Anu Internet Services Limited VPN access Acceptable Use Policy
Document version: 1.1
Last updated: 2022-12-30
1. Scope
This policy applies to all users who are issued with access credentials, private keys, certificates or other authentication methods granting access to the Anu Internet Services local area networks via remote Virtual Private Network (VPN) software. VPN services may use OpenVPN, IPsec or other protocols and standards as updated from time to time. This policy applies regardless of the technology or endpoint in use for a given VPN connection.
2. Confidentiality
VPN access tokens, credentials, keys or certificates are issued to individual users. Users may never distribute or disclose their VPN access information or share access to their VPN connection with any third party.
3. Acceptable Use
Access to our VPN services is intended to facilitate secure connections to servers and services provided by Anu Internet Services only.
When connecting to our VPN service, the user will be issued with a non-routable IP address, and a list of network routes will be pushed to the client. This mechanism facilitates access to our local area networks which are segregated and secured from the public Internet. The end user may not add additional IP addresses or networks to the route list. Use of our VPN services as a default gateway whereby all Internet traffic is routed through the VPN connection is prohibited.
Attempting to use our VPN service to circumvent IP blocks or geo-IP restrictions is strictly prohibited.
Use of our VPN service for launching any kind of DoS or malware attack is prohibited.
Running network discovery tools, attempting to broadcast traffic, run port scans, or use of promiscuous mode to intercept packets is prohibited.
Accessing any content on the Internet which is illegal in any jurisdiction in which the user resides or Anu Internet Services Limited operates infrastructure is strictly prohibited.
4. Local workstation security
Any workstation, Laptop or mobile device configured with access to our VPN services must be reasonably and adequately secured from unauthorised access, including the following minimum security practices:
- A password or other authentication mechanism must be required to log in at boot time and when unlocking the device.
- The display must auto-lock after not more than 3 minutes of inactivity, after which the user must re-authenticate to unlock the device. On desktop or laptop computers this should include the Screen Saver function.
- The device must never be left unattended in any public area or shared workspace.
- If multiple users have access to the device, the VPN connection should not be configured to auto-connect and must require a password to connect, which should not be the same as the password used to protect the device.
5. Consequences for violation
If it comes to the attention of Anu Internet Services Limited that a user has violated this Acceptable Use Policy, we reserve the right to immediately revoke VPN access at our sole discretion.
6. Termination of access
VPN access will be granted to employees of Anu Internet Services Limited, customers, suppliers and contractors with a proven working relationship to a customer or supplier on an as-required basis. If it comes to our attention that access is no longer needed, eg. due to the termination or expiry of a contract, we reserve the right to revoke access with immediate effect and at our sole discretion.
Any violation of this VPN access Acceptable Use Policy will result in immediate revocation of VPN access.
