Brevard County (Florida)
Administrative Procedures
 

7540N - WIRELESS SECURITY ACCESS PROCEDURE

Purpose

The purpose of this procedure is to define standards, procedures, and restrictions for connecting to the Board's internal network(s) or related technology resources via any means involving wireless technology. This can include, but is not limited to, access from the following:

 A.wireless gateways on Board premises;

 B.third-party wireless Internet service providers (also known as "hotspots").

The policy applies to any equipment used to access Board resources, even if said equipment is not Board-sanctioned, owned, or supplied. For example, use of a public library's wireless network to access the corporate network would fall under the scope of this policy.

The overriding goal of this policy is to protect the Board's technology-based resources (such as data, computer systems, networks, databases, etc.) from unauthorized use and/or malicious attack that could result in loss of information, damage to critical applications, loss of revenue, and damage to the public image. Therefore, all users employing wireless methods to the technology resources must adhere to company-defined processes for doing so.

Scope

This policy applies to all Board employees, including full-time staff, part-time staff, contractors, freelancers, and other agents who utilize company-owned, personally-owned, or publicly-accessible computers to access the organization's data and networks via wireless. Wireless access to enterprise network resources is a privilege, not a right. Consequently, employment at the Board does not automatically guarantee the granting of wireless access privileges, although a valid AUP shall provide wireless access privileges.

Any and all work performed on Board computers by any and all employees through a wireless access connection of any kind is covered by this policy. Work can include, but is not limited to, E-mail correspondence, web browsing, utilizing intranet resources, and any other company application used over the Internet.

All wireless access will be centrally managed by the Board's educational technology department and will utilize encryption and strong authentication measures (a minimum of 128 bit WEP key). Addition of new wireless access points within corporate facilities will be managed at the sole discretion of educational technology. Non-sanctioned installations of wireless equipment, or use of unauthorized equipment within the organizational campus is strictly forbidden.

Supported Technology

All wireless access points within the corporate firewall will be centrally managed by the Board's educational technology department and will utilize encryption, strong authentication, and other security methods at educational technology's discretion. Although educational technology is not able to manage public wireless resources, end-users are expected to adhere to the same security protocols while utilizing this equipment. Failure to do so can result in immediate suspension of all network access privileges so as to protect the company's infrastructure.

The following table outlines the Board's recommended minimum system requirements for a computer, workstation, or related device to wirelessly connect to the Board's systems. Equipment that does not currently meet these minimum requirements will need to be upgraded before wireless connection can be sanctioned by educational technology.

 

PC and PC-Compliant Computers

 

Macintosh Computers

 

Handhelds, PDAs, and Portables

           

Operating System(s)

Windows 2000

 

OS 9.0

 

Pocket PC

           

CPU (Type, Speed)

Intel/AMD Pentium III

 

N/A

 

N/A

           

Disk Space

1 GB

 

1 GB

 

N/A

           

Wireless NIC Type(s) (Manufacturer/Model #)

Cisco
Dell
HP

 

Apple

 

Cisco
Dell
HP

           

Wireless Standard(s) (802.11a, b, g, or other)

802.11 b/g

 

802.11 b/g

 

802.11 b/g

Eligible Users

Information technology will define a list of traffic types that are acceptable for use over a wireless connection. More sensitive business activities will be similarly defined and will be limited to non-wireless environments. An application form (Form 7540N F1) shall be approved and signed by the employee's unit manager, supervisor, or department head before submission to the information technology department.

In the event that expenses are incurred and leadership has approved reimbursement, all expense forms for reimbursement of costs (if any) incurred due to the need for wireless access for business purposes (i.e., Internet connectivity charges) must be submitted to the appropriate unit or department head. Financial reimbursement for wireless access is not the responsibility of the information technology department. If this class of access is foreseen to be needed, contact the leader to request assistance to fill out a business case.

Policy and Appropriate Use

It is the responsibility of any employee of the Board who is connecting to the organizational network via wireless to ensure that all components of his/her wireless connection remain as secure as his/her network access within the office. It is imperative that any wireless connection used to conduct Board business be utilized appropriately, responsibly, and ethically. Failure to do so will result in immediate suspension of that user's account. Based on this, the following rules must be observed:

 A.General access to the organizational network through the Internet by residential remote users through the Board's network is permitted. However, access to the network is limited to Board business only.

 B.Employees using wireless access methods will, without exception, use secure remote access procedures. This will be enforced through public/private key encrypted strong passwords in accordance with the Board's password policy. Employees agree to never disclose their passwords to anyone, particularly to family members if business work is conducted from home.

 C.All remote computer equipment and devices used for business interests, whether personal or company-owned, must display reasonable physical security measures. Users are expected to secure their corporate-connected machines when they are physically at their machines, as well as when they step away. Computers will have installed whatever anti-virus software deemed necessary by the Board's educational technology department. Anti-virus signature files must be updated in accordance with existing company policy.

 D.Remote users using public hotspots for wireless Internet access must employ for their devices a company-owned personal firewall, VPN, and any other security measure deemed necessary by the information technology department. Information technology will support its sanctioned hardware and software, but is not accountable for conflicts or problems whose root cause is attributable to a third-party product.

  1.Hotspot and remote users must disconnect wireless cards when not in use in order to mitigate attacks by hackers, war drivers, and eavesdroppers.

  2.Any time a computer is hardwired to the network, wireless cards must be disabled.

 E.Employees, contractors, and temporary staff will make no modifications of any kind to company-owned and installed wireless hardware or software without the express approval of the Board's educational technology department. This includes, but is not limited to, split tunneling, dual homing, non-standard hardware, or security configurations.

 F.Employees, contractors, and temporary staff with wireless privileges must ensure that their computers are not connected to any other network while connected to the Board's network.

 G.The wireless access user agrees to immediately report to his/her manager and the Board's educational technology department any incident or suspected incidents of unauthorized access and/or disclosure of company resources, databases, networks, and any other related components of the organization's technology infrastructure.

 H.The wireless access user also agrees to and accepts that his/her access and/or connection to the Board's networks may be monitored to record dates, times, duration of access, data types, and volumes, etc., in order to identify unusual usage patterns or other suspicious activity. As with in-house computers, this is done in order to identify accounts/computers that may have been compromised by external parties.

 I.Educational technology reserves the right to disable without notice any access port to the network that puts the company's systems, data, users, and clients at risk.

Policy Non-Compliance

Users who violate the terms of said procedure shall be denied the privilege of using the Board's technology and may be subject to disciplinary action, civil action, and/or criminal prosecution.

Approved 9/12/05