Wireless Network Usage Policy

	GT Home Page Campus Map Site Map


Home : Policies : Standards
Inside O.I.T. Students Faculty Staff Researchers CSS/CSRs

General Information
Software Distribution
Crystal Reports

FAQs
Admin App Change Request
New to Campus?
Consulting
Report Problem
Departmental Support

Complete List & Search

Wireless Corridor
Research Computing
Information Security
Telecommunications
Projects in Progress

Protection
Information
Architecture
Report Incidents
Security Awareness
GT Security Guidelines

Library West Commons
Library East Commons
Student Center

Online Tutorials
Report a Problem
Classroom Details
Software List
Microphone Request

Overview
Institute Policies
Unit Level Policies
Issue Specific Policies
Standards
Procedures
Guidelines
Supporting Programs
References

Getting Access
Software
Help
Services
Campus Initiatives
Information Security
Computer Labs
Classroom Technology
IT Policies

Policies

Overview
Institute Policies
Unit Level Policies
Issue Specific Policies
Standards
Procedures
Guidelines
Supporting Programs
References

Georgia Institute of Technology Wireless Networking Best Practices

Back to Overview

Printable version

Guidelines Document No: 03.GIT.100-A

Rev 1.3

Last Revised: 08/14/2003

Effective Date: August 14, 2003

Last Review Date: NA

Next Review Date: September, 2004

Status

The following are responsible for the accuracy of the information contained in this document:

	Draft
	Under Review
	Approved
	Obsolete

Responsible University Officer
Associate Vice President / Associate Vice Provost for Information Technology (CIO)

Responsible Coordinating Office
OIT - Academic Research & Technology

1. Executive Summary

This document is in direct support of the Georgia Institute of Technology Wireless Network Usage Policy and is included by reference in the policy. This document sets forth guidelines and best practices for connecting to the campus wireless network, as well as implementing wireless networking Access Points (APs) off-campus, such as home-based wireless networks. Due to the dynamic nature of the Georgia Tech wireless networking environment, as well as the underlying technology, this document shall be subject to periodic changes and updates, as necessary, independent of the policy document itself.

2. Definitions

Insecure Services: Network services that utilize "plain text" (unencrypted) communication traffic, and/or use plain text authentication (password transmissions). Examples include: Telnet, FTP, POP, IMAP, HTTP, and SMB file sharing.

Secure Services: Network services that encrypt all network traffic, or at least use encrypted authentication (password transmissions). Examples include: SSH, SCP, IMAPs, POPs, sFTP, HTTPs.

Wired Equivalency Protocol (WEP): a shared-key authentication mechanism.

Media Access Control (MAC): Key component of a network interface card (NIC), typically with a pre-configured address (MAC address).

Radio NIC: wireless network interface card.

Service Set Identifier (SSID): the unique ID corresponding to a particular wireless network; all APs in a network use the same SSID. The SSID, timestamp, and other relevant AP parameters are typically contained in a beacon signal (frame) broadcast periodically by all APs and scanned by radio NICs.

IEEE 802.11: Institute of Electrical and Electronic Engineers (IEEE) wireless networking standard.

802.11a: OFDM (orthogonal frequency division multiplexing) modulation in the 5GHz band (5.15-5.85 GHz). Maximum 54 Mbps.

802.11b: (also referred to as 802.11 High Rate or Wi-Fi) -- DSSS (direct sequence spread spectrum) modulation in 2.4GHz band (2.412-2.472 GHz). Maximum 11 Mbps with fallback to 5.5, 2, and 1 Mbps.

802.11g: OFDM (orthogonal frequency division multiplexing) modulation in the 2.4GHz band (2.412-2.472 GHz). Maximum 54 Mbps. Interoperable with 802.11b.

3. Guidelines

3.1 Client Hardware Suggestions

The following wireless networking cards (clients) have been informally tested and are recommended for use on the official Georgia Tech wireless network:

PCMCIA cards (for laptops and PDAs):
Â· Professional grade: Cisco, ORiNOCO
Â· Commercial grade: LinkSys, Belkin, Microsoft (branded)

CompactFlash cards (for PDAs): LinkSys, Socket, Ambicom

Current campus coverage is predominantly 802.11b (2.4 GHz), 64-bit WEP capability, with 802.11g (2.4 GHz) and 802.11a (5 GHz) coverage planned for select areas in the near future.

3.2 Devices known to cause significant interference

Avoid using the following devices in areas covered by wireless networking on campus, as they have been shown to cause significant performance degradation on the network:

2.4 GHz wireless telephones (i.e. Panasonic Gigarange)

Bluetooth devices, microwave ovens, and burglar alarms have also been known to interfere, albeit on a more localized basis.

3.3 Home AP configuration

The following guidelines and configuration parameters are proposed as a minimal deterrent to illegal and/or unauthorized use of wireless networking resources for home users, keeping in mind that wireless systems typically ship without any security features enabled. Also note that any configuration settings may be lost during power outage or AP device reset, causing the device to revert back to the default (no security) settings.

Ensure NIC (client) and AP firmware is up-to-date: Vendors continually release patches to firmware that fix/address security issues, and make these available through the Internet.

Change your AP password: Don't use default passwords for access points, and change the password periodically. The default admin passwords for common devices are easily obtainable on the internet, and hence not very secure!

Activate WEP (or run any alternative encryption): This feature is typically included in most wireless APs, but turned OFF by default. It needs to be turned ON under software control in the configuration web page. Use a different WEP encryption key than that used on the Official Georgia Tech Wireless Network.

Use MAC address access control list/address filter on the AP: Program the access control list/filter on the AP to contain only MAC addresses for your clients (NICs). This prevents unauthorized users from connecting to your wireless network.

Change the default SSID: change the default (i.e. "tsunami", "linksys", etc.), to a non-descript name, making it harder for casual "sniffing" to identify your AP or any personal information/location contained in your SSID.

Disable SSID broadcast: the broadcast feature is typically set to ON by default, broadcasting your AP SSID to all radio NICs within range. This feature can typically be switched OFF from the software configuration web page, and this alone can render some sniffing tools useless.

Implement personal firewalls and disable/protect file sharing: if a hacker is able to associate with an access point, the hacker can easily access shared files on any other computer on the local (wired or wireless) network. Disabling file sharing (selectively enabling only when necessary), password-protecting and/or implementing software firewalls can greatly reduce this risk.

Avoid using the default address space: for devices with a 192.168.1.x default, choose address spaces like 192.168.2.x, 192.168.3.x, or 192.168.235.x, etc. (change the third "octet"). Likewise, for devices with 10.10.10.x default, choose something like 10.67.16.x.

Power down APs during non-usage periods: whenever possible, shut down the APs when users don't need them; this limits the window of opportunity for unauthorized/illegal access.

3.4 Managing Security Risks

As per the policy document, no insecure services shall be made available on the Georgia Tech official wireless network, including file sharing. In practice:

Use SSH instead of Telnet

Use SCP or sFTP instead of FTP

Avoid using SMB file sharing

4. References

Georgia Tech Wireless Network Usage Policy

Back to Overview Printable version