|
EXECUTIVE SUMMARY
FOR
EAST TENNESSEE STATE UNIVERSITY’S
WIRELESS POLICY
INTRODUCTION/BACKGROUND:
The
Working Group on
Wireless Standards and Policies (WGWSP) was asked to
examine the current state of wireless networking and its
implementation at ETSU; recommend the best wireless
hardware/software technologies for ETSU as well as
implementation procedures and protocols; and propose
governing policies for the same. Security is one of the
main concerns with wireless. Because of the easy setup of
wireless, most people have wireless even in their homes.
However, most wireless is not secure. The ETSU wireless
network needs security because of FERPA (Federal Education
Rights and Privileges Act) and HIPAA (Health Insurance
Portability Accountability Act) regulations. These
regulations state that student and patient records need to
remain private. A non-secure wireless network violates
FERPA and HIPAA regulations.
OBJECTIVE:
The
proposed policy from the WGWSP was modified and presented to
the Network/Telecommunications Subcommittee Meeting. The
proposed wireless policy will be the standard Wireless
policy for ETSU. This policy takes into considerations all
aspects of ETSU’s network, user community, cost of wireless,
and security. The policy is the best overall recommendation
for ETSU when all things are considered.
SUMMARY OF
POLICY: The
Network/Telecommunications Subcommittee is recommending that
the ITGC approve the proposed wireless policy. The proposed
wireless policy states that all Wireless Access Points will
be authorized and registered with OIT. The Wireless Policy
requires user authentication to the Wireless Access Point.
The two authentication methods that are going to be standard
are LEAP and PEAP. LEAP and PEAP require 802.1x
authentication. 802.1x authentication requires that all
hardware on the network is known and that the potential user
logon to the network using Active Directory authentication.
The Wireless Policy states that 802.1x port authentication
will be the standard for ETSU’s network. This standard will
enable network security in which the user will have to
authenticate to the network before being able to use ETSU’s
network.
Any existing Wireless Access Points will need to be
registered with OIT in the 2004/05 budget year. If the
Wireless Access Points are not 802.1x compliant, funding
will need to be allocated for the replacement of the
Wireless Access Points in the 2005/06 budget cycle. Failure
to replace the equipment with 802.1x compliant hardware will
result in removal of the Wireless Access Point.
Any new wireless access needs will be submitted to OIT via
“Computer
Account Request Form”. OIT and the department will
survey the needed wireless and assess cost. The department
will be responsible for funding of the wireless hardware.
CONCLUSION:
The
proposed Wireless Policy has been
approved by the Network/Telecommunications Subcommittee.
RECOMMENDATION:
The Network/Telecommunications Subcommittee is recommending
approval of the policy so that the faculty, staff and
students of ETSU can begin the use of wireless without
compromising security of ETSU.
|
