Guest Access to Wireless Network
To identify the process for granting access to the KU wireless local area network (WLAN) for those who are not members of the KU community and to clarify the role of the Technical Liaisons in the support of non-KU access to KU’s WLAN.
These procedures provide Technical Liaisons and/or designated departmental system administrators the appropriate guidelines to provide for department guest or visitor accounts for use of KU’s Wireless Local Area Network (WLAN).
Implementing Wireless service for Authorized Guests
· The Technical Liaison (or another administrative designate such as department chair, dean, etc.) is responsible for those they authorize. The Technical Liaison, following appropriate procedures for approval withinthe Technical Liaison's department, will determine whether an individual is eligible for access to KU’s WLAN. Technical Liaisons should consider the following when authorizing individuals for access to KU’s WLAN:
1. An individual’s need for wireless vs. wired access.
2. The “security state” of the guest’s wireless “device” (computer, PDA, etc.):
a. Virus protection active on the Authorized Guest device.
b. Updates applied to the device used by the Authorized Guest.
· Technical Liaisons must have attended the ANSR training provided by Information Services prior to authorizing any users for use of the WLAN.
· Guest WLAN IDs will be stored in the sponsoring department’s network (ANSR) portion of KU’s LDAP directory in order to keep them separate from KU faculty, staff and student IDs stored elsewhere. The department/unit TL is responsible for adding the Guest WLAN IDs to ANSR. (See Granting WLAN Access to Authorized Guests in ANSR Training at http://www.nts.ku.edu/services/data/networkmgmt/ansr/index.jsp)
· IDs must be unique for each. The TL is responsible for being able to associate and identify a specific with the ID they are using.
· First tier support for those with IDs is provided by the department TL. The IT Customer Service Center should be contacted for issues related to the wireless service but user support for those authorized by departments is provided by the TL.
· Technical Liaisons are responsible for the timely removal of the ID within 24 hours after access is no longer needed.
Failure to abide by the requirements of this procedure may result in termination of the user’s or departmental WLAN account privileges. Inappropriate guest user behavior on the University Network may also be subject to sanctions, including the loss of network access privileges, and legal action. Some violations may constitute criminal offenses under local, state, and federal laws. The University will carry out its responsibility to report such violations to the appropriate authorities.
Chief Information Officer
345 Strong Hall
1450 Jayhawk Blvd
Lawrence, KS 66045
Need for non-KU access to the Internet
Accessing the “internet” is now a fundamental requirement for nearly all University related activities.
Demand for greater mobility and ease of use of the network: People in such an environment also have growing expectations regarding where and how such access can be made, including the demand for greater mobility and ease of use. These factors have contributed to the growing presence of IEEE 802.a/b/g based Wireless LAN (WLAN) services.
The network as a collaboration tool: Collaboration, especially in the research community, has also become increasingly important. Information technology can help facilitate collaboration, and a cornerstone of this is a ubiquitous network. Collaborating with colleagues often involves gathering them together, commonly done via a conference or seminar.
Intra-community research requires Internet access for sharing: When those collaborating come from different institutions, the expectation is that local policies (especially security), practices, procedures, technologies, etc. will provide Internet access to them in a convenient manner. Numerous KU faculty, staff, and researchers have said their guests/visitors require and expect internet access, primarily in the form of WLAN service. In fact most academic/research-oriented institutions now provide such service to their guests who are involved with university events or activities.
Need for non-KU “person” access and network security may be conflicting: The growing need for user identification, authentication, and authorization (IAA) can sometimes create conflicts between the host institution’s need to maintain security and the desire to support WLAN based internet access to guests/visitors. Currently, KU policy prescribes that all users of WLAN service must be authenticated in order to provide for the ability to track use in the case of a security incident. For a KU person, the KU online ID is utilized for this authentication. In order to provide for guest access, there is a need to identify a KU “sponsor” of the person and create such an ID for guests/visitors. Individuals who need guest access will be called Authorized Guests (). ). Note: Authorizing a guest to use KU’s WLAN service is based on the sponsoring KU department, and NOT on the physical location where WLAN access will be used. The creation of an ID will enable that guest to use KU’s WLAN service anywhere it is available on campus.
KU’s WLAN Requirements
· An IEEE 802.11a/b/g compatible network card and a web browser are required to access KU’s WLAN.
· Online ID needed: The current authorization process uses information stored in the LDAP directory, with an appropriate online ID stored in either the auth accounts or network (ANSR) branches. Even though an online ID for an would be temporary, the ID would still need to be created and stored in LDAP for the period of time during which access to the KU WLAN was authorized.
07/12/2016: Updated to remove gendered pronouns.
Reviewed 9/11/07 to reflect NTS/IT reorganization of responsibility.