Making a one-size-fits-badly policy is how you get large amounts of shadow IT and assets on non-controlled machines.
The security policy has to balance with what the users are tasked with, and what's expected. And when IT won't budge, you get really weird stuff happening.
I've seen professors running a linksys natted network on a uni lan, precisely because he needed control and lookup of IPs for his robotics setup. And Uni IT did their knuckle-dragging usual of nothing (blame the user). His solution was "insecure" but that went to his real task of robotics prof.
This sounds to me like the prof tried to tell IT what to do instead of explaining to IT what he wanted to accomplish.
If you came up to me and said "Hey I want to plug in my own router in my office so I can have my own little WiFi network for my projects" I'd tell them no, it's against policy, against SOP, against best everything, and it would be an unmanaged, insecure, non-company asset (probably with default credentials and unpatched firmware). I would then just nod my head at his hemming and hawing and invite him to go over my head.
Now... If you came up to me and said "Hey I've got a ton of wireless devices in my office that are related to my work. What would be the best way for me to network them all together and isolate them from the rest of the network?" I'd gladly draw up a plan to get the task done, order the assets that I want in my shop (with company money), configure it the way I want, and then roll it out and keep tabs on it.
Just doing whatever you want on the network because IT won't let you is asking for trouble, and could/should get you fired.
Yep, and since he was one of the senior faculty teaching engineering (that the uni started the new program for within the last 4 years), he's immune to these kinds of "we'll fire you if you do X it thing".
He needed not wpa2 enterprise wireless. WPA2 personal would have sufficed for his robotics... but "Policies". When he asked how to proceed, IT-Networks responded with "We dont tell people how to do their networking. We enforce policy."
He had contacts in IT (my director), and put me to make it work. So I helped configure a better router, made sure DHCP and other protos wasn't leaking out the WAN, set a stupid long PSK. Took me .5h to get a good environment set up. And sure, it violated policy, but it was secure and enabled the prof to continue his swarming robotics experiments.
Making a one-size-fits-badly policy is how you get large amounts of shadow IT and assets on non-controlled machines.
The security policy has to balance with what the users are tasked with, and what's expected. And when IT won't budge, you get really weird stuff happening.
I've seen professors running a linksys natted network on a uni lan, precisely because he needed control and lookup of IPs for his robotics setup. And Uni IT did their knuckle-dragging usual of nothing (blame the user). His solution was "insecure" but that went to his real task of robotics prof.