Private Internet Access (PIA) to help them set up a VPN for their users that would be simple to use, secure, and trustworthy.
PIA has long been one of the most popular and most reliable VPNs around, and it is known for its easy to use apps as well as its solid infrastructure. What the university found when they used Private Internet Access was a reputable VPN that was simple to set up and use, and it did the trick. Thanks to the VPN, UCSF was able to keep the quality of its education and research at the same level while ensuring the safety of its users.
Setting Up The UCSF VPN
The first thing that the university did was to set up a VPN to its Active Directory. This involved creating an account in AD, which the university called ‘VPN Accounts’, assigning a username and password, and then pointing the domain to the PIA servers. When you log in to AD with a VPN already set up, the setup process is straightforward and simple to do. You won’t need additional software to set up your VPN, and you can’t mess up.
The next step was to port forward the required ports on the firewall. This involved entering the private network’s IP address (IP address hidden on purpose) into the firewall’s port forward page. The university had previously set up this IP address as a private IP address for the VPN so that only people physically located there could access the network. The team then set up the UDP and TCP ports required for the VPN to function properly. Finally, to prevent the firewall from blocking incoming connections on the required ports, the team added an exception for the VPN.
This process is very similar for all routers and firewalls regardless of vendor. If you’re unfamiliar, a private IP address is an IP address that is only accessible by physically going to the location where it is located. This prevents others from accessing the network or its resources unless explicitly allowed. It also prevents spoofing or misusing of the service, as the VPN will only respond to requests from the IP address that it is configured to accept connections from. Since the VPN is only configured to accept connections from the private IP address, any other IP addresses will result in a connection timeout or fail to connect entirely. This is why it’s important to add an exception for the VPN in your routing tables or on your firewall’s rule list.
After completing these steps, the team configured the VPN to be ‘bridged’ so that all its internal devices had access to the network. This meant that, even if they were not directly connected to the network, devices would still be able to access the internet when connected to a port-forwarded device or when using a VPN. The team also set up the VPN to be a ‘trusted’ network on all its devices so that they could get the best experience when accessing network resources or services. Next, they configured the VPN to authenticate users via Active Directory, a process known as LDAP or Light Directory Authentication Protocol. Once this was configured, all users had to enter their credentials when logging into the VPN. The university also chose to encrypt all traffic at all times, ensuring that information is always safe and secure while online. They used OpenVPN protocols for this purpose. Finally, to prevent any potential breaches, they setup a personal firewall on all their devices, enabling them to manage incoming connections and restrict or allow access based on IP addresses or domain names. They did this so that even if someone was to gain access to the university’s internal network, they would not be able to view or alter any sensitive information. The VPN ensured that all devices were secured even if someone was physically sitting at the computer. This meant that, even if they had administrative privileges, they would not be able to compromise the network or its devices. All these precautions were taken to provide the best possible security for the university’s network and its users.
After putting all these measures in place, the team rolled out the VPN to all the university’s users and started seeing the results. All these preventive measures may seem like overkill, but the university’s network administrator assured them that it was worth it. As a result of these measures, the university was able to block malicious traffic while also providing students with a safe way to study during this time. Not only was the VPN able to stop malware and ransomware from being installed on the network, it also protected the university’s users from accidental exposure to dangerous content, such as spyware and adware. The network administrator said that even though the university is a well-known research institution, there is still a lot of malicious software out there that they are unaware of.
The university’s network team acknowledged that it is always a balancing act between providing enough security and maintaining an open and accessible network. However, they said that even though this was a challenging task and it required a lot of patience, they are glad that their efforts are now paying off and they can provide their students with a safe and secure environment to learn, research, and collaborate.
If you’re a university or a commercial company that provides services to universities, you should seriously consider offering VPNs to your users. As we’ve seen with the coronavirus pandemic, when networks are down, they can’t do their jobs and students can’t access their classes. Thanks to the VPN, they are once again able to get their assignments done and access their lectures, which means more learning for everyone. In a time where schools are trying to make up for lost time due to the pandemic, students may not mind paying for some extra security since they don’t have much to lose at this point.
Offering a VPN to your users can be very protective of their personal data and prevent them from becoming a target for hackers or identity thieves. It’s also an easy way for institutions to secure their network and keep students and faculty members engaged with learning and research during these uncertain times.