WLAN guidelines

Back to overview

The University of Kassel's university network is operated by the Data and Telecommunications Department in the IT Service Center. In addition to ongoing renewal and expansion work, a wide range of measures are necessary to ensure that this highly complex data network operates as smoothly and securely as possible. These measures range from planning (security, ease of maintenance, redundancies) to operation (configuration, network management, alerting in the event of faults, on-call service) and security organization with various firewall functionalities (basic protection against spying and misuse).

All contact points that connect the university network to the outside world are also integrated into these operating and security concepts. In addition to the transition to the global Internet (Internet gateway), this also includes the operation of the telephone gateways (dial-up via modem or ISDN for university members and students) as well as the wireless network infrastructure for mobile or temporary connection to the university network.

However, the introduction of WLAN networks (wireless networks) will inevitably also cover areas that do not belong to the University of Kassel (wireless coverage beyond the boundaries of the site). However, all visitors to the university campus could also make unauthorized and unhindered use of the communication options via the WLAN networks. The security measures defined in the transmission standards for Wi-Fi networks are also completely inadequate and offer neither reliable protection against unauthorized use nor against eavesdropping or manipulation of communication (e.g. spying on passwords).

To ensure the correct network operation of WLANs, the IT Service Center has put a VPN gateway (VPN = Virtual Private Network) into operation. This VPN gateway encrypts the wireless connection and authenticates users with their UniAccount. This ensures that only authorized and registered persons can log in and that data is transmitted securely (encrypted).

All departments or institutions of the University of Kassel, as well as institutions connected to the university network that wish to operate their own radio cells with a connection to the university network, must set up the connection and authentication of the clients via the central VPN connection (described above). Any other operation poses a considerable threat to the security of the university network and all users and thus violates the university-wide binding user regulations for the information processing and communication infrastructure of the University of Kassel (IT user regulations).

The IT Service Center offers support in planning wireless network cells and setting up suitable connection points. In principle, plans for WLAN connections should be coordinated in advance with the Data and Telecommunications Department at the IT Service Center (suitable devices, VLAN-capable connection, unnecessary redundancies with existing or planned access points and the like). If products from the same manufacturer as the access points installed by the IT Service Center (currently the LANCOM series from LANCOM Systems) are not used, the choice of devices (various VPN options, support for central management, etc.) must also be agreed with the IT Service Center in advance. The access points are set up by the ITS.