Essentially there are two reasons why unmanaged wireless networks should not be setup. Given that ‘WiFi’ technology is extremely popular, this document seeks to set out the reasoning behind this policy decision.

The Reasons: 1. Spectrum Management

Wireless networking via 802.11 a/b/g standards relies on broadcasting radio signals on certain unlicensed public bands to carry user data. Within each assigned block of bandwidth, there are several numbered frequency bands to which a wireless device can be tuned. However, just as when tuning in to a radio station the signal can be picked up for some distance either side of the peak signal, so in wireless networking assigning a device to a given band creates interference on the bands either side of it. This gives us the first reason against allowing wireless networking in Halls:

“Setting up a wireless service denies bandwidth to other legitimate users”

This has several implications. For the most popular standards, just four devices within the same coverage cell are sufficient to ‘use up’ all of the bandwidth available. Purely in terms of a Hall, who would decide of the many potential users who would get the opportunity to have wireless service? However, wireless doesn’t respect room or even building boundaries. The bandwidth used would be denied not only to fellow students, but also Departmental facilities in the immediate area on campus, or to neighbours of the University, including businesses, hospitals and private individuals. This is our second reason:

“Wireless services cannot be constrained to a controlled area”

To minimise this negative impact, the University operates a bandwidth management plan, and any new installations are made only after careful survey work and the adjustment of band-allocations of existing systems to ensure everything keeps running. Dropping an unplanned access point into the middle of this carefully defined pattern of balanced wireless cells creates disruption to University services. Moreover, the class of access points aimed at the home user are not designed with working together in a larger enterprise environment in mind, and have various undesirable features that further reduce the ability to operate a core University wireless service in the presence of such systems.

Another aspect of spectrum management is that wireless networking is not the purpose that makes use of the unlicensed bandwidth. The assigned frequencies are known as the ISM band, which stands for Industrial, Scientific and Medical. The University operates devices in all these classes not directly related to data networking, so unplanned use of these frequencies could potentially have impact on research activities, or the health and safety of staff and students. Our third reason:

“Wireless bandwidth is not just used for data networks.”

One trivial example is that a number of security systems on campus operate in this band, so could be triggered or blocked by rogue wireless access points, putting your property or safety at risk.

The Reasons: 2. Security

Despite all the advertising to the contrary, it is extremely difficult to operate a secure wireless network. The capabilities of home-user class access points are barely adequate to protect their target market of family data from casual attack. By contrast, the University is an attractive target in terms of having huge amounts of bandwidth and computing power, storing confidential research data, financial and student records, and having a prominent public profile. For these reasons, the institution is far more likely to be the subject of more systematic attack, and so must take steps to protect these resources accordingly.

A home-class access point even set up to its highest security capabilities is simply not adequate to this task. This is why the University spends an order of magnitude more per access point, tens of thousands on backend systems, and employs full-time wireless experts to administer them and maintain full audit trails of all activity on the network. The risk isn’t purely of active attacks on the network. An advertised wireless service could attract associations from ‘passing’ devices without any deliberate intent, and such a connection could potentially pass along viruses from infected systems. This, then, is the most important reason:

“An insecure wireless service opens a route into the heart of the campus network from which disruptive attacks (both active and passive) could be launched.”

Running a secure wireless system is an expensive, full-time skilled job. No student could do so whilst also completing their programme of study. Whilst the risk that a given student-run access point would actually be exploited is relatively small, the consequences of such an exploit are potentially so significant that the overall hazard is prohibitive.

Another risk associated with a student running their own wireless service is that the campus audit trail stops at their Ethernet point. If someone used their wireless system from outside to commit a criminal act, or a breach of University regulations, there is no way for the IT staff of the University to present evidence proving that students innocence.

A student running a wireless service would be responsible for anything done from that service without necessarily being able to control who used it or for what.

The policy implemented reduces the risk that someone may end up facing criminal prosecution and ending up in prison simply because they knew less about wireless networking than they thought they did.