EXECUTIVE SUMMARY FOR EAST TENNESSEE STATE UNIVERSITY’S
INTRODUCTION/BACKGROUND: The Working Group on Wireless Standards and Policies (WGWSP) was asked to examine the current state of wireless networking and its implementation at ETSU; recommend the best wireless hardware/software technologies for ETSU as well as implementation procedures and protocols; and propose governing policies for the same. Security is one of the main concerns with wireless. Because of the easy setup of wireless, most people have wireless even in their homes. However, most wireless is not secure. The ETSU wireless network needs security because of FERPA (Federal Education Rights and Privileges Act) and HIPAA (Health Insurance Portability Accountability Act) regulations. These regulations state that student and patient records need to remain private. A non-secure wireless network violates FERPA and HIPAA regulations.
OBJECTIVE: The proposed policy from the WGWSP was modified and presented to the Network/Telecommunications Subcommittee Meeting. The proposed wireless policy will be the standard Wireless policy for ETSU. This policy takes into considerations all aspects of ETSU’s network, user community, cost of wireless, and security. The policy is the best overall recommendation for ETSU when all things are considered.
SUMMARY OF POLICY: The Network/Telecommunications Subcommittee is recommending that the ITGC approve the proposed wireless policy. The proposed wireless policy states that all Wireless Access Points will be authorized and registered with OIT. The Wireless Policy requires user authentication to the Wireless Access Point. The two authentication methods that are going to be standard are LEAP and PEAP. LEAP and PEAP require 802.1x authentication. 802.1x authentication requires that all hardware on the network is known and that the potential user logon to the network using Active Directory authentication. The Wireless Policy states that 802.1x port authentication will be the standard for ETSU’s network. This standard will enable network security in which the user will have to authenticate to the network before being able to use ETSU’s network.
Any existing Wireless Access Points will need to be registered with OIT in the 2004/05 budget year. If the Wireless Access Points are not 802.1x compliant, funding will need to be allocated for the replacement of the Wireless Access Points in the 2005/06 budget cycle. Failure to replace the equipment with 802.1x compliant hardware will result in removal of the Wireless Access Point.
Any new wireless access needs will be submitted to OIT via “Computer Account Request Form”. OIT and the department will survey the needed wireless and assess cost. The department will be responsible for funding of the wireless hardware.
CONCLUSION: The proposed Wireless Policy has been approved by the Network/Telecommunications Subcommittee.
RECOMMENDATION: The Network/Telecommunications Subcommittee is recommending approval of the policy so that the faculty, staff and students of ETSU can begin the use of wireless without compromising security of ETSU.