Encryption secures data traveling to Drexel

Yesterday's world of private networks is gone.  Today, we routinely access resources on the Drexel network wirelessly via Dragonfly and off-network* via Internet Service Providers.  Both of these methods increase the risk that private data might be intercepted by other.  Making University resources available to you at home also makes them more accessible to viruses, worms, and other internet-bourne threats like hacking and denial of service (DoS) attacks.  Fortunately, there is a safe way for you to access these resources remotely.

Understanding the Problem

Network communications is much more complicated than most people realize. When you connect to Drexel from home your data travels through several networks before getting to the campus network as shown below.

Of course, neither you nor Drexel can vouch for the safety or privacy of the data while it's traveling through networks run by others. The gray background shows those areas where someone might be able to intercept your communications.

With wireless networks like DragonFly the problem can be more pronounced. The wireless transceiver in your computer transmits data for over 1,000 feet in all directions. Although no other users should be trying to receive that data, there's no way for you to prevent it -- that's why wireless networks provide built-in data encryption. Drexel believes that these built-in systems are insufficient to ensure your privacy.

The VPN Solution

VPNs have one function: to securely communicate data between two places. A VPN does this by inserting itself between your computer and the ones that you want to communicate with. All of the data leaving your machine gets encrypted and redirecting it to a VPN server. The VPN server decrypts the data and sends it to the computer that you originally addressed. Responses from that computer go back to the VPN server for encryption and transmission back to you.

In this way, all communications between you and the VPN server are secure. It doesn't matter if someone in the gray area of the diagram above intercepts your data because it will appear to be junk because they won't be able to decrypt it. The term for this encrypted channel between you and the VPN server is called a tunnel.

Drexel uses two Cisco VPN servers to perform this security function. As of July 19, 2002, all off-network users need to use the VPN to access on-campus Exchange email servers, file servers, and other Windows-based systems.

Getting the Software and Using the VPN

To use the VPN you'll need to install some special software. Cisco provides client software for a variety of computer platforms, including MS Windows, Mac OS X (10.2.x & up), as well as Unix platforms.  Because IRT only offers end-user support for the Windows and Macintosh platforms, clients for alternate platforms, while available for download via our Software FTP page, are considered "unsupported".  It is expected that users opting to run alternate operating systems are familiar enough with their respective systems/platforms to be self-supporting.

If you're using a computer running Windows or Mac OS X, please click here to get started.  If you're using a Unix-based operating system, like Linux or Solaris, click here for information on downloading the VPN client from the Software FTP page.