Information Technology: Wireless Communication

Type: 
Policy
Category: 
Technology
Governance Council: 
Technology Council
Contact Email: 
Responsible Executive Authority: 
Chief Information Officer
Purpose: 

This policy prohibits access to Lane Community College networks via unsecured wireless communication mechanisms, and applies to all wireless data communication devices (e.g., personal computers, cellular phones, PDAs, etc.) connected to any of Lane Community College's internal networks. This includes any form of wireless communication device capable of transmitting packet data. Wireless devices and/or networks without any connectivity to Lane Community College's networks do not fall under the purview of this policy.
This policy describes the specifics of registering wireless communication mechanism, and provides consequences for employees who violate the policy

Narrative: 

Purpose

This policy prohibits access to Lane Community College networks via unsecured wireless communication mechanisms. Only wireless systems that meet the criteria of this policy or have been granted permission by Network Services are approved for connectivity to Lane Community College's networks.

Scope

This policy covers all wireless data communication devices (e.g., personal computers, cellular phones, PDAs, etc.) connected to any of Lane Community College's internal networks. This includes any form of wireless communication device capable of transmitting packet data. Wireless devices and/or networks without any connectivity to Lane Community College's networks do not fall under the purview of this policy.

Policy

  1. Register Access Points and Cards
    All wireless Access Points / Base Stations connected to the college network must be registered and approved by Network Services. These Access Points / Base Stations are subject to periodic penetration tests and audits.   All wireless Network Interface Cards (i.e., PC cards) used in college laptop or desktop computers must be registered with Network Services.
  2. Approved Technology
    All wireless LAN access must use college-approved vendor products and security configurations.
  3. VPN Encryption and Authentication
    All computers with wireless LAN devices must utilize a college-approved Virtual Private Network (VPN) configured to drop all unauthenticated and unencrypted traffic.  To comply with this policy, wireless implementations must maintain point-to-point hardware encryption of at least 56 bits.  All implementations must support a hardware address that can be registered and tracked, i.e., a MAC address. All implementations must support and employ strong user authentication which checks against an external database such as TACACS+, RADIUS or something similar.
  4. Setting the SSID
    The SSID shall be configured so that it does not contain any identifying information about the organization, such as the college name, division title, employee name, or product identifier.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Definitions

User Authentication    A method by which the user of a wireless system can be verified as a legitimate user independent of the computer or operating system being used.

Date Adopted: 
Saturday, May 1, 2004
Date Last Reviewed: 
Saturday, May 1, 2004