University of California, Riverside

Wireless@UCR



Policies


U.C. Riverside Wireless Network Policy and Guidelines

Drafted 02 August 2001

Introduction

Proper computing habits that can be used to minimize any possible repercussions in using the wireless network and to provide a safe and protected computing environment. Acceptable user conduct on the wireless network and the penalties for misuse of the wireless network.

The use of wireless networking provides a more versatile way to access the Internet and to use a laptop computer, broadening the scope of mobile computing. With the added benefits of a wireless network at U.C. Riverside, there also comes additional responsibility. A wireless user must be aware of the inherent security issues that exist in a wireless environment. Caution must be exercised to ensure a safe, secure, and reliable computing environment. This document of policies and guidelines serves to address three key issues regarding participation in the wireless network at U.C. Riverside:

Wireless Networking Issues

It is important to understand the unique nature of a wireless network. While it is not necessarily true that a wireless network is less secure than a wired network, the differences in the infrastructure of a wireless network versus a wired network create areas of concern, which should be known by all prospective users.

The UCR wireless network relies on the industry standard 802.11b networking protocol, which uses the 2.4GHz radio frequency range. In other words, communication of data between the client side and the wireless access point, or receiver, is broadcast over radio waves. This means that data is being transmitted in public airspace where the communication could possibly be intercepted by eavesdroppers.

802.11b supports an encrypted standard known as Wired Equivalent Privacy (WEP), which provides a certain level of encryption for wireless networking communications. But UCR Computing has decided not to employ WEP encryption due to known security weaknesses, which make the implementation of a WEP encrypted wireless networking environment less beneficial in the long run, and due to a more effective alternative of Virtual Private Networking (VPN)i.

Therefore, it is vital for users to understand that data sent and received over a wireless connection will generally be in clear text, and unencrypted.

802.11b supports Wi-Fi Protected Access (WPA and WPA2) a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol to secure wireless computer networks. This protocol was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

It is worthy to note that communications on a wired network can also be intercepted. But due to the broadcast of wireless communications in open air, the likelihood of client communications being intercepted is increased.

Also, as with any networked computer, a computer on the wireless network will be open to possible unauthorized access from other parties on the Internet. If resources on the computer are shared, such as the hard drive, outside parities will be able to see the shared hard drive and may be able to access the share if improperly configured and not secured with a strong password.

Proper Computing Habits

The use of the SSH protocol to check email is highly recommended. Most UCR email accounts are accessible via a shell session. Telnet has been the long time standard for remote shell sessions, but an encrypted version of Telnet, known as SSH has been introduced and adopted in recent years. There are several freeware SSH clients available for the Windows platforms and most Unix platforms come with an SSH client as a standard.

When submitting a username and password on a web site, make sure it is SSL encrypted. SSL, or Secure Socket Layer is an encryption protocol drafted by the Netscape Communications Corporation to protect data being sent back and forth between a client user and a web site. For example, the UCR Paws server where students register for classes and check grades is SSL encrypted. UCR Computing and Communications highly recommends that wireless network users do not submit important information such as passwords and credit card numbers on a web site form unless the web site form uses SSL encryption.

Turn off any drive sharing on a computer using the wireless network. If sharing of drives and files is necessary, use a password to protect the drive shares.

The dangers of unencrypted communications can be minimized through good computing habits. Using the guidelines below will decrease your risk.

These same habits not only apply to wireless networks, but should also be considered when using standard wired network connections as well.

User Conduct And Network Guidelines

We reserve the right to limit bandwidth on a per connection basis on the wireless network, as necessary, to ensure network reliability and fair sharing of network resources for all wireless users.

We reserve the right to monitor and log communications on a per connection basis to ensure proper usage of network resources.

Mass emailing, or spamming, will not be tolerated on the wireless network. Such practices are an unnecessary use of bandwidth resources and are socially improper.

Running servers or daemons on the wireless network is prohibited. Such programs use an exorbitant amount of network bandwidth and resources.

Any attempt to break into or gain unauthorized access to any computers or systems from a wireless connection is prohibited. Any type of unauthorized access to computer systems is an unlawful practice that is not condoned by U.C. Riverside.

Any type of Denial of Service attack (DoS attack) using the wireless network will not be tolerated. DoS attacks not only cause unnecessary usage of UCR network resources, but also can also cause bandwidth and financial losses for other affected parties.

Running any unauthorized data packet collection programs on the wireless network is prohibited. Such practices are a violation of privacy and constitute the theft of user data.

All other standard usage policies for UCR networks apply to the UCR wireless network.

Sharing your UCR NetID and Password with other users is a security risk
and is prohibited.

The University of California, Riverside desires to protect its users as much as possible, and therefore, deems it necessary to define what constitutes improper usage of the wireless network and policies that will be employed for the wireless network.

Students, faculty, and staff that use the wireless network are assumed to have accepted the above rules and conditions regarding the wireless network.

Students violating the wireless network policies will be disciplined by the UCR Student Conduct Committee as defined in section 103.00 of the UCR Student Conduct Code.(ii)

Conclusion

As the deployment and usage of the UCR wireless network progresses, UCR Computing reserves the right to change the usage policies and guidelines as necessary, for the sole benefit of UCR students, faculty, and staff, to provide a safe and reliable computing environment.

Notes

i VPN client for the wireless network infrastructure at UCR is available from UCR Computing.

For an Adobe Acrobat (PDF) version of the Wireless Network Policy click HERE

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-3555
Fax: (951) 827-4541
E-mail: helpdesk@ucr.edu

Footer