U.C. Riverside Wireless Network Policy and Guidelines

Drafted 02 August 2001
I. Introduction

The use of wireless networking provides a more versatile way to access the Internet and to use a laptop computer, broadening the scope of mobile computing. With the added benefits of a wireless network at U.C. Riverside, there also comes additional responsibility. A wireless user must be aware of the inherent security issues that exist in a wireless environment. Caution must be exercised to ensure a safe, secure, and reliable computing environment. This document of policies and guidelines serves to address three key issues regarding participation in the wireless network at U.C. Riverside:

  1. Security concerns while computing in a wireless networking environment.
  2. Proper computing habits that can be used to minimize any possible repercussions in using the wireless network and to provide a safe and protected computing environment.
  3. Acceptable user conduct on the wireless network and the penalties for misuse of the wireless network.
II. Wireless Networking Issues

It is important to understand the unique nature of a wireless network. While it is not necessarily true that a wireless network is less secure than a wired network, the differences in the infrastructure of a wireless network versus a wired network create areas of concern, which should be known by all prospective users.

The UCR wireless network relies on the industry standard 802.11b/g networking protocol, which uses the 2.4GHz radio frequency range. In other words, communication of data between the client side and the wireless access point, or receiver, is broadcast over radio waves. This means that data is being transmitted in public airspace where the communication could possibly be intercepted by eavesdroppers.

802.11b/g supports an encrypted standard known as Wired Equivalent Privacy (WEP), which provides a certain level of encryption for wireless networking communications. But UCR Computing has decided not to employ WEP encryption due to known security weaknesses, which make the implementation of a WEP encrypted wireless networking environment less beneficial in the long run, and due to a more effective alternative of Virtual Private Networking (VPN)i.

Therefore, without the implementation of WEP encryption, unless the VPN client is employed, it is vital for users to understand that data sent and received over a wireless connection will generally be in clear text, and unencrypted.

It is worthwhile to note that communications on a wired network can also be intercepted. Due to the broadcast of wireless communications in open air, the likelihood of client communications being intercepted is increased.

Also, as with any networked computer, a computer on the wireless network will be open to possible unauthorized access from other parties on the Internet. If resources on the computer are shared, such as the hard drive, outside parties will be able to see the shared hard drive and may be able to access the share if improperly configured and not secured with a strong password.

III. Proper Computing Habits

The dangers of unencrypted communications can be minimized through good computing habits. Using the guidelines below will decrease your risk.

  1. The use of encryption while checking email is highly recommended. If using an email client such as Eudora or Apple Mail to check email, ensure that encryption is enabled. Browser connections to UCR Webmail are encrypted via SSL.
  2. When submitting a username and password on a web site, make sure it is SSL encrypted. SSL, or Secure Socket Layerii, is an encryption protocol drafted by the Netscape Communications Corporation to protect data being sent back and forth between a client user and a web site. For example, the UCR Paws server where students register for classes and check grades is SSL encrypted. UCR Computing and Communications highly recommends that wireless network users do not submit important information such as passwords and credit card numbers on a web site form unless the web site form uses SSL encryption.
  3. Turn off any drive sharing on a computer using the wireless network. If sharing of drives and files is necessary, use a password to protect the drive shares.

These same habits not only apply to wireless networks, but should also be considered when using standard wired network connections as well.

IV. User Conduct And Network Guidelines

The University of California, Riverside desires to protect its users as much as possible, and therefore, deems it necessary to define what constitutes improper usage of the wireless network and policies that will be employed for the wireless network.

  1. We reserve the right to limit bandwidth on a per connection basis on the wireless network, as necessary, to ensure network reliability and fair sharing of network resources for all wireless users.
  2. We reserve the right to monitor and log communications on a per connection basis to ensure proper usage of network resources.
  3. Mass emailing, or spamming, will not be tolerated on the wireless network. Such practices are an unnecessary use of bandwidth resources and are socially improper.
  4. Running servers or daemons on the wireless network is prohibited. Such programs use an exorbitant amount of network bandwidth and resources.
  5. Any attempt to break into or gain unauthorized access to any computers or systems from a wireless connection is prohibited. Any type of unauthorized access to computer systems is an unlawful practice that is not condoned by U.C. Riverside.
  6. Any type of Denial of Service attack (DoS attack) using the wireless network will not be tolerated. DoS attacks not only cause unnecessary usage of UCR network resources, but also can also cause bandwidth and financial losses for other affected parties.
  7. Running any unauthorized data packet collection programs on the wireless network is prohibited. Such practices are a violation of privacy and constitute the theft of user data.
  8. All other standard usage policies for UCR networks apply to the UCR wireless network.

Students, faculty, and staff that use the wireless network are assumed to have accepted the above rules and conditions regarding the wireless network.

Students violating the wireless network policies will be disciplined by the UCR Student Conduct Committee as defined in section 103.00 of the UCR Student Conduct Codeiii.

V. Conclusion

As the deployment and usage of the UCR wireless network progresses, UCR Computing reserves the right to change the usage policies and guidelines as necessary, for the sole benefit of UCR students, faculty, and staff, to provide a safe and reliable computing environment.

  • Information about the VPN client is available at http://cnc.ucr.edu/vpn
  • http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
  • http://www.vcsse.ucr.edu/conduct/discipline.html