All extensions to the network should be done by OIT whenever possible. However, if this is not possible, then extending the network can be done in one of five ways (while following the guidelines below):

• Wireless Access Points
• Hubs and Switches
• Wire
• Modems

The guidelines for extending the network are different for each of these five types. See the appropriate section below.

Should extensions to the network beyond these guidelines be detected on the network, the port to which they are connected will be disabled.

1.1 Wireless Access Points

Departments wishing to add wireless access points must ensure that their devices meet the following guidelines:

• Prior to installation, the device must be registered with OIT (via a Service Desk ticket).
• The access point must use some form of encryption on all client connections, with a minimum security configuration of WPA-PSK.
• The device should be deployed in compatibility mode (802.11b and 802.11g), not in G only. Due to its potentially disruptive nature, 802.11n mode is not permitted.
• Those installing these devices should understand that OIT's responsibility for troubleshooting does not extend to equipment which is connected to non-OIT wireless access points.

Departments wishing to deploy wireless should work with OIT in order to participate in a cost sharing plan.

Additional wireless access points are not permitted in residence halls. [See Progress of Campus Wireless Upgrades for details on updates to wireless connectivity in residential halls.]

1.2 Hubs and Switches

Adding hubs and switches is permitted in residence halls and departments. However, these devices must follow the guidelines below:

• Prior to installation, the device must be registered with OIT (via a Service Desk ticket).
• Only unmanaged devices may be connected to the network.
• Those installing these devices should understand that OIT's responsibility for troubleshooting does not extend to equipment which is connected to non-OIT hubs and switches.

1.3 Wire

Extending the network through wire is the most restrictive of the network modifications. Following are the limitations on this type of extension.

• Network cables plugged into network ports must not exceed 25 feet in length. Longer cables can extend the network beyond its tested range.
• No installation of wire should be done in buildings, except by OIT.
• Should departments need to extend wiring, it must be done by OIT, and will be billed to your department. Please fill out a Service Desk ticket to request this service.

1.4 Using Modems to Connect to the Network

Modem users must adhere to the following precautions to ensure that they do not become an entry point for unauthorized network access:

• Turn off the "Auto-answer" feature except when required. If the "Auto-answer" feature is required, then:
  • Approved authentication software/hardware must be used and remain active on the desktop system, or
  • The computing system must be disconnected from the Brown network, and
  • Computing systems with fax modems where auto-answer is required must have interactive communications disabled.
• Disable modems when not in use, either by a physical/logical disconnect or power off.
• Secure external modems when not in use.
• Log modem usage.
• Maintain accurate record of physical locations of all telephone lines identified for data communications use, and be prepared to submit records, upon request, to the Information Security Group or to Internal Audit.

Network Connection Policy