Interim Wireless Networking Policy

Committee Recommendation October 9, 2001

Adopted October 15, 2001

The Wireless Committee has a number of concerns regarding the deployment of wireless networking and other wireless devices on the UNLV campus. The events of the past several weeks have increased the urgency of these concerns and revealed new potential problems. The chief concerns at this time are:

• Security problems resulting from the deployment of wireless appliances and networks
• The need to adopt a uniform campus wireless standard in the face of evolving and changing industry standards to avoid incompatibility and the need to replace equipment that is incompatible with emerging standards
• Network resource demands resulting from the potential addition of a large number of new users and from the need to maintain network security

In the past, the campus has relied, in part, on restricting physical access to network drops in order to maintain network security. Even if Wired Equivalent Privacy (WEP) were true to its name, implementing wireless networking would result in the installation of the equivalent of hundreds of accessible unsupervised drops. Because no form of universal network authentication is in place on campus, access to a network drop allows the user access to a wide variety of resources many of which are protected only by passwords that are frequently transmitted on the network in unencrypted form.

Apart from the security problems that would arise from unsupervised wired drops, wireless local area networking itself, regardless of configuration, remains essentially vulnerable from a security and privacy standpoint. Present security measures have proven weak and are under attack industry-wide causing many to discontinue plans to implement wireless solutions. All existing standards and protocols related to security will undoubtedly be revised dramatically in the near future as numerous suggestions have been brought forth.

In general, the 802.11b and 802.11a standards are being supplemented and revised in a variety of ways. We expect that wireless LANs will operate in both the 2.4 GHz (802.11b) and 5.0 GHz (802.11a) frequency ranges and that both will coexist. Therefore, supporting a wireless standard campus-wide may eventually require the adoption of a single vendor hardware solution. This is especially pertinent in a scenario where a student may be using a wireless laptop in the dorm, then goes to a classroom across campus where he can use the laptop, and then goes to the library to study for some time. This is a rather complex issue and is being studied and discussed in great detail.

Again, it must be reiterated that a wireless network segment is NOT the same as a wired network and the wireless devices operate much differently from wired devices. Moreover, wired hardware has been around for quite a while with standards and protocols that are fairly mature. Wireless hardware devices suffer from evolving standards that may render any present investment useless in a very short time. It is believed that all wireless access device presently manufactured will need to be replaced within two years due to the changing standards.

The wireless committee will continue to evaluate products and solutions in an effort to work towards a campus standard. In the opinion of the Committee, before the University can support wireless networking on a widespread basis, a number of issues must be addressed:

1. Some form of network authentication must be put into place.
2. Policies concerning what services will be available on wireless network segments and what logical ports will be open must be devised.
3. An implementation plan that describes how wireless access points may be connected to the campus network must be formulated. This plan may involve the creation of a separate wired backbone for wireless access points.
4. The effects of increasing the number of potential network users on network resources must be assessed and, where necessary, network resources must be increased to handle the expected load.
5. Policies concerning the responsibility for installation and administration of wireless network segments must be put into place.

We understand the desire of the campus community to experiment with new technology, but we currently ask the campus not to implement any wireless networking except in the restricted circumstances described below. We also ask the campus to refrain from purchasing non-networking communication equipment (such as some cordless phones) that will interfere with the 2.4 GHz and 5.0 GHz frequency ranges specified for the 802.11b and 802.11a wireless networking standards.

1. Any wireless access points will be operated only for a limited period of time, such as for a class period or presentation. Access points must not remain operational in a single location for a period longer than several hours.
2. Access points must restrict access to devices with specific Media Access Control (MAC) addresses.
3. Use of WEP and/or VPN technology is required.
4. Use of a properly configured firewall is required.
5. A specific individual must be designated as responsible for security of the wireless segment including maintenance of the Access Control List (ACL).
6. OIT must be informed of the type of wireless equipment used by other departments, the person responsible for that equipment, and the general locations in which it might be deployed.
7. Devices not conforming to the above requirements will be disconnected from the campus network.

Back to ITCC home page