Wireless Communication Policy
To explain that in order to safeguard the integrity of the computer network at Aberystwyth Council only wireless systems that meet the criteria laid out below are approved for connectivity to Aberystwyth Council networks. Access via any unsecured wireless communication mechanism is prohibited.
These guidelines covers all wireless data communication devices (e.g., personal computers, mobile phones, PDAs, routers etc.) connected to any of Aberystwyth Council's internal networks. This includes any form of wireless communication device capable of transmitting packet data. Wireless devices without any connectivity to Aberystwyth Council's network do not fall under the purview of this policy.
3.1 Register Access Points
All wireless Access Points and Base Stations connected to the Aberystwyth Council network must be registered and approved by Aberystwyth Council Technical Services.
3.2 Approved Technology
It is important that departments, committees, or individual councillors and staff do not purchase wireless access points that are not appropriate for use at Aberystwyth Council. In order to take advantage of Council's wireless service, and to integrate with existing wireless infrastructure at Aberystwyth Council, careful consideration must be given to a number of factors:
- whether the equipment is standards-based and inter-operates with other equipment;
- the suitability of the location and the equipment for the use that is expected;
- the capacity of any network links and the network path;
- the physical security of the wireless access point;
3.3 Authentication and Encryption
All computers with wireless LAN devices must use Wi-Fi Protected Access, and be configured to drop all unauthenticated and unencrypted traffic. Version 2 (WPA2) is strongly preferred for greater security over version 1 (WPA). The deprecated Wi-Fi Encryption Protocol (WEP) should NOT be used. Wi-Fi Protected Setup (WPS) should NOT be used and must be disabled on all wireless access points, as it represents a security risk. To comply with this policy, wireless implementations must maintain a high level of point to point encryption.
3.4 Setting the SSID
The SSID must be configured so that it does not contain any identifying information about the organization, such as Aberystwyth Council's name, employee name, or other identifier.
|LAN||Local Area Network||An internal network, i.e. a network that is normally separated from the Internet by routers, firewalls and other security systems.|
|SSID||Service Set Identifier||The public name of a wireless network.|
|VPN||Virtual Private Network||A way to communicate through a dedicated server securely to a corporate network over the internet, over an non-secure network.|
|WEP||Wireless Encryption Protocol||A deprecated protocol for 802.11 based networks. It is no longer considered secure.|
|WPA||Wi-Fi Protected Access||Version 1 of a secured protocol for 802.11 based networks.|
|WPA2||Wi-Fi Protected Access||Version 2 of a secured protocol for 802.11 based networks, offering greater security than version 1.|
|WPS||Wi-Fi Protected Setup||A network security standard that allows users to connect wireless devices (iPads, PDAs, smart phones, etc.) to it without security checks.|