A knowledge base article about Restricted VPN FAQs provided by the UC Berkeley IT Service Hub - Knowledge Portal
Individuals who access and control a large quantity of restricted data or key IT infrastructure as part of their normal business activity may be eligible for this service. Individuals who use the data are not necessarily eligible. This service is for those with a high level of access to bulk quantities of this data. Additionally, researchers working in heavily targeted areas may be eligible for this service.
To confirm eligibility, please contact rvpn@berkeley.edu with a description of the types and quantities of data you are accessing, and where it is stored.
Because of the increased monitoring, most users will only want to use the Restricted VPN for access to the systems that host the restricted data. Beyond that, it is probably preferable to use the normal VPN.
The degree of monitoring on campus varies depending on the location of the system. For most users the only traffic that is inspected for signs of compromise is traffic that goes off of the campus network or is directed at systems protected by our firewalls. For people on networks protected by a firewall there is additional monitoring at the firewall location.
When it comes to the Restricted VPN the monitoring occurs for almost every packet that leaves the systems connected to the VPN.
The normal VPN has only minimal traffic monitoring beyond information about logins. In comparison, the Restricted VPN monitors all traffic as it exits the VPN and employs the vulnerability, anti-spyware, AV, file monitoring, and threat detection and blocking features of the Palo Alto firewalls.
The regular VPN service is intended to allow members of the campus community to access campus resources without having to be physically present on the campus. The Restricted VPN is meant to not only allow people remote access to the network, but to also enforce stricter security controls including blocking some traffic, logging all network traffic, detecting signs of unusual activity to or from the clients and using security profiles to block any malicious or vulnerability related traffic that has a rating of medium severity or higher.
As part of its monitoring service, information about the security of the host system (information like the OS, malware protections, disk encryption, and missing patches) is also monitored and recorded. As the service evolves this information will also be used to further restrict access to the network.
Traffic from this service is blocked if it is going to or coming from a list of IP addresses, hostnames and URLs the security department believes are involved in malicious activity. These lists are derived from both our own monitoring and from reputable third party sources. Additionally, traffic that is detected as malicious, where the severity of the activity is set as a medium (or higher) level by Palo Alto networks (our VPN and firewall vendor), is also blocked.