Á¿×Ó×ÊÔ´

Skip to main content
Back to LUC.edu
Information Technology Services

Wireless Access Points Á¿×Ó×ÊÔ´

Scope:

This policy covers all devices that provide wireless access to the Á¿×Ó×ÊÔ´ network.

Purpose:

Devices that provide wireless access to a network are commonly referred to as wireless access points or wireless routers. These devices may create a security risk by providing unauthorized access to Á¿×Ó×ÊÔ´ resources, including the disclosure of Á¿×Ó×ÊÔ´ protected data.

Á¿×Ó×ÊÔ´:

Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building.

Any wireless connectivity into the PCI-DSS environment is strictly prohibited. Wireless networks are not allowed to connect to the credit card processing (High Security Network) environment under any circumstances.

PCI-DSS Rogue Access Point Detection

Each quarter a helpdesk ticket will be created and assigned to ITS Network Services to request a rogue wireless scan at all sites where credit cards are processed. The scan will be performed using a wireless scanner. Scan information will be reviewed and compared to a list of known Á¿×Ó×ÊÔ´ access points as well as known nearby Non-Á¿×Ó×ÊÔ´ access points (e.g. Starbucks). All non-Á¿×Ó×ÊÔ´ access points will be checked against the Á¿×Ó×ÊÔ´ network MAC address table to verify that the MAC address is not present on Á¿×Ó×ÊÔ´ networks. The outside access point will be added to the Á¿×Ó×ÊÔ´ wireless management system (NCS) and is marked as ‘malicious’. NCS will alert Network Services should it appear on the Á¿×Ó×ÊÔ´ network.  Results are to be saved to a spreadsheet and the ticket closed.

When Information Technology Services (ITS) becomes aware of any problem that involves a device operating as a wireless access point that is attached to the campus network in violation of this policy, the network connection to the device will be severed. If additional attempts to reconnect a prohibited device to the campus network are made, the matter will referred to the appropriate University disciplinary staff.

Questions about this policy:

If wireless access is inadequate in your area, contact the ITS Helpdesk (773) 508-4487 for assistance or if you have questions about this policy, please contact the University Information Security Office at DataSecurity@luc.edu.

Exceptions:

Exceptions to this policy will be handled in accordance with the ITS Security Á¿×Ó×ÊÔ´.

Review:

This policy will be maintained in accordance with the ITS Security Á¿×Ó×ÊÔ´.

Emergencies:

In emergency cases, actions may be taken by the Incident Response Team in accordance with the procedures in the ITS Incident Response Plan.  These actions may include rendering systems inaccessible.

±á¾±²õ³Ù´Ç°ù²â:

  • July 13, 2005: Initial Á¿×Ó×ÊÔ´
  • August 5, 2008: Revised
  • November 1, 2012: Annual review for PCI Compliance
  • February 14, 2013: Revised
  • August 6, 2013: Revised
  • June 17, 2014: Annual review for PCI Compliance
  • April 20, 2015: Annual review for PCI Compliance
  • May 17, 2016: Annual review for PCI Compliance
  • June 5, 2017: Annual review for PCI Compliance
  • June 12, 2018: Added Exception, Review and Emergencies, Annual Review for PCI Compliance
  • July 15, 2019: Corrected language that refers to the rogue wireless scan, Annual Review for PCI Compliance
  • July 14, 2020: Annual review for PCI Compliance