Wireless network policies

The department of Computer Information and Networking Services (CINS) has implemented a wireless LAN infrastructure (WLAN) at Columbus State University (CSU). The WLAN is intended to compliment the wired LAN infrastructure (LAN) by providing the convenience of mobile computing while maintaining a high level of security.

1.0 Network Configuration and Management

1.1 Authority
CINS holds sole authority over the CSU LAN and WLAN. As such, the configuration and management of the CSU LAN and/or WLAN may be performed only by authorized CINS personnel. Unauthorized configuration or attempted configuration of the CSU LAN and/or WLAN will be a violation of this policy.

1.1 Traffic Segregation
The CSU LAN will be configured such that WLAN traffic will be separated from non-WLAN traffic. This separation will be implemented with the use of Virtual LANs (VLAN), routes and IP subnetting.

1.2 RF Configuration and Management
The CSU WLAN is configured to automatically adjust RF settings and levels based on the RF environment as detected by CSU WLAN Access Points. If required, manual RF configuration of the CSU WLAN may be performed only by authorized CINS personnel.

1.3 Physical Connectivity
CSU WLAN network connectivity may only be performed by authorized CINS personnel or CINS contractors. This includes, but is not limited to:

• Mounting of Access Points
• Running cables to connect Access Points to data switches
• Installation of Power-over-Ethernet (PoE) hardware
• Installation of media transceivers

2.0 Wireless Client

2.1 Minimum Standards
Minimum standards for wireless device hardware and software will be established by CINS. All wireless devices connecting to the CSU WLAN must meet these minimum standards.

2.2 Operating System
Wireless client devices connecting to the CSU WLAN must meet the following minimum operating system requirements:

• Microsoft Windows XP Professional w/ SP2
• Microsoft Windows XP Tablet PC Edition 2005
• Apple Mac OSX 10.3 and above

2.2 Software Client
Wireless client devices connecting to the CSU WLAN must have installed a properly configured 802.1x wireless supplicant client. Wireless devices may use only authorized 802.1x wireless supplicant software to connect to the CSU WLAN.

Authorized 802.1x Wireless Supplicant Software:

• Funk Odyssey Client v4.0 and above

2.3 Anti-virus
Wireless devices connecting to the CSU WLAN must have installed a properly functioning anti-virus software package. The anti-virus software package must be maintained with the latest anti-virus definitions and scanning engine.

2.4 Ad-Hoc Communication
Wireless clients must not be configured to allow Ad-Hoc communications with other wireless clients. If a wireless client is identified as Ad-Hoc, that client’s access to the CSU WLAN will be denied.

2.5 Hardware Requirements
Wireless client devices must meet the following minimum hardware requirements:

• A computer capable of running one of the supported operating systems.
• A wireless network card capable of supporting the 802.11g wireless protocol and the WPA-TKIP encryption standard.

2.6 Installation
All installations of wireless client software will be performed by authorized CINS technicians, following CINS procedures for standard wireless client software configuration.

2.7 Client Network Configuration
Wireless clients must be configured to dynamically obtain an IP address from the network. Clients configured with statically assigned IP addresses will be denied access to the CSU WLAN.

3.0 Authentication

3.1 Novell Credentials
Users who wish to gain access to the CSU WLAN must authenticate using valid Novell credentials. Authentication requires that a properly configured 802.1x client be installed on the user’s wireless device.

4.0 Availability

4.1
The CSU WLAN will be available for use beginning Fall Semester 2005. CINS will provide graphics of the campus map and buildings indicating areas of wireless access coverage.

5.0 Logging and Accounting

5.1
CINS will maintain logging and accounting of all wireless usage on the CSU WLAN.

6.0 Wireless Access Point

6.1 Security
All wireless access points connected to the CSU LAN must meet the following security requirements:

• Administrative access shall be restricted to authorized CINS personnel
• Management interface shall be encrypted and password protected
• Wireless client association must be encrypted, with a minimum level of 128-bit WEP.

6.2 Physical Location
Physical location of access points

• Inactive access points shall be stored in a secured location
• Active access points shall be mounted security to the ceiling or high on the wall

6.3 Authorized Access Points
No access point other than those implemented by CINS may be connected to the CSU LAN.

Authorized access points used for academic research must be connected to a network that is physically separate from the CSU LAN.

6.4 Rogue
Any access point connected to the CSU LAN that has not been approved by CINS will be identified as a rogue access point. CINS reserves the right to disable and/or disconnect any rogues access points detected on the CSU LAN.

7.0 Wireless Scanning

7.1
Wireless scanning will be performed by CINS to gather and assess network and security information. All other Wireless scanning is considered unauthorized.

8.0 Authorized Users

8.1 Employee
Currently employed staff and faculty of CSU are authorized to use the CSU WLAN.

8.2 Student
Currently enrolled students of CSU are authorized to use the CSU WLAN.

8.3 Guest
Guests will be allowed to connect to the CSU WLAN upon approval by authorized CINS personnel. Guest access must be requested by an authority in the academic or administrative department that the guest is affiliated with. CINS reserves the right to enforce limits on the duration of guest use and resources made available to the guest user while connected to the CSU WLAN.

9.0 Definitions

9.1 LAN
Local Area Network – a wired computer network consisting of switches, routers, network cards, and cabling.

9.2 VLAN
Virtual LAN – a virtual local area network, created through proper configuration of network switches and routers that isolates network communication among a specific group of network equipment.

9.3 WLAN
Wireless LAN – a wireless local area network consisting of access points, access point controllers, and wireless network cards.

9.4 Wireless Supplicant
The software client residing on a wireless device that establishes an encrypted communication channel between the wireless card and a wireless access point.

9.5 Rogue
Any access point or wireless client that is identified as offering unauthorized access to wireless clients, and is not a known member to the CSU WLAN. This includes wireless clients configured for Ad-Hoc communications.

10.0 Limitation of Liability

10.1 Wireless Software Installation on Personal Computers
CINS will modify, add or remove only software and/or hardware that CINS deems necessary to the successful installation and operation of the wireless software client. This includes, but is not limited to, the installation of relevant OS service packs and patches. CINS assumes no responsibility for any modifications made to the personal portable computer in the course of the wireless client installation that may adversely affect the operation of the personal portable computer. In addition, CINS assumes no responsibility for any software and/or hardware that did not function properly prior to the delivery of the personal portable computer to CINS for wireless client installation.

11.0 Policy Modification

11.1
CINS reserves the right to modify this policy as needed. The current version of this document will be available on the CINS website

CSU wireless network connection procedure - PC
CSU wireless network connection procedure - Apple
NEW!! CSU wireless network connection procedure - CougarWave Open