• Calendar
• A-Z Index

• Yale home
• About Yale
• Academic programs
• Admissions
• Health & medicine
• Working at Yale
• Yale & New Haven
• Yale & the World
• Yale Tomorrow
• News

• Prospective students
• Students
• Parents
• Faculty
• Staff
• Alumni
• Foundations & corporations
• Patients
• Visitors

Find it

• About ITS
• Policies
• Feedback
• Search ITS
• ITS A-Z Index
• System Status

Wireless Security - medical campus

Wireless network devices must be configured to minimize the ability of unauthorized individuals to gain access to University resources or to monitor data communications. Wireless networks inherently provide a lower level of security than wired networks, making them problematic when handling protected health information. Clients should ensure their computing device is securely configured and if the computing device contains protected health information you should always enable a Yale VPN connection before making a wireless connection to the network.

Wireless Access Point (WAP)

Public Access Point (vLAN WAP)

• Public access points are established and maintained by ITS Data Network Operations for general use. Enabling a VPN connection is required whenever you make a wireless connection using a public access point on the medical campus. VPN authentication (NetID/password) and encryption provide a more secure connection. NOTE: You must make a VPN connection using the medical VPN server.
• Client wireless device registration.
• Wireless coverage maps

Private Access Point (WEP-enabled WAP)

• All private wireless access points must be registered with ITS.

Wireless Access Point (WAP) security requirements

• Change the default SSID: Access points come with a default shared key called an SSID (Server Set ID) that is shared among all users of that access point. It is broadcast to everyone within range of the access point. Make sure that you change this SSID from the default setting, so that hackers have less information about your equipment and setup. You should replace it with a meaningfully name (e.g., Latimer_Lab, or Library_reference_room).
• The SSID yale wireless is used for the University's public WAP, so do NOT use yale wireless as the SSID for a private WAP.
  Note: you may need to configure your client devices (laptop, pda) for both private and public SSIDs to allow network access from multiple WAPs.

Do NOT allow connections using a blank SSID or an SSID set to ANY or any.

NOTE: SSIDs are case sensitive.

• Change the default configuration password: All wireless access points come with a default password to access the configuration program. Default passwords for WAP configuration are easily found online. If use a default password, someone could easily change the configuration and even deny you access. Change the default password and use a strong password.
• Only allow WEP connections: WEP (Wired Equivalent Privacy) is a standard for encrypting wireless data. Set WEP to 128-bit if possible (the higher, the better). Without the appropriate WEP key someone will be less likely to access your wireless access point. If you do not have WEP enabled, everything you send is in the clear and accessible by unauthorized individuals. Enabling WEP helps prevent unauthorized access to your AP. Note: WEP is not foolproof encryption, but having WEP is better than no security and it is an additional layer of protection. Note: Wi-Fi Protected Access or WPA is now preferred (more secure) as an alternative to WEP.

Optional security measures for a private WAP

• Enable MAC address filtering: Use a wireless access point that provides MAC (hardware) address filtering. If filtering is enabled, only devices with authorized MAC addresses can use your access point. MAC address filtering is an effective way to limit the number of people using your access point.
• Power-off when not in use: Unauthorized users can't access your WAP if it is powered off. If you aren't using it, shut it off.

See also: Private WAP overview (Description, Eligibility and Cost, How to get service, Hardware and Support) and Wireless networking at Yale

Wireless client device documentation

• You must register your wireless client device (wireless card):
  • Faculty, Staff & Postdocs must register using the Computing Request Form
  • YSM/YSN students can register online.
    (See also: wireless device overview)
• VPN is recommended (and will soon be required) if you are using a Public Access Point
  Using VPN is also provides added security when you are using a private wireless access point.
• IPsec (recommended) and PPTP VPN configuration instructions.

Additional resources

• WPA (Wi-Fi Protected Access) Security:
  • Configuring WPA encryption at Yale
  • WPA Step by Step (pcmag.com)
  • Windows XP || Window CE
  • Weakness in Passphrase Choice in WPA Interface
  • WPA certified products
  • WPA third-party supplicants: Funk || Meetinghouse

If you have any questions, you can contact the Help Desk at 203-785-3200, 203-432-9000, or helpdesk@yale.edu.