...
The NCSA wireless networks (those giving public NCSA IP addresses) must not give an adversary advantages they wouldn't already have with NCSA authentication credentials and thus could execute from anywhere with VPN access.
- Enterprise WPA2 wireless protection or equivalent will be usedCryptographic and security configurations will be consistent with UIUC policies and standards of practice.
- NCSA wireless networks are not for guest use, but instead guests should use a CITES provided wireless network.
- These networks authenticate and authorize against the NCSA LDAP service.
- Only the NCSA and/or CITES network teams can configure access points and networking hardware for the wireless network; there will be no rogue or unapproved wireless networks.
- The security team must have the ability to quickly map wireless IPs and timestamps to users for at least 90 days.
- Like the default office subnets, the primary wireless network is firewalled or equivalently controlled to not allow servers for outside the NCSA IP space.
...