Wireless access points
| * | * |
| proposal 10-18-04 |
We are interested in creating a policy about Wireless access points in the res halls. How about this: Students who want to install these must:
AT will provide configuration clues (guidance, checklists) for several specific models of access points AT will keep a log of hardware addresses for these points and their related computers |
| St Olaf | Wireless Access Point Policy St. Olaf College provides computing and networking resources in order to meet the academic needs of students, faculty, and staff. The campus network has been augmented with a wireless network available in certain areas of campus. To maintain a secure and highly functional wireless network, the college has placed certain restrictions or bans on equipment, activities, and/or software found to degrade the functionality or security of the systems or network. While on campus members of the St. Olaf community and visitors to campus are restricted from installing and using personal wireless access points and/or configuring wireless network interface cards (NIC's) to serve as an access point. IIT will disconnect from the campus network, without warning, any wireless access point or computer configured to serve as an access point without notification. Any individual found a second time installing and/or using a personal wireless access points and/or configuring a wireless network interface cards (NIC's) to serve as an access point will lose computing and network privileges for one week. A third infraction will result in the loss of privileges for one month. A fourth infraction will result in the loss of privileges for the remainder of the academic year. IIT reserves the right to restrict the use of other devices that are shown to cause interference with the campus network. |
| SUNY Suffolk Community College |
Wireless LAN Connections Working draft 12/03 The college has permitted individual wireless access points for specific projects and is in the process of installing a college-wide network for general use (SWANet). While the later will grow to encompass many different services, it will initially be limited to standard Http and ftp connections within the EDU environment. For all wireless networks: . Users and devices must be identified in advance through a registration process, . Utilization is to be monitored for viruses, worms and unauthorized use, . A means must exist to deny access to a device or user that has been found to be in violation of the college utilization policy, is propagating or is a risk for propagating viruses or worms, or is a security risk. I. Existing wireless access points: Currently, no wireless devices are authorized for the ADM network. Connectivity on the EDU Network is available on a limited basis both for laptops and to support the Symbol PDA grant project. Where applicable, and as SWANet permits, existing access points should be migrated to the general wireless access network. Future builds should also be implemented via SWANet, unless the requirements of these are not consistent with those of the general wireless network. The following are the minimal guidelines that govern the implementation of non-SWANet access points on the college's EDU networks. Added security may be required and implemented based upon the nature of the connection. 1. All wireless access points must be registered with the campus ETU and Central Networking and Telecommunications. a. Registration of access points requires an identification of the name, position, office, telephone and username of the person responsible for the device, along with the manufacturer, model and serial number of the device itself. In addition: i. The responsible party also needs to register the user and MAC address of the wireless devices connecting to the access point. ii. Or, for Anonymous Groups, register the MAC address of the wireless devices connecting to the access port and keep a list of users of the devices on an ad-hoc basis. 2. All access points that provide connectivity within an environment that is connected to the college's network must meet the College Wireless Equipment Specifications. The college supports three standards of wireless networks: 802.11a, 802.11b, and Symbol Technologies 2Mb proprietary protocol. a. Additional security and management features (for example, encryption) may be required based upon the protocol in use by the access point. 3. Departmental-based access points must be behind a department router (LinkSys or other) for DHCP/NAT and use MAC access lists for device verification. a. Access point security must be in place to limit access only to devices registered for that location. b. Routing for devices will be restricted to specific servers for access points that do not support user name/password authentication. c. The server is required to log access point connections including date/timestamp, user, traffic transmitted/received and protocols used. d. Servers that do not meet the requirements in 2.c will not be permitted to forward traffic from the wireless network to the College EDU network. II. SWANet Access Points: Architectural, security and project requirements for the college's general access wireless network are outlined in the document "Network Architecture and Project Requirements for SCCC Wireless Access Network (SWANet)" III. Requirements of Devices Connecting to Wireless Networks: 1. No individual device may connect to an access point without prior authorization. a. Individuals wishing to connect equipment via a wireless access point must sign an acceptable use policy statement and register their device (LAPTOP or PDA) with the ETU on the campus where access is requested. Access is granted on a semester basis. Individuals must re-register their device for each semester they wish access. Note: Fall registration covers both fall and winter semesters. b. The installation of additional software may be required on the device to be connected to an access point. i. Any licensing or installation costs must be provided by the device owner or department (for college-owned devices). ii. The physical installation of any additional software is the responsibility of the device owner. Installation information will be provided, however, college technical staff cannot install software on non-college equipment. iii. The college is not responsible for any problems relating to the installation of software needed to connect to the wireless network. Individuals load this software at their own risk. c. Devices connecting to access points must meet the security and management standards of the specific access point where access is requested. Included on all access points are the following: i. The device's operating system must have all current security patches installed. ii. The device must be running virus protection software from an acceptable vendor and that software must be running the latest engine and DAT file. As products and DAT files change frequently, acceptable versions will be determined by the college's technical staff at the time of registration and may be evaluated periodically during the semester. 2. Individuals make connections to the wireless network at their own risk. a. This network is setup as an secondary service and no claims are made to its availability, quality of service, or security. b. Regarding the security, while efforts will be made to monitor problems and keep the network free from viruses, worms and unauthorized use, the college does not guarantee any level of security. Individuals use this network at their own risk. |
| Centre College, Kentucky |
Information Technology Services Wireless Networking Policy Information Technology Services (ITS) currently provides wireless internet connectivity to select locations on the Centre campus. During academic year 2004-2005, it is available in the library, the Warehouse (Combs Student Center), Cowan Dining Commons and a few residential buildings - 129 5 th St., 125 St. Mildred's Ct. , Rhodes House, Greek houses, Bingham, Wiseman, McReynolds. With the completion of the College Centre project, wireless service will be expanded throughout Crounse and Sutcliffe. The wireless network is vulnerable to a number of security threats, including but not limited to: . Viruses . Slower service due to outside users occupying bandwidth . Unauthorized access to the College intranet by outside users In order to maintain a minimum level of security of the and to minimize these risks, the following guidelines have been developed cooperatively by ITS and Student Congress. . Students residing in building where ITS provides an access point MAY NOT operate a personally-owned access point. This restriction will eliminate interference of competing signals and maintain a better working environment for students. . Students residing in buildings where no College wireless service is available may use their own access points. Such access points, however, must employ College-designed security configurations. ITS will provide specific guidelines for implementation of these guidelines and provide assistance, upon the request of the student, to implement said guidelines. To ensure safety to the students and the college, ITS will monitor all wireless access points and make security changes when necessary. If you have questions about any aspect of this policy, please contact ITS (x5575) / helpdesk@centre.edu. (I don't know what tools they use to monitor student WAP's) |
| Smith College | SMITH COLLEGE TECHNOLOGY POLICIES Wireless Network Policy PERSONAL WIRELESS ACCESS POINTS While Smith College does not wish to prohibit individuals from setting up personal wireless access points on the college network, there are certain restrictions which must be followed to prevent problems, and to conform to the college's policy on the Acceptable Use of Computer Resources: Access points should be run in "pass through" mode only; in particular they cannot act as NAT or DHCP servers. Access points configured to provide this service, such as the default configuration of Apple's AirPort access point, are prohibited. The individual who resides in the room, office, lab, or other space where the access point is installed is responsible for proper configuration of the access point, and will be held accountable for any problems or activity related to connections through that access point. Where a personal access point conflicts with the campus deployed wireless network, it must be removed. 2.4 GHZ AIRSPACE The 2.4 GHz airspace is used by a variety of technologies, including cordless phones, microwave ovens, and BlueTooth devices, along with both 802.11b and 802.11g wireless data. Where and when conflicts arise between such devices and Smith's wireless LAN, precedence will be granted to the wireless data network. Requests for an exemption to this policy should be directed to the Executive Director of Information Technology Services. Approved by ITCC: February 18, 2003 -------------------------------------------------------------------------- WIRELESS NETWORK POLICY While Smith College does not wish to prohibit individuals from setting up personal wireless access points on the college network, there are certain restrictions that must be followed to prevent problems, and to conform to the college's Policy on the Acceptable Use of Computer Resources. Access Points Access points should be run in "pass through" mode only; in particular they cannot act as NAT or DHCP servers. Access points configured to provide this service, such as the default configuration of Apple's AirPort access point, are prohibited. The individual who resides in the room, office, lab, or other space where the access point is installed is responsible for proper configuration of the access point, and will be held accountable for any problems or activity related to connections through that access point. Where a personal access point conflicts with the campus deployed wireless network, it must be removed. 2.4 GHz Airspace The 2.4 GHz airspace is used by a variety of technologies, including cordless phones, microwave ovens, and BlueTooth devices, along with both 802.11b and 802.11g wireless data. Smith's wireless network currently supports only 802.11b data. Where and when conflicts arise between such devices and Smith's wireless LAN, precedence will be granted to the wireless data network. Requests for an exemption to this policy should be directed to the Executive Director of Information Technology Services. Approved by ITCC: February 18, 2003 |
last update 10/18/04