Wireless Access Point and Bridge Policy Inexpensive wireless bridges aimed at the home market are becoming an increasing issue with their ad hoc placement around the hospital. The system is cheap and easy to configure upfront. These devices are inexpensive for a variety of reasons; first and foremost they lack essential functionality and second they provide poor compatibility. The true price of these devices are the ongoing administrative maintenance costs. Devices other than Cisco Aironet devices can potentially cause interference with legitimate wireless installations. Usually these devices are placed without consideration of other 802.11b devices. These devices could cause problems for other legitimate wireless users in the same area. If wireless is allowed in that area and NTS has a wireless access point nearby, it may cause problems for every other wireless user in the signal coverage area. User installed wireless bridges are usually installed with no security and are wide open for anyone to attach to and enter into our network. This leads to the inability to keep unauthorized users out of the Hopkins Network. 802.11b wireless systems can interfere with medical equipment and a thorough test with the medical monitoring equipment in close proximity is required. The installation of unauthorized wireless devices in a hospital area has the potential to cause dangerous interference with patient monitoring devices. The configuration tool that comes with unsupported wireless software does not work with a variety of other network devices and drivers, one of which is the Cisco VPN client. Past support for IPSec pass has been poor. The newest releases of the firmware and proper administration of these devices is necessary. LAN Administrator's should be discouraged from agreeing to support unauthorized wireless access points and bridges. Extensive testing for compatibility with all other Clinical systems software is performed first with supported wireless equipment. VPN works directly through any legitimate port to the East Baltimore network. Unsupported wireless bridges should never be used as an outside user entry point into the Core Network. There are a couple of objections from a central networking position regarding such devices. Unauthorized wireless access points/bridges cannot be in a position that firewalls any device supported by NTS, for example if an Access Point with firewall capabilities is placed in front of a switch or router, the router would be inaccessible or not supported. Second, there are no central network management modules to support monitoring what is essentially a shared network hub. The placing of wireless devices other than Cisco Aironet by any group other than NTS around the Johns Hopkins Hospital Campuses and the University Homewood Campus is prohibited per announcements made at ISCS, NTSAC, CSAC and NETCOM. Recommendations: Use only Cisco Aironet Access Points and Bridges for wireless access to Johns Hopkins Campus Networks. Prohibit the installation of any wireless access point that is not supported by NTS. NTS have the right confiscate any of these devices, as they are found. Block network ports where unauthorized access points are found. Contact Calvin Sproul at 410-614-1226, e-mail csproul@jhmi.edu for wireless bridge or access point survey and installation. For Access Point procurement on any Hospital or University campus, please call the Service Request group at 410-955-1044. | 
