iPhones on Campus: Network Security Goes Mobile

• 05/27/10

This year Abilene Christian University will dole out 2,000 iPhones to incoming freshmen and to existing students who need upgraded devices. Each of those gadgets carries network security threats that can be hard enough to monitor and control on an individual basis, let alone across an entire college campus.

To ensure that every one of those IP-enabled iPhones adheres to security policies and doesn't create a threat to the network, the university developed a plan of action that was largely based on existing policies that governed the use of laptops and computers on its wireless network.

Dempsey Peterson, wireless network administrator, said a full-time network security administrator is in charge of the school's iPhone security program, which was developed by Bradford Networks. Using MAC (Media Access Control) level authentication, the school's IT department synchronizes the application's database with its own, and then uses the data to maintain updated student records.

Students using their iPhones to log onto Abilene's wireless network must first register on the network by inputting their names and student IDs. The MAC addresses for their devices are automatically logged into the security system in the same manner that any other laptop or computer would be registered and tracked. "We're using the same registration authentication for their wired ports located in our residence halls," said Peterson. "If a device has a virus, we're able to trace the iPhone right to the jack on the wall that it's plugged into."

Wireless culprits are just as easy to nail down. The school's network security administrator uses software to identify the specific MAC address of the iPhone and is then able to pinpoint which wireless access point the device is using. "We can cull it down to a specific room number," Peterson said, "and then to a specific student and user name."

The network security system can also help recover lost or stolen devices--an added benefit that Abilene's campus police have used on several occasions. "Because our systems tracks the devices down to specific wireless access points," said Peterson, "finding the devices is pretty easy."

The security system is also scalable and capable of handling Abilene's expanding iPhone distribution strategy, which was launched in the fall of 2008 when the school distributed Apple iPhones and iPod touch devices to its incoming freshmen class. Abilene developed its own Web-based application for those devices. The idea was to get students using the handheld gadgets to receive homework alerts, find out where professors' offices were, check cafeteria account balances, and answer in-class surveys developed by their instructors.

The iPhone program has expanded every year since that initial implementation and this year includes a replacement program for devices that have been in use for two years or more. "Freshman who received iPhones two years ago will be getting new ones this year," Peterson explained. Also on the recipient list this year will be the seniors who were "left out" of the program, which didn't exist when they were incoming freshmen.

Peterson said the IT behind the 3-year-old program has been tweaked several times since inception, most recently in an effort to map MAC addresses to IP addresses for the individual devices. "Our network security administrator worked that out in a way that meshes with the campus network system," said Peterson.

To accommodate the increasing number of devices that are using Abilene's wireless network, the university will add licenses and devices this year, while at the same time upgrading the wireless networks in its residence halls. The latter came about after several faculty members requested a more robust wireless system in one of the school's large auditoriums.

Those professors wanted all students in a 600-person auditorium to be able to use their iPhones at the same time for a combined freshman orientation/university 100 class, said Peterson. "Achieving that goal was quite a challenge," he said. "The auditorium is huge, and 600 devices are a lot to accommodate all at once."

Abilene's IT team found the answer in 802.11n, a wireless standard that includes technology known as "multiple-input multiple-output" (MIMO), and that performs up to five times better, and at twice the range, of the earlier, 802.11g standard. Peterson said the 802.11n wireless has been installed in the auditorium in question and that it is currently in the testing phase.

"We plan to use it for the incoming freshman class later this year," said Peterson. Several large classes have been scheduled for the auditorium, where students will log into the upgraded system in unison and interact with their professors via a polling application. Instructors will create questions for students to answer in real-time and send back to the professors and other students. "This will help us fine-tune the system," said Peterson, "so it's ready to go in the fall."