2006 Campus Technology Innovators: Security
TECHNOLOGY AREA: SECURITY
Innovator: Sinclair Community College
Challenge Met
Every college and university faces the challenge
of balancing the need for an open, collaborative
campus network with the need for
security. Most networks, including wireless
ones, allow the user unrestricted access
once the connection is made. That’s a growing
challenge for campuses, where students,
faculty, and staff often share parts of the network
with visitors and the public. At Sinclair
Community College in Dayton, OH, the IT
Services team addressed the network security
issue by developing a unique, sophisticated
strategy for a secure LAN.
In a twist that lowered costs, Scott McCollum,
director of information technology services,
also arranged a partnership with a
Dayton-area free wireless services provider,
HarborLink Network.
The setup allows Harborlink’s network to
access the college’s secure wireless access
over the same equipment. This benefits both
the college and the wireless partner: Sinclair
can offer additional wireless services and
coverage areas at no cost, using its secure
LAN system; Harborlink, in turn, gains additional
exposure and customers. Harborlink
also paid for all of the access points and
controllers for expanding the wireless network. The end result: “Every person that uses
the college’s network, including students,
faculty, and staff, as well as attendees of
seminars and workshops hosted in the corporate
and community training facility, is a
beneficiary of the secure computing environment,”
McCollum says.
How They Did It
Sinclair’s secure LAN strategy works by
building intelligence into network devices
themselves, allowing the devices to limit the
type of communication they will forward.
Limitations can vary based on device type
and user, putting the control of network
security firmly into the hands of the college,
rather than leaving the network at the mercy
of any device that connects to the network.
The secure network provides three levels of
access, depending on both user type and
device. Level 1 access, the highest, requires
that the user log in with a Sinclair user name
and password, through a college-owned laptop
or tablet PC with the Sinclair administrative
image on it. Level 2 is web-only access,
for users with a Sinclair user name and password,
but another type of device, such as a
PDA, smart phone, or personal laptop. Level 3
grants web-only access to guests; no login is
required, and any type of device can be used.
By restricting access based on both user credentials
and device type, Sinclair can make
its network available to a range of users,while
still enforcing tight network security.
Sinclair developed the secure LAN strategy
with security system integrator Blue Spruce
Technologies.The college chose Blue Spruce because
many Blue Spruce staff members were former
employees of Enterasys Networks, a network company that had
provided much of Sinclair’s existing infrastructure
and tools.
Existing technologies Sinclair used that
helped the college meet its project goals
included:
- Enterasys Matrix E7/N7 Switches, XPedition
8600 Routers, Dragon IDS, and
NetSight Atlas Management Suite (consisting
of Atlas Console, Inventory
Manager and Policy Manger)
- McAfee VirusScan and
ePolicy Orchestrator
- Altiris Client Management
Suite
- Microsoft Windows Server Update Services
Additional technologies implemented to
meet the plan requirements included:
- Enterasys NetSight Automated Security
Manager
- Microsoft Internet Authentication Server
- Cisco Systems Clean Access Server,
4400 Series Wireless LAN Controllers,
and lightweight wireless access points
Next Steps
All 20 campus buildings are protected by
the secure network strategy so far, and the
college is in the process of rolling out an
authentication process. The IT group has
implemented the full plan on network switches
that support five of the college’s buildings,
including a newly opened learning center.
Advice
McCollum recommends implementing the
network infrastructure changes in phases, in
order to test each change in turn. At Sinclair,
the result has been an increasingly secure
network that protects all users at every level
from network-borne threats.