[unisog] Wireless in residence building - Tricky problem

Marc Jimenez mjimenez at net.tufts.edu
Tue Nov 4 22:53:49 GMT 2003


Hi Folks,
	One thing to consider is that the 2.4Ghz spectrum is publicly
owned. I had a tentative request from a faculty member a year or two back
that we "jam" this frequency range to prevent students from using wireless
devices in classrooms during exams.
	At the time, I casually consulted legal advice about this, and was
informed that deliberately interfering with use of the unlicensed bands
was illegal. You can use it all you'd like yourself, but you cannot
*deliberately* interfere with someone else's use. I would speak to an
attorney to get the fine points before pursuing this course of action.
	If students connect APs to their own network equipment (i.e. a
cable modem), there is not much legal ground for prohibiting it. What they
connect to *your* network, you can of course regulate any way you'd like.
We also do port-locking. This is of limited utility given the number of
APs which now do NAT, but it does raise the bar somewhat. I have put in
requests with several router manufacturers for features to manipulate the
TTL of unicast packets outbound from the router, with the idea of setting
TTL to 1 and forcing NAT appliances to drop the packets. No luck in seeing
this feature emerge yet.
	The fundamental issue involved in student wireless equipment is in
the legality of airspace/frequency use, which they have just as much right
to personally as you do as an institution. Moreover, if the AP is in their
room, most states will not allow you entrance to that room without a
search warrant, so how do you prove conclusively that they are the
problem without violating their civil rights?
	Our strategy has been to do what we can, technically and via
policy, to limit what devices students connect to our network.
Interference in the airwaves is something for the FCC to solve, not us.

	Just my $.02,
		Marc

Marc Jimenez
Manager, Network Engineering and Security
Tufts University

On Tue, 4 Nov 2003, GREGORY SEIBERT wrote:

>
> I won't get into the debate of whether regulation is good or not but, early
> on, many institutions laid down a policy that they owned the airwaves in
> able to have some kind of say in what would appear using this kind of
> technology. I think there are many instances of this in various campus
> wireless policies. That has been our policy here, but we have not had to
> take a stand in an enforcement action as of yet. Everyone wants to
> cooperate so far.
>
>
>       Greg Seibert
>       Director of Security and Compliance
>       Kent State University
>
>
>
>
>                       Phillip G
>                       Deneault                 To:       "L. Cerantola" <security at rec.ulaval.ca>
>                       <deneault at WPI.EDU        cc:       unisog at sans.org
>                       >                        Subject:  Re: [unisog] Wireless in residence building - Tricky problem
>
>                       11/04/2003 03:52
>                       PM
>
>
>
>
>
>
> How could one make an enforceable policy on that?  If the students are
> using an external ISP, using their own private access points, using public
> frequency ranges, and it doesn't touch your network in any way, then how
> can you say 'thats not ok' and what can you actually do to stop it?
>
> We don't allow outside ISP's(unless they connect through a modem, then who
> cares) and we don't allow wireless networks other than WPI's own because
> we don't want to worry about all the problems that occur when people run
> their own access points and because we can't see who's connecting to our
> network.
>
> Phil
>
> On Tue, 4 Nov 2003, L. Cerantola wrote:
>
> > Hi!
> >
> > I would like to know how you deal with students living on campus
> residence
> > that subscribe to an outside private ISP and install a wireless network
> in
> > their room probably to share the signal with other nearby tenants (that
> > could lead to a messy situation if uncontrolled... don't you think ???).
> >
> > Do you have policies or standards to manage this kind of behavior ?
> >
> > Regards!
> >
> > L. Cerantola, CISSP, CISM
> > IT Security Officer
> > Laval University
> >
> >
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Phil Deneault     "We work in the dark, We do what we can,
> deneault at wpi.edu   We give what we have. Our doubt is our passion,
> WPI NetOps         and our passion is our task. The rest is the
> InfoSec            madness of art." - Henry James
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>
>
>
>
>
>
>
>



More information about the unisog mailing list