|Financial Audit Division Report 05-48||Released September 8, 2005|
The Minnesota State Colleges and Universities (MnSCU) did not adequately plan and secure its wireless computer networks. Many wireless networks had security weaknesses, some of which were significant. We recommend that MnSCU disable all wireless networks that lack strong authentication and encryption controls.
Wireless network security controls as of June 2005Selected Audit Areas:
Wireless networks used by MnSCU universities, colleges, and the Office of the Chancellor
Almost all of MnSCU’s colleges and universities have deployed wireless networks. Wireless networks extend the range of traditional wired networks by using radio waves to transmit data through the air to wireless-enabled devices, such as laptop computers or personal digital assistants (PDAs). While wireless networks offer many potential benefits, including flexibility and mobility, they also introduce significant security risks, such as unauthorized access to computer systems and data. Appropriate controls are needed to mitigate risks and protect the integrity, confidentiality, and availability of MnSCU’s computer systems and data.