• 06/24/2003
    12:00 AM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Authentication Gets Into Stanford

Stanford University, fresh off its first installation of firewalls, recently added an extra layer of authentication to its wireless LAN after finding that registering MAC (Media Access Control) addresses left
So Stanford built more advanced authentication into its wireless LAN, which is deliberately separate from the wired Gigabit Ethernet campus backbone. The authentication architecture uses a combination of an authentication server appliance from start-up Perfigo, the university's MAC address database, a homegrown single sign-on scheme called S/Ident and a Kerberos authentication infrastructure. When a user comes within range of a Cisco Systems access point, he or she gets a pop-up client login screen and then authenticates to the wireless LAN. The university's homegrown client package, called Leland, uses Kerberos to encrypt the user's credentials for transmission to the authentication server.

Wireless users bring their own PCs or laptops and 802.11b wireless interface cards, and Stanford's network services group offers the service at no charge to departments that purchase 16 wired ports under Stanford's managed campus network service. The alternative is a $31 monthly fee for wireless alone. So far, the university's education, humanities and sciences departments, as well as its medical and law schools, are the main wireless customers, along with a couple of dorms. This summer, Stanford will begin offering wireless access in some public spots on campus, including White Plaza, a popular gathering place for student demonstrations and fraternities.

But Stanford's wireless LAN hasn't quite caught on like the university had expected. There are only about 1,000 users out of 17,000 students and 8,000 faculty. Although the network services group has installed some 300 Cisco access points around campus, it has another 300 devices sitting unused in storage. Reese says his group envisioned wireless replacing the wired network for some applications, but that just hasn't happened. "It's because the campus is so well-wired already. People are taking their laptops out in the sun to read their e-mails with wireless, but when they do genetic analysis, they still use the wired network," Reese says. The Gigabit Ethernet backbone shoots 100 Mbps to the desktop, so it's tough to trade that for 10 megabits of wireless when you're running genetic algorithms and other demanding calculations.

What, No More Free Beer?

Network security has become more strategic for Stanford and other universities because they've changed the way they do business. Like many major universities, Stanford maintains closer ties to businesses and other universities for research collaboration, which requires carefully managing who can access what. Stanford's administration also runs a new ERP (enterprise resource planning) system--PeopleSoft Student Administration combined with Oracle Financials--which drove the addition of the firewalls that now sit inside the network to protect sensitive data. It's a sign of the times: The days of free beer and open access to all university data are fading. Authorized access to data will increase, but unauthorized access will be curtailed, Reese says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments