Wireless Communication Policy
1.0 Purpose
This policy prohibits access to The College of New Rochelle (CNR) networks via unsecured wireless communication mechanisms. Only wireless systems that meet the criteria of this policy or have been granted an exclusive waiver by Information Systems are approved for connectivity to CNR networks.
      
2.0 Scope

This policy covers all wireless data communication devices (e.g., personal computers, cellular phones, PDAs, etc.) connected to any of CNR’s internal networks. This includes any form of wireless communication device capable of transmitting packet data. Wireless devices and/or networks without any connectivity to CNR networks do not fall under the purview of this policy.
        
3.0 Policy

3.1 Register Access Points and Cards

All wireless Access Points / Base Stations connected to the College network must be registered and approved by The Office of Information Systems (OIS). These Access Points / Base Stations are subject to periodic security tests and audits and if it is determined that wireless devices are interfering with the CNR wireless network and/or its users, OIS will require that the device be removed. All wireless Network Interface Cards (i.e., PC cards) used in laptops, desktop computers and other network devices must be registered with OIS.

3.2 Approved Technology

All wireless LAN access must use OIS-approved vendor products and security configurations.

3.3 VPN Encryption and Authentication

All computers on CNR’s wireless network must be configured with WPA encryption with PEAP authentication or be configured with the Odyssey Client in order to function on the network. All computers with wireless LAN devices must utilize the CNR Virtual Private Network (VPN) when conducting official College business on an external network. To comply with this policy, wireless implementations must maintain point to point hardware encryption of at least 56 bits. All implementations must support a hardware address that can be registered and tracked, i.e., a MAC address. All implementations must support and employ strong user authentication which checks against an external database such as TACACS+, RADIUS or something similar.    
        
4.0 Sanctions for Policy Violations

Violations of these policies will be dealt with in the same manner as violations of other College policies and may result in disciplinary review by the College as well as a private cause of action. By such a review, the full range of disciplinary sanctions is available, including the loss of computer use privileges and dismissal from the College.