| 144.0 |
Wireless access points will not subject protected State of Alaska networks to unnecessary risk. |
Wireless access points shall not be deployed on any protected State of Alaska network in a manner that would expose or otherwise bypass existing security mechanisms of that network. The State Computer Security Officer shall review all wireless networks which have internal connectivity to any State of Alaska network to ensure policy adherence. |
This policy is simple in requirement, but complex in administration and implementation. A policy such as this will provide for protecting ALL wireless access points connected to State of Alaska networks. Such protection is necessary as wireless technologies are still continuing to evolve, and Computer Security Officers will have the burden of staying knowledgeable and abrest of changes, vulnerabilities and how to best protect the State of Alaska.
See also the policy "Wireless network connections to protected State of Alaska networks must employ encrypted tunnels." |
| 145.0 |
Wireless network connections to protected State of Alaska networks must employ encrypted tunnels. |
This policy sets forth the necessity of protecting the transmit and receive data streams of wireless network connections by requiring such traffic to take place within encrypted tunnels which meet State of Alaska security standards. |
The implementation of such a policy as this is critical in maintaining a set level of security. Without such a policy in place, packet analyzers could be employed to garner knowledge which could be utilized to spoof legitimate clients. This is most notable with the discover of limitations within the WEP (Wireless Equivalency Privacy) protocol in 2001, in which WEP was demonstrated ineffective at providing a private communication link between a client and an access point. By employing encrypted tunnels, such as VPN or other technologies, the State of Alaska ensures that the data streams passing within a communication link between client and an access point cannot be easily intercepted.
Also see the policy "Wireless access points will not subject protected State of Alaska networks to unnecessary risk" |