__________________________________________________________________________________________________________________ Campus Administrative Policy Statement Title: Wireless Policy Source: Information Technology Policy Committee Effective Date: May 21, 2003 A. Purpose of Policy: The widespread availability of low-cost wireless networking equipment has resulted in a high demand for wireless network solutions for departments, classrooms, labs and public locations. And while wireless radio technology is by nature easy to deploy it is extremely sensitive to surrounding physical conditions as well as the placement and configuration of other adjacent wireless network equipment. For these reasons it is highly desirable that all wireless deployment be planned, installed and managed in a careful, coordinated and centralized fashion. To this end the Auraria Cooperative Technology Committee (ACTC) has developed a wireless standards manual to prevent interference between different institutional implementations and to ensure optimum wireless network access and performance. B. Scope: This document deals only with IEEE 802.xx standards for wireless Ethernet LAN devices operating in the unlicensed 2.4 GHz and 5 GHz radio spectrums. The intent of this policy is to endorse and complement the ACTC’s wireless network standard. University of Colorado at Denver users are subject to and expected to abide by the same rules and policies of acceptable usage that govern other network services and connectivity. C. Policy: All installations and implementations of wireless networking equipment at CU-Denver must be coordinated through the department of Computing, Information and Network Services (CINS) to ensure adherence to ACTC’s standards. In particular: CINS will register and track all wireless network equipment as well as performing radio site surveys to minimize radio frequency interference and optimally locate devices. CINS will also monitor broadcast frequencies used by the wireless network. Equipment that is found to interfere with other wireless network devices or found to be unregistered may be subject to restriction or removal. Planned deployments of wireless networks in areas shared by all Auraria institutions such as the library, multi-media classrooms and the student union are deemed public and must be accessible to the students, faculty and staff of all the institutions. ACTC will determine the coverage area of such planned installations which may well contain or overlap private wireless network areas and though every effort will be made to accommodate both, the public wireless network takes precedence. D. Implementation: Wireless Networks are to be implemented in such a manner as to: protect the privacy of the user allow for only authorized access prevent unacceptable or illegal use of the network. Because the wireless technologies and standards are evolving at such a fast pace, it is impossible to recommend or specify specific solutions but rather to point out a variety of methodologies that can be considered in the design of a wireless network. Authorized access can be validated through a shared secret such as a WEP key, by only allowing access to registered MAC addresses, through RADIUS authentication, through LDAP authorization, and other methodologies such as those specified in the IEEE 802.11i standard. Privacy can be achieved through the encryption of the data sent through the air waves by using 128-bit WEP keys or by using virtual private networks (VPN) implementing IPSEC protocols such as already deployed at UCD. Security is implemented by ensuring that data goes through a firewall before leaving the campus. In this fashion, the user can be restricted to using only outbound telnet, ssh, ftp, web and vpn protocols. E. Procedures: The Academic and Administrative Information Technology Committee will oversee and make recommendations for revision of this policy as needed. Changes will be authorized by the approval of the IT Policy Council and the Chancellor. F. Responsible Organization: IT Policy Council is responsible for the maintenance and enforcement of this policy. G. Reference Documents Auraria Cooperative Technology Committee Standards Manual H. Wireless Networking Definitions Wireless Access Point: a wireless communications hardware device that creates a central point of wireless connectivity. A wireless access point behaves much like a "hub" in that the total bandwidth is shared among all users for which the device is maintaining an active network connection. Coverage Area: The geographical area in which an acceptable level of wireless connection service quality is attainable. Coverage areas for similar devices can vary significantly due to the presence of building materials, interference, obstructions, and access point placement. Interference: Degradation of a wireless communication radio signal caused by electromagnetic radiation from another source including other wireless access points, cellular telephones, microwave ovens, medical and research equipment, and other services that generate radio signals. Interference can either degrade a wireless transmission or completely eliminate it entirely depending on the strength of the signal generated by the offending device. Privacy: The condition that is achieved by successfully maintaining the confidentiality of personal, student, employee, and or patient information transmitted over a wireless network. Security: The degree to which sensitive data can be prevented from being intercepted by an unintended or unauthorized party. Security is particularly important in wireless networks because data is transmitted using radio signals that, without implementation of specific data encryption mechanisms, can much more easily be intercepted than data transmitted over a wired network. Wireless Network Infrastructure: The collection of all wireless access points, antennas, network cabling, power, ports, hardware, and software associated with the deployment of a wireless communication network. Wire Equivalent Privacy (WEP): A security protocol for wireless networks defined within the 802.11b standard. WEP is designed to provide the same level of security as that of a wired network. Research indicates that the use of WEP alone is insufficient to ensure privacy unless used in conjunction with other mechanisms for data encryption. 802.1x: This standard enhances the security of local area networks by providing an authentication framework allowing users to authenticate to central authority, such as LDAP or Active Directory. 802.11a: An extension to the 802.11 standard that provides a maximum connect rate of 54 Mbps throughput in the 5GHz band. This specification is not backwardly compatible with 802.11b. 802.11b: An extension to the 802.11 standard developed by the IEEE for wireless network technology. 802.11b applies to wireless local area networks and supports a maximum connect rate of 11 Mbps with fallback to 5.5, 2, and 1 Mbps in the 2.4GHz ISM band. This standard was ratified in 1999 and is widely implemented in wireless networking products supplied by most equipment vendors. 802.11g: An extension to the 802.11 standard that allows for a maximum connect rate of 54 Mbps while maintaining compatibility with the 802.11b standard. 802.11h: An extension to the 802.11 standard that will allow flexibility in transmission power and selecting frequencies in order to reduce interference with other devices operating in the same frequency band. 802.11i: An extension to the 802.11 standard to provide improved security over that available under 802.11 extensions. This extension provides for improved encryption methods and for the integration of the IEEE 802.1x authentication protocol. Frequency: Assigned channel space within the radio wave spectrum. A measurement of frequency in cycles per second is called a Hertz which is one cycle per second. One GigaHertz is equal to on billion hertz. Wireless spectrum: A band of frequencies where wireless signals travel carrying voice and data information.