General Policies
University Policy Number 1302
Subject: Wireless Networking
Responsible Parties: Vice President for Information Technology and
CIO
Procedures: N/A
Related University Policies: 1301 Responsible Use of Computing
http://www.gmu.edu/facstaff/policy/newpolicy/1301gen.html
I. SCOPE
II. POLICY STATEMENT
III. DEFINITIONS
IV. RESPONSIBILITIES
V. OTHER INFORMATION
VI. COMPLIANCE
VII. AMENDMENTS
AND ADDITIONS
VIII. EFFECTIVE DATE
I. SCOPE
Administrative Policy Number 1302 applies to all University faculty, staff,
students, visitors, including conference participants, members of organizations,
and contractors. The policy applies to these persons participating in
or supporting any activity in any academic and operational buildings,
residence halls, and offices at all University locations, owned and leased.
This policy governs the installation, operation, and maintenance of all
wireless network devices utilizing George Mason University Internet Protocol
(IP) network space, including private IP space within University networks,
and all users of such devices, and governs all wireless connections to
the campus network backbone, frequency allocation, network assignment,
and registration in the Domain Name System. It also applies to services
provided over wireless connections to the campus network backbone for
colleges, departments, or divisions of the University.
II. POLICY STATEMENT
The University provides and maintains computing and telecommunications
resources to support the teaching, research, and administration activities
of its faculty, staff, and students. A secure and reliable data network
is a critical component of the University's infrastructure. While wireless
networking devices can be useful tools for enhancing productivity and
convenience, they can also negatively impact the availability and security
of the University network if improperly connected or administered. This
policy defines the roles and responsibilities of the Information Technology
Unit (ITU) and the network user community with respect to planning, deploying,
and managing wireless technologies.
III. DEFINITIONS
Wireless Network: local area network technology other than wired
technology, including, but not limited to, technology that uses radio
frequency spectrum, to connect computing devices to college, department,
and division wired networks.
Access Point: electronic hardware that serves as a common connection
point for devices in a wireless network. An access point acts as a network
hub that is used to connect segments of a LAN, using some means other
than wired ports for access by multiple users of the wireless network.
Wireless Infrastructure: wireless access points, antennas, cabling,
power, and network hardware associated with the deployment of a wireless
communications network.
Interference: the degradation of a wireless communication signal caused by electromagnetic radiation from another source. Interference can slow down or eliminate a wireless transmission depending on the strength of the interfering signal.
Point of Contact (POC): the person designated as having primary responsibility for a given wireless access point or network.
Virtual Private Network (VPN): the use of encryption to provide a secure means of connection over an otherwise insecure network.
Secure Shell (SSH): an Unix shell program for logging into, and executing commands on, a remote computer. SSH can be used as a more secure replacement for telnet, rsh, and other access methods commonly used with Unix systems.
Secure Sockets Layer (SSL): a protocol designed by Netscape
Communications Corporation to provide encrypted communications on the
Internet. Websites using SSL encryption have URLs that begin with “https://”.
IV. RESPONSIBILITIES
Wireless equipment and users must follow all acceptable use provisions
stated in Administrative Policy number 1301 "Responsible Use of Computing"
in addition to the more specific requirements described in this document.
Wireless access points must abide by all federal, state, and local laws, rules or regulations pertaining to wireless networks.
Responsibility for electronic communication resources at all campuses of George Mason University resides with the Vice President for Information Technology. The Vice President for Information Technology or designee may delegate responsibility for wireless access points within campus buildings to deans, department chairs, and directors of academic units when those access points are intended primarily or exclusively for use by the college, division or department. Where multiple organizations share a common building, the deans or department heads may share responsibility for wireless access points in that building, or may designate a specific dean or department head to take responsibility for the wireless access points in that building.
Registration Requirements
University colleges, departments, or divisions must register for the use of radio frequency spectrum with ITU Network Engineering and Technology, prior to implementation of wireless networks. The requesting department must provide technical specifications for the devices upon request so that network engineers can assess the potential impact.
The location of all wireless access points and the name of the Point
of Contact (POC) for each must be registered with the ITU Network Engineering
and Technology department. This may be accomplished by sending e-mail
to wireless@gmu.edu.
Deployment by Students
Students are not permitted to connect wireless access points to the campus network unless they are working under the direction of a University department or officially recognized campus organization. Wireless access points may not be connected to the student residential network.
Public Access Points
Responsibility for deploying wireless access points that are intended for use by the general University community resides with the Information Technology Unit. Other University colleges, departments, or divisions may install wireless access points for use by defined groups within their organization or building, but must follow the registration and security requirements noted herein.
Interference
Wireless networking technology uses unlicensed frequency bands to create small local area network cells. Since unrelated devices such as cordless telephones, wireless audio speakers, and even microwave ovens may also use these same frequency bands, the potential for disruption of service exists when multiple devices are placed in close proximity to one another. Interference or disruption of other authorized communications that result from the intentional or incidental misuse or misapplication of wireless network radio frequency spectrum is prohibited.
In the event that a wireless device interferes with other equipment, ITU Network Engineering and Technology and the ITU Project Office will work with the affected departments to resolve the interference. The arbiter, in case of conflict, is the Vice President for Information Technology.
Security Requirements
Improperly secured wireless access points can compromise the security and performance of the University network, providing easy access for intruders to steal passwords, destroy data, and use University network and Internet resources for unauthorized purposes. Any department that deploys wireless networking devices must, at a minimum, follow basic security practices. The list of basic security practices is updated regularly by the IT Security Coordinator and it can be found on the web site http://itu.gmu.edu/security/sysadmin/security-reqs.pdf
Disconnect Authorization
Any wireless network that poses a security threat may be disconnected from the campus backbone network. If a serious security breach is in process, ITU Network Engineering and Technology may disconnect the LAN immediately. Every reasonable attempt will be made to reach the registered Point of Contact (POC) to resolve security problems.
ITU Network Engineering and Technology will attempt to resolve any interference
or security incidents by coordinating with the registered POC for the
wireless network. If a POC is not available, the incident may be resolved
through administration of the network connection to the backbone or other
measures.
ITU Network Engineering and Technology has the authority to disconnect
any wireless network from the campus network backbone whose traffic violates
practices set forth in this policy, the Responsible Use of Computing Policy,
or any network related policy. It is the responsibility of the college,
department or division to be knowledgeable regarding the provisions of
such policies.
Guidelines are available at http://itu.gmu.edu/security/sysadmin/wireless-guidelines.pdf
VI. COMPLIANCE
ITU Network Engineering and Technology is authorized to take whatever reasonable steps are necessary to ensure compliance with this, and other network related policies that are designed to protect the integrity and security of the campus network backbone. ITU Network Engineering and Technology works in conjunction and cooperation with the Information Technology Security Coordinator, under the direction of the ITU Project Office.
Grievance matters with this policy or conflicts between ITU Network Engineering
and Technology and any University college, department, or division are
directed to the ITU Project Office for resolution. If the conflict is
not resolved to the satisfaction of Network Engineering or the college,
department, or division, the matter may be escalated to the Vice President
for Information Technology for further review and action.
VII. AMENDMENTS AND ADDITIONS
All amendments and additions to Administrative Policy Number 1302 are to be reviewed and approved by the Office of the Provost and the Office of the Senior Vice President.
VIII. EFFECTIVE DATE
The policies herein are effective January 5, 2004. This Administrative
Policy shall be reviewed annually and revised, if necessary, and becomes
effective at the beginning of the University's fiscal year, unless otherwise
noted.
Approved:
_______________________
Maurice W. Scherrens
Senior Vice President
________________________
Peter N. Stearns
Provost
Date approved: 01/16/04