How Does the VPN Work?

The easiest way an individual can gain access to a Rice computer is by stealing a password that is transmitted through the Internet in readable form, or cleartext, from a remote user to a Rice computer. Attackers steal passwords using sophisticated programs, called sniffers, that analyze all of the data passing by a compromised computer and produce lists of computer names, userids, and cleartext passwords. Passwords can also be stolen by programs called Trojan horses that mimic a computer's normal login sequence. (Note that password theft is a violation of Texas law.) Armed with the valid userid and password, the attacker can simply log in and then attempt to gain control of the computer. An attacker who installs a sniffer at a busy network exchange point or a Trojan horse in a popular web service may be able to gain access to thousands of computers.

Rice's VPN is built around Cisco Systems 3000 Concentrator. A small client program (VPN 3000 Client) runs in the remote user's Windows, MacOS, Solaris, or Linux computer. The 3000 and client implement the Internet IPSEC protocol (Internet Protocol SECurity) to establish an encrypted pathway or tunnel to Rice.

The gateway authenticates the remote user's identity through the use of passwords. The remote user's identity determines that user's membership in a VPN group that, in turn, determines what Internet sites will be accessed through the tunnel. Because the Rice end of the tunnel is assigned a Rice Internet address, sites accessed by the remote user through the tunnel will appear to be accessed from Rice instead of from the remote user's Internet access.

Please Note!

In order to facilitate access to Rice-restricted resources, the default VPN group to which most users are added directs the VPN 3000 Client to send ALL traffic to Rice. This is necessary because the electronic resources of the library are all over the Internet. We strongly encourage you to disconnect from the VPN when you are not working with Rice resources. By doing so, you will help reduce unnecessary load on Rice's Internet connection and improve the performance of your Internet accesses that don't need to involve Rice.

While you are connected to the VPN, all of your Internet activity is subject to Rice's Appropriate Use of Computing Resources Policy even though you are connecting through a non-Rice provider. If your activity is not in compliance with Rice's policy, disconnect from the VPN.