Re: Policy Recommendations

[Ronald King <ronald.king () MORGAN EDU>]

We have similar statements as MSU Denver. We found students would connect
their wireless devices and broadcast our SSID. Not only did it circumvent
the security of the managed wireless, it caused an increase in support
calls to our support desk. As for smart TVs and such, students are able to
connect them to an unsecured wireless network once registered.

Ron

*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>


On Wed, Feb 7, 2018 at 12:35 PM, Hart, Michael <mhart20 () msudenver edu>
wrote:

> We had an incident this week that necessitates following up on this exact
> issue.  Here's our policy on the subject:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__msudenver.edu_policy_
> policylibrary_policiesa-2Dz_devicesecurity_&d=DwIFAg&c=
> 0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=
> TkfoLRcx2lyQUEWXbA8FrkV_-elbY4Y3dOT8U47t2mU&s=
> vV5DPxu1jPh3wi60iORKSSOWQlkaL8u7iiDS-J-3gos&e=
>
> Network Devices
> MSU Denver networking systems are to be installed and maintained by MSU
> Denver IT Services Networking administrators. Unauthorized installation or
> use of networking devices such as wireless access points, network switches
> or routers, or other devices can interfere with MSU Denver Networking
> systems, and is therefore prohibited. Unauthorized devices found to be
> connected to MSU Denver networks may be disabled, disconnected, and/or
> confiscated if they are found to be inappropriately installed.
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin Harwood
> Sent: Wednesday, February 7, 2018 10:11 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Policy Recommendations
>
> ?We are contemplating the need for a section in one of our policies that
> includes the topic of connecting network enabled devices (such as IoT,
> rogue AP's, etc) but not sure what guidelines we would want to provide.
> Does anyone have any policies that pertain to this specific topic that they
> could share with me?
>
> Justin Harwood
> Infrastructure Solutions Security Architect ITARS - Security
> Infrastructure Services Central Piedmont Community College Central Campus,
> Citizens 242
> 704-330-6141
> www.cpcc.edu<https://urldefense.proofpoint.com/v2/
> url?u=http-3A__www.cpcc.edu_&d=DwIFAg&c=0CCt47_3RbNABITTvFzZbA&r=
> hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=TkfoLRcx2lyQUEWXbA8FrkV_-
> elbY4Y3dOT8U47t2mU&s=UhVq8DXXLtxX0MBFY8nEMoJDbtcC8UH9qZZQL23PjM4&e=>
>
>
> ________________________________
>
> This e-mail, including any attachments, is intended only for the
> addressee's use and may contain confidential and proprietary information.
> If you are not the intended recipient, you are hereby notified that any
> retention, dissemination, reproduction, or use of the information contained
> in this e-mail is strictly prohibited. If you have received this e-mail by
> error, please delete it and immediately notify the sender. Thank you for
> your cooperation.