WiFi Internal Access Security Policy

Published: 18 July 2016
Freedom of information class: How we manage our resources

Details of WiFi Internal Access Security Policy

Introduction

Wi-Fi is now a standard way to connect to networks for both RoS Staff and third parties. This document defines a policy for using wireless connectivity.

Purpose

The purpose of this document is to set out the Registers of Scotland (RoS) policy on wireless connectivity for both employees and third party users when onsite.

Scope

This policy will apply to all users of any wireless network that is provided by RoS and broadcasts a Service Set Identifier (SSID) within any buildings where RoS has a presence. Current locations are Meadowbank House, Edinburgh and St Vincent Plaza, Glasgow. RoS buildings currently have three distinct types of network:

  • The RoS corporate network (e.g. Granite);
  • RoS separate wireless networks (e.g. RoSDev, peaches);
  • Internet café network

This policy will apply to the RoS corporate network and RoS separate wireless networks. The internet café network is provided for general access for RoS staff and third party use by a separate company. Use of this network is governed by the policies of the operator.

Devices referred to within this document are:

  • RoS corporate devices. These are devices which are maintained by IT Services.
  • Third party devices. These are devices that are not maintained by IT services and are typically owned by individuals.

Configuration Policy

All Laptops/PCs/Mobile devices connected to any Wi-Fi network authorised by RoS must have the latest firmware/software updates, must have anti-virus software with current signatures, and a firewall enabled.

No wireless infrastructure and any broadband connection associated with it can be installed without the knowledge and approval of IT Services and SIA.

Any RoS corporate device connected to a RoS authorised Wi-Fi network must be protected by a username password. The account should have the permissions required to undertake the work required and should not be a generic account.

The RoS corporate Wi-Fi must be set up to authenticate both the device and the user on that device.  The separate wireless network used for testing and third parties must use a minimum 20 character passphrase. All of the Wi-Fi traffic from the device to the access point must be encrypted. WEP must not be used, WPA2 is the preferred connection type.

Use of the Wi-Fi Networks

Connection to the RoS corporate wireless is for RoS corporate devices only and as such devices must conform to best practice security configuration. All users of the RoS Corporate Wireless network are subject to the ICT Code of Conduct. Use of any separate wireless network by RoS corporate devices is permitted in the following circumstances:

  • Testing of RoS external services;
  • Emergency Internet access during failure of the normal RoS internet service.

Third Party devices such as contractor laptops may be permitted access to the RoS separate wireless networks on raising an IT service desk call via their RoS contact/sponsor. Devices connected to this separate network must conform to cyber security best practices and conform to the RoS ICT Code of Conduct.

Responsibility

Use of any RoS authorised Wi-Fi Network is governed by the RoS ICT Policy. Any breach of this may result in disciplinary action against the perpetrator. Users of any RoS authorised Wi-Fi network should report any issues to the IT Service Desk. Support for any RoS separate wireless networks may limited.

Monitoring

RoS will carry out any measures it deems necessary to monitor the RoS Wi-Fi networks for breaches to the above policy. Additionally, internal auditors and external accreditors may carry out checks to ensure this policy is adhered to.