Wireless Access Points Policy
Information Technology Services Policy
Title: Wireless Access Point and Router Policy
Created: July 13, 2005
Author: University Information Security Office (UISO)
This policy covers all devices that provide wireless access to the Loyola network.
Devices that provide wireless access to a network are commonly referred to as wireless access points or wireless routers. These devices may create a security risk by providing unauthorized access to Loyola resources, including the disclosure of Loyola protected data.
Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building.
Any wireless connectivity into the PCI-DSS environment is strictly prohibited. Wireless networks are not allowed to connect to the credit card processing (High Security Network) environment under any circumstances.
PCI-DSS Rogue Access Point Detection
Each quarter a helpdesk ticket is created to request a wireless inspection at all PCI sites using a wireless scanner by ITS Network Services will perform a. Scan information will be reviewed and compared to a list of known Loyola access points as well as known nearby Non-Loyola access points (e.g. Starbucks). All non-Loyola access points will be checked against the Loyola network MAC address table to verify that the MAC address is not present on Loyola networks. The outside access point will be added to the Loyola wireless management system (NCS) and is marked as ‘malicious’. NCS will alert Network Services should it appear on the Loyola network. Results are to be saved to a spreadsheet and the Heat ticket is closed.
When Information Technology Services (ITS) becomes aware of any problem that involves a device operating as a wireless access point that is attached to the campus network in violation of this policy, the network connection to the device will be severed. If additional attempts to reconnect a prohibited device to the campus network are made, the matter will referred to the appropriate University disciplinary staff.
Questions about this policy:
If wireless access is inadequate in your area, contact the ITS Helpdesk (773) 508-4487 for assistance or if you have questions about this policy, please contact the University Information Security Office at DataSecurity@luc.edu.
July 13, 2005: Initial Policy
August 5, 2008: Revised
November 1, 2012: Annual review for PCI Compliance
February 14, 2013: Revised
August 6, 2013: Revised
June 17, 2015: Annual review for PCI Compliance, added section for Rogue Detection