Wireless Access Points Security

  • Procedure Type: Information Technologies
  • Procedure Title: Wireless Access Points Security
  • Procedure Number: NA
  • Office Responsible: Information Technologies
  • Related Policies:  Information Technologies & Resources
  • Related Procedures: NA
  • Related Laws: NA
  • HLC Criterion: NA

Objective
In accordance with the Information Security and Acceptable Use Policy, all systems owned or managed by Oakland Community College must be adequately protected to ensure confidentiality, integrity, availability, and accountability of such systems. Wireless access points are used to extend College network segments and provide access to networked hosts via wireless connection methods. As a result, wireless access point might be accessible from beyond physically secured College buildings and properties.

Physical Location
Wireless access points should be installed in inconspicuous locations and be appropriately secured to limit the possibility of theft or tampering. Installation in a physically secured office suite provides adequate security; access points located in public-use areas may benefit from additional security  measures such as locks.

Support Requirements
All access points will be provided and centrally maintained by the OCC IT. All wireless access points must have a valid support contract.

Patching
Wireless access points device firmware must be at least n-1, all Security patches must be installed within 14 days, in a timely manner, depending on the likelihood and impact of vulnerability exploitation.

  • Configuration
    Authentication: IEEE 802.1x or similar user authentication, based on OCC User ID, is required for wireless access points connected to OCC’s internal networks where Confidential or Controlled Data is accessible. Guest networks configured to provide general Internet access require authentication using email and SMS.
  • Encryption: WPA2 or stronger encryption is required. WEP and WPA are not sufficiently secure and must not be used.
  • Default Settings: Default settings for encryption keys, SNMP passwords, pre-shared keys, and passphrases must be changed prior to wireless access point implementation.

Server Registration
All wireless networks and access points must be recorded with the Information Security Office.

The College wired network may not be extended using unauthorized and/or consumer-grade hardware without the review and authorization of IT.

Logging
Activity must be logged and retained for a minimum of 90 days to facilitate troubleshooting and investigations. The following types of activities must be logged:

  • Successful and unsuccessful login attempts
  • Any device modification operation
  • Rejected connection attempts. Logging of allowed connections is recommended when feasible.

Logs should also be sent to a centralized logging server to reduce storage requirements on local systems 
and reduce feasibility of log tampering.

Incident Management
System owners are required to report any suspicious activity to the IT for investigation.

Backup / Recovery
Backup and recovery procedures must be established to ensure that wireless networks can be rebuilt in the event of a disruptive event. Further, configuration backups should be captured before significant configuration changes to ensure a method of failing back after an unexpected disruption. Backup media should be encrypted if transported or stored outside of an OCC facility.

Exemptions
In the event that compliance with this standard cannot be met, please contact ITSecurity@oaklandcc.edu to submit an exemption request that will be approved or denied by IT. Denied exemption requests may be appealed to the CIO for final decision

Change Log

  • 07-01-2018  Effective date

OCC Logo