Wireless Networking and Security Standards
Submitted by Travis Carroll on Tue, 2012-08-28 13:35
These standards address the need for an organized approach in deploying wireless technologies on the UCSF enterprise network. Adherence to these standards will allow UCSF schools, departments and individuals (including students in residence halls connected to the UCSF network) to deploy wireless networks without compromising the integrity of the campus network. These standards also encourage choices that will result in optimal compatibility between campus wireless local area network (WLAN) installations and will facilitate compatibility with the Medical Center's WLAN. Compatibility will result in better user experiences and lower support requirements.
Definition of Terms
Access point: The term access point includes special-purpose hardware as well as general-purpose computers that are configured to act as base stations or transceivers for wireless LANs. For pure peer-to-peer applications (where it may not be clear which system is the base station), one unit should be registered, so that the channel, SSID, and other information are in the database. IEEE Institute of Electrical and Electronics Engineers or IEEE, the organization responsibility for setting industry-wide data communications standards including wireless LAN standards. Radio Frequency (RF) Site Survey: A procedure that identifies the optimal locations for access points in order to maximize coverage and minimize interference. Typically this is done with specialized equipment operated by trained personnel. Secure Mounting: Mounting access points in a physically secure manner introduces physical security in addition to network security. Access points are far less likely to be stolen or removed without authorization. In addition, unauthorized configuration changes to the access points are less likely to occur. Secure mounting is easy to implement, and provides a baseline of security and interoperability. SSID: The SSID (Service Set Identifier) is a token in wireless data communication packets that identifies an 802.11 (wireless) network. It identifies the name of a wireless network. All of the wireless devices on a WLAN must employ the same SSID in order to communicate with each other. Wireless access points can be configured to broadcast their SSID or not to broadcast their SSID. VPN: An approach to providing authentication and secure data communications. VPN (Virtual Private Network) technology creates an encrypted layer of networking on top of another network, including a wireless network. VPN technology provides an effective and secure means of accessing computers on the UCSF network. A user's computer must run VPN client software in order to use VPN technology. VPN client software is available for nearly all computers and operating systems, including laptops. WAP: Wireless access point. Also sometimes referred to as the wireless base station. WEP: Wireless encryption protocol. WEP is an approved standard for encrypting data in a wireless network and is intended to protect privacy. An encryption key or password must be specified by the user, and the same key must be used by all parties wishing to communicate. WEP keys can be either 40-bits or 128-bits in length; 128-bit keys provide stronger encryption. WEP does not provide an authentication mechanism; that is, it does not control who can use your network. (The same can be said of any end-to-end encryption protocol, since anyone who knows the encryption key can decrypt encrypted data.) WPA: The Wi-Fi Protected Access (WPA and WPA2) protocol implements the majority of the IEEE 802.11i standard, specifying security mechanisms for wireless networks. It replaced the short Authentication and privacy clause of the original standard with a detailed Securityclause, in the process deprecating the broken WEP. Further, the Temporal Key Integrity Protocol (TKIP) for stronger encryption key...
Please join StudyMode to read the full document