The Wireless Policy provides guidelines regarding the following:
- The central deployment by IT of 802.11 and related wireless standards access points.
- The provision of wireless service by IT for campus departments.
- The management by IT of 802.11 and related wireless standards access.
Purpose of Policy
Wireless in the Local Area Network using the IEEE 802.11 standard is a fast emerging
technology. 802.11 wireless technology is by nature easy to deploy, but highly sensitive
to overlapping frequencies. Because of these characteristics, all wireless use must
be planned, deployed, and managed in a very careful and centralized fashion to ensure
basic functionality, maximum bandwidth, and a secure network. This policy provides
the structure for a campus-wide solution for the implementation of wireless technology,
which includes centralized determination of identity and authentication with the goals
of providing appropriate levels of security and privacy.
Current 802.11 wireless technology deploys a very low power signal in a frequency band divided into only 3 or 14 (depends on type) non-overlapping channels. The primary purpose of these channels is not so much to provide separate networks, but to ensure that adjacent access points with slightly overlapping areas of coverage do not interfere with each other. In the normal case, it is necessary to use three to six channels in an integrated fashion as a single unified network in order to achieve an optimal design. It is therefore not feasible to allow individuals to install their own access points without centralized coordination, due to the resulting signal interference and greatly degraded performance to the common wireless network.
Open (unsecured) Wireless Access Points provide entry for data hijackers, entry points for computers with viruses to bypass our protections, access for hackers to launch attacks against FIT and other sites, and the ability for anyone on the street to utilize finite FIT resources. Unless steps are taken to protect them, wireless LAN installations are open to anyone within range of the access point. If a wireless access point is connected to FITNet without restrictions, anyone with the proper equipment will be able to access the FIT network, even from outside the building. Furthermore, anyone with the proper equipment can spy on traffic. They can see users' passwords as well as other data. As FIT moves more and more services online, the amount of damage that can be done by unauthorized people learning passwords of FIT users is increasing.
These dangers are not just theoretical: Tools to tap nearby wireless networks are widely available, even for palmtop devices. A whole subculture has sprung up of people going around, scanning for open wireless nodes, and publicizing them to people who want free wireless access.
To ensure the technical coordination required to provide the best possible wireless network for the Fashion Institute of Technology (FIT), IT for FIT will be solely responsible for the deployment and management of 802.11 and related wireless standards access points on the campus. No other departments may deploy 802.11 or related wireless standards access points without coordination with IT.
1. IT deployment of 802.11 and related wireless standards access points
IT for FIT will be solely responsible for the deployment and management of 802.11 and related wireless standards access points on the campus. No other departments may deploy 802.11 or related wireless standards wireless access points without coordination with IT.
2. Provision of wireless service by IT
IT will offer a standard wireless deployment plan that will meet the needs of most FIT departments wishing to construct and operate departmental wireless services. Departments requiring a different wireless deployment plan may contract with IT to have IT construct and operate either a standard or, if the spectrum is available for it, premium wireless services. IT will work with departments to accommodate any special needs they may have within the technical constraints of the wireless technology, understanding that all requests may not be technically feasible.
3. Management by IT of 802.11 and related wireless standards access points
IT will ensure that all wireless services deployed on campus will adhere to campus-wide standards for access control. IT will manage the wireless spectrum in a manner that ensures the greatest interoperability and roaming ability for all departments wishing to use wireless technology, and, using the Enterprise Directory, will centralize the process of determining identity, authentication, and appropriate levels of security for access to and use of wireless technology. IT reserves the right to minimize interference to the common wireless network, and will work with departments to reconfigure or shut down any departmental wireless networks that interfere with the common wireless network.
Procedures and Guidelines:
IT will inform campus committees of wireless plans, deployment strategies, and management issues. IT welcomes input from campus committees on these strategies and issues.
Any department wishing to work with IT to deploy wireless access must contact IT by phoning 7-HELP (Select Option 1) to begin the process. IT will work with departments to ensure that hardware and software purchased adhere to published campus standards.
Departmental wireless networks will be treated as alliance networks or spokes; this requires a formal agreement between IT and the department.
In the case of existing wireless technology deployments that use the same or interfering spectrums, IT will work with the departments in question to minimize interference to the common wireless network.
All sensitive data being transmitted across a wireless network will be encrypted and be accessible only via a secure VLAN (virtual lan).
Additional guidelines and best practices relating to the deployment and use of wireless technologies can be found at Wireless Zones.