eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Securing a Wi-Fi Project at St. Johns University
Joe Tufano
St. Johns University
Executive Director for Information Technology
New York, N.Y.
Managers Profile: Tufano oversees information-technology planning and operations on the five-campus private university with 18,000 students. His team supports 2,900 on-campus computers as well as Web-based applications, some of which give students wireless access to pay fees and look up grades online.
Why Wi-Fi: University leaders decided all students should be provided with laptops and Internet access “for educational reasons,” Tufano says. Because students spend much of their time in common areas such as the library, “it made no sense to try to provide Internet access without wireless.”
The Project: This past spring, Tufanos team began rolling out a wireless network that will eventually cover “all areas of the university except two parking garages and outdoor athletic fields. And were looking at those.”
The Cost: $7 million covers the wireless network on campus plus IBM Thinkpad notebook computers given to 3,000 freshmen. In part to pay for the program, St. Johns increased tuition by 10 percent this year.
The Original Security Plan: Tufano hoped to protect Wi-Fi traffic with a version of the interim 801.1x protocol called the Protected Extensible Authentication Protocol (PEAP). He says St. Johns picked that protocol over Ciscos version of the standard-in-the-making—called LEAP—because “PEAP has much broader industry support, while LEAP is more proprietary to Cisco.”
What Had to Change: Because he couldnt be sure that all student laptops would initially be able to work with PEAP, Tufano came up with a revised security plan: Protect faculty and administrator laptops with PEAP; use less-secure static 128-bit encryption keys that rely on the Wireless Equivalent Privacy standard; and authenticate the Internet addresses of student machines before allowing access to the network.