|Policy Title: Wireless Deployment Management Policy
||Category: Information Technology Services
Owner: Information Technology Services
||Policy ID#: 8-008-00
|Effective Date: 1/1/2016
This policy provides the structure for a campus-wide solution for the implementation of wireless technology, which includes centralized determination of identity and authentication for the provision of appropriate levels of security.
All campus wireless service will conform to the IEEE 802.11 standard. Wireless service is highly sensitive to interference of overlapping frequencies and can be very vulnerable to security breaches without the proper configuration. Because of these characteristics, all wireless use must be planned, deployed, and managed in a very careful and centralized fashion to ensure basic functionality, maximum bandwidth, and a secure network. To ensure the technical coordination required to provide the best possible wireless network for CSU-Pueblo, Information Technology (IT) will be solely responsible for the deployment and management of wireless access points on the campus.
Deployment of 802.11 and related wireless standards access points. CSU-Pueblo’s Information Technology (IT) will be solely responsible for the deployment and management of 802.11 and related wireless standards access points on the campus.
Provision of wireless service. ITS will offer a standard wireless deployment plan that will meet the needs of most CSU-Pueblo’s departments wishing to construct and operate departmental wireless services. Departments requiring a different wireless deployment plan must coordinate with ITS to have ITS construct and operate a custom plan. ITS will work with departments to accommodate special academic needs within the technical constraints of the wireless technology as feasible within the secure environment.
Management of 802.11 and related wireless standards access points. ITS will ensure that all wireless services deployed on campus adhere to campus-wide standards for security and access control. ITS will manage the wireless spectrum to ensure the greatest interoperability and roaming ability for use of campus wireless technology. Using the established eAccount system, ITS will centralize the process of determining identity, authentication, and appropriate levels of security for access to and use of campus wireless technology. Un-authorized (rogue) wireless devices operating in the 802.11 radio frequency spectrum will be removed from service to protect University electronic resources.
Procedures and Guidelines
ITS will advise CSU-Pueblo departments on wireless plans, deployment strategies, and management issues upon request. Departments wishing to deploy wireless access must contact the ITS Help Desk and request a work order to begin the process. ITS will recommend hardware and software to be purchased to adhere to campus wireless standards. In the case of existing wireless technology deployments, ITS will work with the departments to convert and integrate the department’s equipment into the University’s wireless system to ensure maximum security and operability. If the equipment cannot meet the required standards, it must be disconnected or replaced with equipment that will meet the campus wireless standards.
CSU-Pueblo is currently deploying 802.11 B/G wireless access points. Users are strongly encouraged to use the newer G format which is 54Mbs rate whereas B is 11Mbs. University owned computers being connected to wireless require Windows XP operating system and wireless network cards that support the Wi-Fi Protected Access (WPA) security standard.
All sensitive data being transmitted across a wireless network will be encrypted. This includes, but is not limited to data protected by the Gramm-Leach-Biley Act (GLB Act), the Health Insurance Portability and Accountability Act (HIPAA), and the Family Educational Rights and Privacy Act (FERPA).
CSU-Pueblo Classifications of Wireless Access
Faculty and Staff: Utilizes Windows Operating System authentication, WPA security, and firewall protection. There is no bandwidth limiting. Available only for university owned and managed computers. Used by faculty or staff for full access to campus resources.
TWOLFnet: Web page authentication with eAccount credentials and has no encryption of transmitted data (internet sites provide encryption when sensitive data is transmitted). Protected by an Intrusion Detection System and bandwidth limited. Used by students or employees for? Internet access with personal computer equipment. May be used by outside entities who require Internet access through a special guest account provided by ITS Helpdesk or the department hosting the guest. No access to campus resources (User directories/ Departmental directories, AIS, etc.)
Wireless Lab: Utilizes Windows Operating System authentication, WPA security, and firewall protection. There is no bandwidth limiting. Available only for university owned and managed computers. Used by departmental wireless labs and has the same access for students as wired labs.
The use of all Electronic Resources is governed by various University policies, handbooks, local, state, and federal laws.