Wireless Network Security

Wireless Networking Security Rule

Purpose:

Dixie State University Network Services provides standard 802.11 wireless (Wi-Fi) connectivity throughout the DSU campus. This service is intended to meet the wireless network connection needs of students, faculty, staff, and other campus affiliates and guests.

Uncontrolled wireless access points (Rogue APs) connected to the DSU network present significant risks to the security and stability of the DSC network because these devices allow anyone to bypass security controls and can potentially cause outages and other undesirable network events that affect large portions of the College network.

Parent Policy:

Dixie State University Information Technology Security Policy 6-50

Rule:

DSU students, faculty, staff, and other affiliates and guests may not attach wireless access point devices to the DSU network or configure devices connected to the DSU network to act as wireless access points unless all of the following conditions are met:

a.      The wireless access point is the subject of academic instruction or the user requires wireless connectivity that cannot be met in any way by the standard campus wireless system.

b.       The Data Steward(s) with responsibility for the user AND the building or network segment has approved the use of a non-standard access point.

c.       The access point’s physical location (building and room number), wire- and wireless-side MAC addresses, and the ESSID to be broadcast by the access point has been registered with the DSU Network Services group.

d.      The access point has been appropriately secured with WPA or better authentication and encryption mechanisms or another method approved by DSU Network Services.

Non-standard wireless access points that do not meet all of the above conditions will be considered an unauthorized rogue AP.

Upon discovery of an unauthorized rogue AP connected to the DSU network, DSC IT staff will disable the closest possible upstream network port, physically disconnect the device, or instruct the user to remove the device.

Information Technology Governance Committee Approval:  11/18/2009

College Council Approval:  12/14/2009