2006 Campus Technology Innovators: Security

2006 Campus Technology Innovators

TECHNOLOGY AREA: SECURITY
Innovator: Sinclair Community College

 


 

Challenge Met

Every college and university faces the challenge of balancing the need for an open, collaborative campus network with the need for security. Most networks, including wireless ones, allow the user unrestricted access once the connection is made. That’s a growing challenge for campuses, where students, faculty, and staff often share parts of the network with visitors and the public. At Sinclair Community College in Dayton, OH, the IT Services team addressed the network security issue by developing a unique, sophisticated strategy for a secure LAN.

In a twist that lowered costs, Scott McCollum, director of information technology services, also arranged a partnership with a Dayton-area free wireless services provider, HarborLink Network. The setup allows Harborlink’s network to access the college’s secure wireless access over the same equipment. This benefits both the college and the wireless partner: Sinclair can offer additional wireless services and coverage areas at no cost, using its secure LAN system; Harborlink, in turn, gains additional exposure and customers. Harborlink also paid for all of the access points and controllers for expanding the wireless network. The end result: “Every person that uses the college’s network, including students, faculty, and staff, as well as attendees of seminars and workshops hosted in the corporate and community training facility, is a beneficiary of the secure computing environment,” McCollum says.

How They Did It

Sinclair’s secure LAN strategy works by building intelligence into network devices themselves, allowing the devices to limit the type of communication they will forward. Limitations can vary based on device type and user, putting the control of network security firmly into the hands of the college, rather than leaving the network at the mercy of any device that connects to the network.

The secure network provides three levels of access, depending on both user type and device. Level 1 access, the highest, requires that the user log in with a Sinclair user name and password, through a college-owned laptop or tablet PC with the Sinclair administrative image on it. Level 2 is web-only access, for users with a Sinclair user name and password, but another type of device, such as a PDA, smart phone, or personal laptop. Level 3 grants web-only access to guests; no login is required, and any type of device can be used. By restricting access based on both user credentials and device type, Sinclair can make its network available to a range of users,while still enforcing tight network security.

Sinclair developed the secure LAN strategy with security system integrator Blue Spruce Technologies.The college chose Blue Spruce because many Blue Spruce staff members were former employees of Enterasys Networks, a network company that had provided much of Sinclair’s existing infrastructure and tools.

Existing technologies Sinclair used that helped the college meet its project goals included:

  • Enterasys Matrix E7/N7 Switches, XPedition 8600 Routers, Dragon IDS, and NetSight Atlas Management Suite (consisting of Atlas Console, Inventory Manager and Policy Manger)
  • McAfee VirusScan and ePolicy Orchestrator
  • Altiris Client Management Suite
  • Microsoft Windows Server Update Services Additional technologies implemented to meet the plan requirements included:
  • Enterasys NetSight Automated Security Manager
  • Microsoft Internet Authentication Server
  • Cisco Systems Clean Access Server, 4400 Series Wireless LAN Controllers, and lightweight wireless access points

Next Steps

All 20 campus buildings are protected by the secure network strategy so far, and the college is in the process of rolling out an authentication process. The IT group has implemented the full plan on network switches that support five of the college’s buildings, including a newly opened learning center.

Advice

McCollum recommends implementing the network infrastructure changes in phases, in order to test each change in turn. At Sinclair, the result has been an increasingly secure network that protects all users at every level from network-borne threats.

comments powered by Disqus