Guidelines for the Connection of Wireless Devices to the University Network

General use and misuse of computer systems is covered within the University's Computer Systems Regulations and Staff Code of Conduct. The aim of this document is to outline the potential security risks that accompany Wireless Devices and to promote the recognised standard practice for connecting such devices to the University network.

Preamble

A Wireless Access Point gives people with a wireless LAN card the ability to work in areas where traditional networks would be expensive or difficult to provide.  It also allows the user to work at various places in a Campus without the overhead of finding, livening and connecting to a network port at each location.

Wireless networking presents some potential security problems that cannot be addressed in the same manner as traditional networking.

Wireless Security

The major security risks posed by wireless connectivity are the interception of data and/or the unauthorised gaining of access to University systems and networks.

Such breaches potentially compromise data and machines on the University network, allow the network to be used as a base of attack on others, and may also allow someone to run up large costs to the University for Internet usage.

Because of their insecure nature wireless networks should be treated with the same caution as the Internet is treated. To help prevent security breaches such as those outlined above, wireless devices will:

• be firewalled from the rest of the network and from the Internet
• have layered levels of security on top of the base level of security that the equipment comes with.

Connection of Wireless Devices

ITS is charged with the provisioning and associated security of the internal and external network infrastructure for the University.  The addition of wireless access to the network is no different to adding additional routing or switching gear to the network.

This security is, however, impossible to ensure unless the connection of Wireless Access points is centrally controlled, and that purchasing decisions are based around reliable products. As with other computers and computer related products, wireless devices must be obtained through Campus Computers.

Any user of the University computer infrastructure, who wishes to connect or relocate any form of wireless host device to the network, must first seek written permission from Dougal Mair, the Manager, Infrastructure Group (ITS).

Permission will only be given for approved devices, and these devices will not necessarily enjoy the same privileges as those connected directly to the internal LAN.  Because of the risk of compromise, such devices will, for security purposes, be treated as potentially hostile and will be partitioned from the rest of the network using such mechanisms as are deemed necessary.