Implementing Wi-Fi securely is not simply a corporate IT function. The faculty at St. John's University in New York thinks it's a valuable asset to education. Take a look at the IT challenges in this Baseline project profile.
Securing a Wi-Fi Project at St. Johns University
St. Johns University
Executive Director for Information Technology
New York, N.Y.
Tufano oversees information-technology planning and operations on the five-campus private university with 18,000 students. His team supports 2,900 on-campus computers as well as Web-based applications, some of which give students wireless access to pay fees and look up grades online.
University leaders decided all students should be provided with laptops and Internet access "for educational reasons," Tufano says. Because students spend much of their time in common areas such as the library, "it made no sense to try to provide Internet access without wireless."
This past spring, Tufanos team began rolling out a wireless network that will eventually cover "all areas of the university except two parking garages and outdoor athletic fields. And were looking at those."
$7 million covers the wireless network on campus plus IBM Thinkpad notebook computers given to 3,000 freshmen. In part to pay for the program, St. Johns increased tuition by 10 percent this year.
The Original Security Plan:
Tufano hoped to protect Wi-Fi traffic with a version of the interim 801.1x protocol called the Protected Extensible Authentication Protocol (PEAP). He says St. Johns picked that protocol over Ciscos version of the standard-in-the-makingcalled LEAPbecause "PEAP has much broader industry support, while LEAP is more proprietary to Cisco."
What Had to Change:
Because he couldnt be sure that all student laptops would initially be able to work with PEAP, Tufano came up with a revised security plan: Protect faculty and administrator laptops with PEAP; use less-secure static 128-bit encryption keys that rely on the Wireless Equivalent Privacy standard; and authenticate the Internet addresses of student machines before allowing access to the network.