This webpage describes required and recommended security practices to be used with privately-owned routers and/or wireless access points connected to ResNet ports in those areas of the University where connection of these devices is allowed. At the current time, privately-owned routers and/or wireless access points may be connected in any location which is not blanketed by NuWave wireless networking service. For example, International Village is blanketed by NuWave wireless network service, and therefore, use of privately-owned wireless access points/routers in International Village is not permitted.
Owners/operators of routers and/or wireless access points are solely responsible for the security and access control for their devices, and are liable for the actions of anyone accessing ResNet through their device(s). For more detailed information on these responsibilities, please read the Appropriate Use Policy, located at http://www.infoservices.neu.edu/aup.html
1) STRONGLY RECOMMENDED
Keep all documentation supplied with your equipment. You will need information from these documents in order to register your router and/or wireless access point on ResNet, and in instances where you contact the manufacturer for troubleshooting or warranty support.
2) REQUIRED
Register your desktop or laptop computer first, then register other devices. After registering, the desktop or laptop computer, it is recommended to reboot the router/wireless access point.
3) REQUIRED
ALL devices connected to ResNet, including computers, XBOX, PlayStation, routers or wireless access points MUST be registered on ResNet in the legal name of the owner, using the factory-assigned MAC address of the device. Operation of unregistered devices, provision of false or misleading information during registration, or MAC address alteration (spoofing) violates the Appropriate Use Policy, and may subject the violator to suspension of service and/or referral to the Office of Student Conduct and Conflict Resolution.
3A) If your device does not have a built-in web browser, it MUST be brought to the ResNet Resource Center to be registered.
4) RECOMMENDED
Select an appropriate installation location for your device(s). Choose a location that does not create safety or security hazards, and that limits the spread of your wireless signal. For example, do not mount a wireless access point in a window. Rather, choose a location on an inside wall, under a desk, or near the floor. If your device features a security slot, purchase an appropriate locking cable, then secure one end to your device and the other end to an immovable fixed object.
5) STRONGLY RECOMMENDED
Change the default administrator password that came with your router/wireless access point. You will use this password when configuring your wireless access point. Choose a hard-to-guess password, and keep it to yourself. Never give the administrative password for your device to another person.
6) REQUIRED
Change the SSID (service set identifier) from the default value to a value that will help the University locate your wireless access point in the event your device interferes with University-provided services. A suggested format is your building name and room number, for example: WAP-WVE-0105.
Note 1: Ensure you use the room number to which you are assigned. Falsification of SSID information in an effort to mislead is a violation of the Appropriate Use Policy, and may subject the violator to suspension of service and/or referral to the Office of Student Conduct and Conflict Resolution.
Note 2: Never use the SSIDs “NUwave”, “NUwave- guest”, or any variants of an SSID using the letters “NUWAVE” or “NUwave-guest”. These SSIDs are reserved for University use only. Unauthorized use of University-reserved SSIDs may subject the violator to suspension of service and/or referral to the Office of Student Conduct and Conflict Resolution.
7) REQUIRED – TAKE SPECIAL NOTE!
If your wireless access point is using 802.11b/g, set your wireless access point to use only channels 1, or
6, or 11 for this version of 802.11.
8) STRONGLY RECOMMENDED
Enable MAC address filtering. This allows you to specify which computing devices may connect to your
wireless access point. To use MAC address filtering,
obtain the wireless card MAC address of those devices you wish to admit to your wireless access point, then enter the MAC address(es) in the appropriate screen
of your router/wireless access point management software.
9) REQUIRED
Do not hard-code DNS settings in your router or wireless access point. Use only DNS settings provided automatically by the University.
10) STRONGLY RECOMMENDED
Turn OFF your wireless access point and all computing devices when not in use. This practice helps minimize
exposure of your devices to hackers, and contributes
to creating and maintaining a green campus.
11) REQUIRED
11A) Set your router/wireless access point to obtain a DHCP address from Northeastern. Look for words like “Automatic Configuration”, “DHCP client”, and “Internet Connection Type”.
11B) Domain name should be set to “neu.edu”.
11C) MTU size should be “automatic”, or up to 1500 if automatic is not an option on your access point.
11D) Set your wireless access point as a DHCP server, and to give out IP addresses in one of the following ranges:
10.0.0.0 – 10.255.255.255, or
172.16.0.0 – 172.31.255.255, or
192.168.0.0 – 192.168.255.255
Never set your device to give out IP addresses other than those shown above.
11E) If your router/wireless access point features a time zone setting, use the “Eastern” time zone.
Set your router/wireless access point to give out only the minimum number of IP addresses needed at any one time. For example, if you need to allow five people to connect to your wireless access point at any one time, set your wireless access point to give out only five (5) IP addresses.
12) REQUIRED
Do not set your router/wireless access point to act as a bridge.
13) STRONGLY RECOMMENDED
If feasible, set your wireless access point to use either
802.11a or 802.11g mode. Do not use 802.11b or
802.11n “only” modes, since these modes can cause interference to other wireless devices.
14) STRONGLY RECOMMENDED
Set your wireless access point to use encryption such as WPA or WPA2, and be sure to change the default key to something hard to guess, and that only you will recognize. The key should be random, and at least 20 characters in length. Give the key to those whom you wish to allow to connect to your device. Change the key often, especially after allowing one-time users such as visitors to access ResNet through your device.
15) REQUIRED
Use AP-mode or Infrastructure setting on the wireless access point. Ad-hoc mode should NOT be used on access points or workstations.
Wireless Access Point Manufacturer Web Sites
For more information about commonly-available wireless access points, please refer to the website recommended by your manufacturer. The following websites may also be valuable for information purposes:
http://www.linksysbycisco.com/US/en/home
http://www.netgear.com
http://www.apple.com
http://www.hp.com
http://www.trendnet.com/
Approval to install privately-owned routers/wireless access points applies at this time to ResNet only. Use of privately-owned devices such as hubs, switches, routers, wireless access points and all other non-University installed and owned networking equipment on NuNET is permitted only as may be agreed in writing between a department and the Information Services Division. For more information, please refer to the Appropriate Use Policy at http://www.infoservices.neu.edu/aup.html