IT Services



Mobile Wireless Networking Regulations


Contents



1. Introduction

This section contains Mobile Wireless Networking Regulations as approved by ICTC. These rules and regulations will evolve as experience is gained, and should be considered a supplement to the existing University IT facility regulations. The following represents the current thinking and is similar to that in use elsewhere; a short rationale for each point is given.



2. Regulations - Terminology

To avoid ambiguities, we have used particular terminology when explaining the rules:

MUST

This word, or the terms "REQUIRED" or "SHALL", mean that the item is an absolute requirement of any Mobile Wireless Network.

MUST NOT

This phrase, or the phrase "SHALL NOT", mean that the item is an absolute prohibition of any Mobile Wireless Network.

SHOULD

This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

SHOULD NOT

This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label.



3. Requirements

Only authorized wireless networks are allowed

A wireless network must not be operated without the knowledge and permission of the unit in which it operates. Rogue access points compromise security and interfere with normal operations.

The SSID OWL, or any prefix or suffix on that identifier may only be used according to a naming scheme released by OUCS, and the OWL family of SSIDs will be used only to provide standardised OWL services

This is in order to ensure users can configure their clients in any part of the Collegiate University, and receive an equivalent service wherever else that SSID is in use.

The SSID eduroam, or any prefix or suffix on that identifier, may not be used except for the purposes of the international Eduroam service

It is a requirement of the University's participation in the Eduroam Federation that we undertake to protect the use of the eduroam SSID namespace.

All wireless networks must be registered with OUCS by the local IT support staff

A database of all established networks, and who is responsible for them, will assist in maintaining control of the network and when considering and advising upon the installation of further networks.

The wireless network must be separated from any other University connected network

This is a basic security procedure. If it is part of a unit's main network, then anyone who connects to that access point will become part of that network.

User authorization is required before network access is allowed

This is self explanatory, and exists to support the University and Janet IT use regulations.

Strong data encryption must be used

Wireless network traffic is readily available for anyone to see, even if they have not associated with an access point. Encryption is necessary to ensure that data, such as passwords, cannot be seen.

Hosts offering services that compromise security shall not be permitted

Examples of this include proxy, relay, DHCP, routing services etc. This refers to client operations, not system provided facilities.

All associations must be recorded

In the event of abuse of the connection, for whatever reason, it is vital that the user concerned can be identified.



4. Recommendations

The IEEE 802.11g wireless standard should be supported

This is the Wi-Fi standard most commonly be available on clients.

Wi-Fi approved equipment should be used

Compatibility between equipment cannot be guaranteed unless it has been tested. Wi-Fi approved equipment has been through the approval process - so it will work.

Only the IP protocol should be supported

IP is the protocol of choice - all others are treated as legacy protocols by the University and have dwindling support

The minimum necessary power to provide coverage of your area should be used

Use of high signal strengths causes the signal to propagate into areas where coverage may not be required and, indeed, could provide potential connectivity to people for whom it is not intended. Reducing power levels reduces leakage and interference problems.

Use different frequencies to those of nearby access points (which may be in another building)

Suitable choices of channel allocations can reduce interference between multiple access points, thus improving signal strength to clients and allowing higher throughput. The limited number of available channels (three) at 2.4 GHz means that this is recommended.

High bandwidth utilization applications should not be allowed

As wireless technology is a shared medium with limited bandwidth, it is possible for one user to utilize the majority of the bandwidth. If anyone has high bandwidth needs then a normal 'wired' connection should be used.