Authority
Issued by the Vice Provost for Information Technology and Associate Vice Chancellor for Resource Management and Information Systems; approved by the University Information Technology Committee, December 13, 2002Note: The use of data networking resources at NC State, including wireless, is governed by federal and state law, and University policies and procedures. NC State's Communication Technologies (ComTech), the University's data network and Internet service provider, is responsible for NC State's network infrastructure and all connections to it, including wireless. ComTech has the authority to block wireless transmitters and other wireless devices from access to the University's production data network, as well as request termination of the use of any other device that interferes with the security or operation of the official NC State wireless units, or the campus network, or that do not comply with standards approved by the University Information Technology Committee (see section II, below).
Related Policies
Board of Trustee Policy - Computer Use; Administrative Regulations - Computer UseContact Info
ComTech: 919-515-7099I. Purpose
The following rules and guidelines for wireless access to the NC State data network have been implemented to preserve the security, utility and flexibility of the campus data network infrastructure and computing systems. Since a majority of the wireless network standards in use today use ISM (Instrumentation, Scientific, and Medical) bands of radio frequencies (900MHz, 2.4GHz, and 5GHz) that the Federal Communications Commission (FCC) does not regulate or restrict, the University must manage these frequency bands to provide a reliable production wireless network.
II. ScopeA. This document applies to the implementation of all wireless networking at NC State
B. For this document, wireless networks on the campus are divided into two categories:1. NC State public wireless networks are those designed, built and maintained by ComTech for use by NC State faculty, staff, and students who have valid University computing accounts.
The ComTech wireless network implementation is part of a campus-wide Nomad Computing Environment. The Nomad Computing Environment uses Dynamic Host Configuration Protocol (DHCP) to provide ubiquitous and seamless mobile computing resources. The NC State wireless network infrastructure allows portable computing devices with wireless network interfaces to connect to the NC State network uses IEEE 802.11b-compliant technology at the present time. This may change as other technology options mature.
2. NC State private wireless networks are those that are not funded, designed, built, and maintained by ComTech, but are installed and maintained by NC State colleges, departments, units, organizations or authorized individuals. The devices must be registered and the installation approved.
III. Implementation of NC State public wireless networks
A. ComTech is responsible for obtaining the funding and for the design, purchase, installation, and management of the NC State public wireless network.
B. Priorities for installation will be determined by a cooperative effort between ComTech and the Infrastructure Subcommittee of the University Information Technology Committee. Once the priorities have been set, the subcommittee must approve any changes to the priorities. In cases where a campus organization needs to have public wireless networking installed ahead of schedule, ComTech will work with the organization to fulfill that need as quickly as possible, but the organization may be charged an installation fee (to be determined by ComTech) to offset additional costs not provided for in the ComTech budget.
C. Configuration standards for hardware clients on NC State public wireless network are as follows:
1. Service Set Identifier (SSID) = ncsu
2. Internet Protocol (IP) setting = Dynamic Host Control Protocol (DHCP)
3. Encryption = NoneD. The NC State public wireless network may be used by NC State students, faculty, and staff who have a valid NC State computing account login ID, password and properly configured portable computer. Guests of the University may obtain a temporary login ID and password for logging into the system. In order to get a valid connection, all NC State public wireless network clients must use a web browser (Netscape Communicator, Internet Explorer, Mozilla, Opera, Lynx, etc.) to authenticate to the nomadic computing environment. The login page will appear when the user's web browser requests a web page. After successful authentication, the user will be able to use the campus network and the Internet.
E. Running remote services (web server, ftp server, nfs server, any person-to-person file sharing services, etc.) is PROHIBITED on the NC State Nomad Computing Environment and on public wireless networks. However, users of Nomad Computing Environment and public wireless networks will be able to connect to such services provided elsewhere.
F. All traffic to and from the Nomad computing environment is logged and associated with the user, as permitted by NC State Administrative Regulations, section II, G.
G. Users of the NC State public wireless network are requested to report any problems they encounter with the public wireless network or the Nomad computing environment immediately to the Network Operations Center (NOC) by phone (513-9675) or by e-mail to support@ncsu.edu The user should have the following information available for the consultant:
1. Physical location of where the problem was encountered
2. Vendor of the wireless networking card being used
3. Wireless networking configuration
4. IP configuration obtainedH. Wireless network users are responsible for the security of the data transmissions they send over the wireless network. They should therefore be strongly encouraged to use secure application-level protocols (secure shell, secure web, VPN, etc.) when sensitive information traverses the wireless network; otherwise, they should move to the wired campus network.
IV. Implementation of private wireless networks on campus
A. Those who implement private wireless networks on campus are responsible for compliance with the rules, restrictions and provisions described in this document and for support of the private wireless network, including the network traffic.B. Those who implement private wireless networks may employ wireless encryption technology if desired. They should be aware, however, that current wireless encryption technologies are weak, and it remains possible to eavesdrop and to passively decrypt wireless networking traffic.
C. Departments and authorized individuals may set up private wireless networks on campus as long as their installation does not interfere with the NC State public wireless network and the private wireless network is set up in compliance with the following standards:
1. Transmitter (access point or base station) registration
All wireless networking transmitters MUST be registered in DNS with a descriptive name in the format of building-nearest room#-type-channel (e.g., "withers-410-proxim-6"). In most cases, registration will be done by the local LAN administrator.
2. Channel selection
Wireless transmitters' channels must be configured so as not to disrupt any NC State public wireless networking transmitters or other private wireless networking transmitters. Contact ComTech for appropriate channel selection. Administrators of neighboring private wireless networks should also be consulted.3. Access control
All private wireless transmitters MUST be configured to allow only known client hardware to use the network. This is best done by setting the list of client Media Access Control (MAC) addresses that are allowed to use the private wireless network. Implementers of private wireless transmitters will be held responsible for the actions of those who access the campus network from those devices.4. SSID (Service Set Identification)
The SSID must not be set to "ncsu." SSID selection should be coordinated with administrators of neighboring private wireless networks.5. Configuration password
All transmitter configuration interfaces must be password protected with a non-default and hard-to-guess password. (See http://www.itsecurity.com/asktecs/jun301.htm, for examples.)6. SNMP (Simple Network Management Protocol)
SNMP strings should not be the default and should have access lists assigned where possible.7. Power settings
Private wireless transmitters should use the lowest possible power output that provides the needed coverage area.8. FCC regulations
All private wireless transmitter configurations must be within FCC regulations for dissipated power, etc. (Available from http://www.access.gpo.gov/nara/cfr/waisidx_01/47cfr15_01.html. Section 15.247 covers the amount of radiated power in the 2.4Ghz band.)9. Fire codes
All private wireless transmitters must be installed so they do not violate fire codes. Contact the NC State Senior Inspector of Fire Protection (515-2568) with questions.
Return to Computer and Networking Rules and Regulations