Connection to Wired Network:
The Department of Information Technology Services (ITS) is the provider of backbone wireless Ethernet service. The wired access points, which are used to provide wireless service, and their connection to the campus network, are the responsibility of the ITS Networks and Operations division. They are considered part of the campus backbone and not as in-room attachments. Wired access points will be connected to the campus network only if the access point location has been designed or approved by ITS.
Until appropriate technologies have been tested and deployed, wireless service shall be considered to be a totally insecure network connection method. Use for access to institutional systems and applications will not be permitted. Access for academic purposes will be allowed only after the appropriate security precautions are in place. Wireless Ethernet service at CWU will conform to the proposed Wired Equivalence Protocol (WEP) standard. Among the provisions of WEP is that only encrypted sessions between the wired access point and the mobile devices are allowed. WEP alone does not ensure security. All client to Access Point sessions will be authenticated to the faculty/staff/student CWU network account. Exceptions to this provision must be approved by ITS. Proposals for wireless projeITS and all electronic components necessary to support wireless Ethernet service must be approved by ITS.
This policy limits wireless implementation at CWU primarily to instructional programs that focus on teaching the deployment of such systems, and for academic purposes that meet the security provisions. There may be some locations on campus where conventional wiring is cost prohibitive and only limited public access to the Internet is required. As a service to students, wireless networks may be deployed in these areas, but in no case will this be viewed as a substitute for a wired network. Wireless network segments will be firewalled to prevent access to critical university systems.
ITS does not assume any responsibility for intrusion into the wireless network. Practical attempts will be made to locate an intruder. It may be necessary to shut down an access point for this purpose. As the wireless technology evolves, and concerns regarding bandwidth and security are addressed, this policy will be updated.
ITS will maintain the highest security available for the device installed. Security of the wireless network has many facets. Physical security of the wireless devices will be maintained whenever possible. In common areas, appropriate precautions will be taken to protect the Access Point from theft or access to the data port. All use of the wireless network should be considered "clear text" even with the use of Wired Equivalent Privacy (WEP). Whenever possible, application level encryption programs should be used. Access points will have the ability to provide 128 bit WEP encryption to the end user. WEP codes will be maintained by ITS. Until security issues are resolved wireless networking should be treated as "untrusted". This applies to both encrypted and unencrypted transmission. Hardware MAC addresses will be maintained in a DHCP server. Access to the wireless network will only be allowed from valid entries in the DHCP server.
This policy applies only to equipment that enables access to the backbone network from a wireless client PC. It does not apply to telephony equipment that utilizes cellular or satellite technology, nor does it apply to wireless bridging solutions designed to provide point-to-point or multi-point backbone data connectivity between campus buildings.