Unauthorized Network Devices Are Prohibited on Campus
Applies To: All Faculty, Staff, and Contractors | Effective: May 2026 | Owner: Kean Information Technology
1. Purpose
This guidance establishes clear expectations for all Kean University faculty, staff, and contractors regarding the connection of personal or non-IT-provisioned network devices — including switches, routers, wireless access points, and network hubs — to the university's wired or wireless network infrastructure.
Kean University's network is a managed, secured environment subject to federal and state regulatory requirements. Unauthorized devices undermine the institution's ability to protect student data, research assets, and operational systems.
2. Scope
This guidance applies to:
- All faculty and staff offices, classrooms, research labs, and common areas
- All devices connected to Kean University's wired network ports or university-managed wireless networks
- All contractors, vendors, and visiting researchers operating on campus
Prohibited device types include, but are not limited to:
- Consumer or commercial routers (e.g., home broadband routers, travel routers)
- Unmanaged or personally-owned network switches
- Wireless access points not provisioned and managed by IT
- Network hubs of any kind
- Cellular/LTE-based hotspot routers or MiFi devices used to extend or bridge the campus network
3. Policy Statement
PROHIBITED: No faculty, staff, contractor, or visitor may connect a personally-owned or non-IT-provisioned switch, router, wireless access point, or network hub to Kean University's network infrastructure without prior written authorization from Kean Information Technology.
This prohibition applies regardless of the intended use, duration of connection, or perceived harmlessness of the device. Devices discovered in violation will be removed from the network immediately and the matter referred to the appropriate university process.
4. Security Risks
The following risks illustrate why unauthorized network devices represent a serious threat to the university's security posture and regulatory standing.
4.1 Rogue DHCP and DNS Poisoning
Consumer routers operate their own DHCP and DNS services by default. When connected to the campus network, these devices can respond to IP address requests before the university's managed servers — causing devices to route traffic through an unauthorized path. This enables:
- Interception of network traffic (man-in-the-middle attacks)
- Redirection of web traffic to malicious or phishing sites
- Circumvention of university-managed DNS filtering and security controls
4.2 Bypassing Perimeter Security Controls
Kean University's network is protected by enterprise-grade next-generation firewalls, content filtering, and intrusion detection systems. Unauthorized routers and switches can create unmonitored network segments that:
- Bypass firewall policy enforcement entirely
- Allow unfiltered inbound and outbound internet access
- Create blind spots in the university's security monitoring (SIEM)
- Enable unauthorized devices to operate outside of endpoint detection coverage
4.3 Network Visibility and Monitoring Gaps
Kean Information Technology monitors network traffic through a centralized Security Information and Event Management (SIEM) platform. Unauthorized devices create segments invisible to this infrastructure, preventing detection of:
- Active malware or ransomware infections spreading laterally
- Unauthorized data exfiltration
- Compromised credentials being used on the network
- Insider threat activity
4.4 Unauthorized Network Expansion and IP Conflicts
Unmanaged switches and hubs introduce additional, untracked network ports that can be used to connect unauthorized devices not meeting university security standards. These devices may:
- Introduce malware or vulnerable software directly onto the campus network
- Cause IP address conflicts that disrupt legitimate university services
- Create unmanaged pathways that circumvent network access controls
4.5 Wireless Rogue Access Points and Credential Harvesting
Unauthorized wireless access points pose a particularly high risk. A rogue access point can be used — intentionally or inadvertently — to:
- Broadcast a network name (SSID) that mimics a legitimate university wireless network
- Capture login credentials of users who unknowingly connect to it
- Intercept unencrypted data transmissions
- Enable an external attacker to gain a foothold inside the campus network perimeter
4.6 Regulatory and Compliance Exposure
Kean University is subject to multiple regulatory frameworks governing the protection of sensitive data. Unauthorized network devices directly undermine compliance with:
- FERPA — Family Educational Rights and Privacy Act (student education records)
- HIPAA — Health Insurance Portability and Accountability Act (health-related data)
- PCI-DSS — Payment Card Industry Data Security Standard (payment processing)
- NIST SP 800-171 — Controlled Unclassified Information (research computing)
- New Jersey data protection statutes
A breach attributable to an unauthorized device could expose the university to regulatory penalties, legal liability, and significant reputational harm.
5. Risk Summary by Device Type
| Device Type | Primary Risk | Regulatory Impact | Consequence |
|---|---|---|---|
| Consumer Router | Creates rogue DHCP/DNS; bypasses firewall | HIPAA, FERPA, PCI-DSS exposure | Unauthorized access to university data |
| Unmanaged Switch | Enables unauthorized network segmentation; facilitates lateral movement | NIST 800-171 non-compliance | Potential breach of restricted systems |
| Wireless Access Point | Rogue AP for credential harvesting / man-in-the-middle attacks | FERPA / student data exposure | Identity theft, data exfiltration |
| Network Hub | Broadcasts all traffic to all ports; enables passive sniffing | PCI-DSS data capture risk | Payment or personal data interception |
6. Legitimate Needs and the Request Process
Kean Information Technology recognizes that there are legitimate operational and research scenarios that may require additional network connectivity, and is committed to supporting these needs through proper channels.
If you require additional network ports, wireless coverage, or network segmentation for research, instruction, or operational purposes, please submit a request through the IT Service Desk.
How to Request: Submit a ticket via the IT Service Desk portal under the category Network & Connectivity. Include your department, office location, number of devices requiring connectivity, and the business or research justification. Kean Information Technology will respond within 3 business days.
7. Responsibilities
Faculty and Staff
- Do not connect non-IT-provisioned switches, routers, or wireless devices to the campus network
- Report any unfamiliar network devices discovered in your area to the IT Service Desk immediately
- Submit a formal request for any legitimate additional connectivity needs
Department Chairs and Managers
- Ensure all personnel in their area are aware of this guidance
- Escalate any discovered unauthorized devices to Kean Information Technology promptly
- Coordinate with Kean Information Technology for any departmental network expansion projects
Kean Information Technology
- Actively monitor the network for unauthorized device connections
- Remove or disable unauthorized devices upon discovery
- Review and adjudicate exception requests within established SLA timelines
- Conduct periodic network scans and assessments to enforce compliance
8. Enforcement
Violations of this guidance will result in:
- Immediate removal of the unauthorized device from the network
- Notification to the employee's supervisor and/or department chair
- Potential referral to Human Resources for disciplinary review under the university's acceptable use and information security policies
- In cases involving a data breach or deliberate circumvention of security controls, referral to the Office of General Counsel and, if required, to law enforcement
Kean Information Technology will not provide advance notice before removing a device that poses an active risk to the network.
9. Contact and Questions
For questions about this guidance, authorized device requests, or to report an unauthorized device:
| Department | Kean Information Technology |
| Service Desk | helpdesk.kean.edu | (908) 737-6000 |
| Escalation | Greg Bellotti, SVP IT & Facilities / CIO/CISO |
This document is subject to annual review. Questions regarding applicability should be directed to Kean Information Technology.