2.4 Wireless Network Standard
2.4.1. Overview
See Purpose.
2.4.2. Purpose
This standard specifies the technical requirements that wireless infrastructure devices must satisfy to connect to a Highline College network. Only those wireless infrastructure devices that meet the requirements specified in this standard or are granted an exception by ITS are approved for connectivity to a Highline College network.
2.4.3. Scope
All employees, contractors, consultants, temporary and other workers at Highline College and its subsidiaries, including all personnel that maintain a wireless infrastructure device on behalf of Highline College, must comply with this standard. This standard applies to wireless devices that make a connection the network and all wireless infrastructure devices that provide wireless connectivity to the network.
2.4.4. Standard
2.4.4.1 General Requirements
All wireless infrastructure devices that connect to a Highline College network or provide access to Highline College Confidential, Highline College Highly Confidential, or Highline College Restricted information must:
- Use Extensible Authentication Protocol-Fast Authentication via Secure Tunneling (EAP-FAST), Protected Extensible Authentication Protocol (PEAP), or Extensible Authentication Protocol-Translation Layer Security (EAP-TLS) as the authentication protocol.
- Use Temporal Key Integrity Protocol (TKIP) or Advanced Encryption System (AES) protocols with a minimum key length of 128 bits.
- All Bluetooth devices must use Secure Simple Pairing with encryption enabled.
2.4.4.2 Lab and Isolated Wireless Device Requirements
- Lab device Service Set Identifier (SSID) must be different from Highline College production device SSID.
- Broadcast of lab device SSID must be disabled.
2.4.4.3 Home Wireless Device Requirements
All home wireless infrastructure devices that provide direct access to a Highline College network, such as those behind Enterprise Teleworker (ECT) or hardware VPN, must adhere to the following:
- Enable WiFi Protected Access Pre-shared Key (WPA-PSK), EAP-FAST, PEAP, or EAP-TLS
- When enabling WPA-PSK, configure a complex shared secret key (at least 20 characters) on the wireless client and the wireless access point
- Disable broadcast of SSID
- Change the default SSID name
- Change the default login and password
2.4.5. Compliance
2.4.5.1 Compliance Measurement
ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-throughs, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.
2.4.5.2 Exceptions
Any exception to the standard must be approved by ITS in advance.
2.4.5.3 Non-Compliance
An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.
2.4.6. Related Standards, Policies, and Processes
None.
2.4.7. Revision History
Date | By | Summary |