Technological advancement has transformed higher education. Today, connectivity is no longer a “nice-to-have.” It’s not something that campus administrators can afford to skimp on. Students and faculty need (and expect to have) available, reliable and secure campus Wi-Fi access from anywhere, at any time, using any device.
In order to meet this expectation, many colleges and universities promote a “free love” environment for accessing their wireless network. They aim to make accessibility as easy as possible so as to accommodate users across campus, from the classroom to the dorm room.
With this level of openness, however, comes significant security risks. As such, campus IT professionals are challenged to provide the feel of “free love” in a secure environment that doesn’t put the institution or its wireless users at risk.
The academic environment on college and university campuses isn’t what it used to be. Just a few short decades ago, study and research were conducted via book-based efforts, and students spent their time scouring library stacks to find the information they needed. Projects were submitted as hard copies, testing was done on paper, and communication between students and faculty was an in-person exchange.
Then the Internet happened. Fast-forward to today, when every student carries a smartphone on them at all times, notes are taken on laptops and tablets, research can be done without ever walking through the library doors, and the main modes of communication are email, instant message, text message and video chat. What’s more, students expect to be able to wirelessly connect not just their computers for research and studying purposes, but also their personal mobile devices and even gaming consoles.
As institutions implement “free love” Wi-Fi across their campuses to make constant connectivity a reality for users, it often leaves their networks wide open — even, in some cases, without requiring any credentials to log in. Obviously, this poses a huge security and visibility risk.
With no visibility and control over the devices and applications in an open network, performance across the network may suffer as high-bandwidth/high-risk applications (such as BitTorrent and streaming) reduce the overall bandwidth available. Plus, student and staff information is on the line, so it’s imperative to ensure that the campus’s wireless networking infrastructure is fortified against cyber threats, ransomware and other dangerous factors.
In 2015, the University of California-Berkeley, Harvard University and the University of Connecticut all reported data breaches. “There are parts of what a university does that are just like anyone else — we have credit cards, we have social-security numbers, we have health records, we have educational records — all of which we have to, by law, lock down in just as firm a fashion as corporations do,” says Jim Waldo, a computer-science professor and the chief technology officer at Harvard. (The Atlantic)
Protecting your wireless network should be a top concern in the setup of your campus infrastructure. The value of a secure network is immeasurable when you’re dealing with thousands of users connecting through multiple devices, every minute of every day. That’s why it’s vital to incorporate the following steps into your campus Wi-Fi approach to ensure a high level of security while maintaining the benefits of “free love.”
As more and more students and users connect to the Wi-Fi network, each device will carry out whatever it is configured to do once granted a connection. Students’ photos, apps and messages will automatically sync and back-up, which hoards valuable bandwidth on the network and opens up the system to vulnerabilities.
Therefore, institutions need to be sure they’re managing the bandwidth they’re allowing for their students. User access limits must be enforced to prevent the network from getting slow or overwhelmed and to protect against harmful intrusions.
“The Internet of Things has started a new wave of connectedness. We have been able to connect certain common devices to the Internet that simply weren’t there before and discover new ways to interact with them…And with all the advancements and innovations, an awareness of the larger implications of connectedness has hit us.” (Campus Technology)
Certainly one of those larger implications is security, making it essential to implement advanced integrations with the campus firewall. Apply policies across your entire wireless network to protect against intrusions.
Many advanced wireless networks have bi-directional communication with next-generation firewalls in order to allow advanced actions to be taken. For example, a user who violates a firewall policy can have that information passed to the WLAN, and the user can be deauthorized at the access point. This type of action prevents the user from attempting any other malicious activity.
Implement secure authentication using 802.1x. “802.1x is flexible because it’s based on Extensible Authentication Protocol. EAP (IETF RFC 2284) is a highly pliable standard. 802.1x encompasses the range of EAP authentication methods, including MD5, TLS, TTLS, LEAP, PEAP, SecurID, SIM and AKA.” (Computer World)
You can still provide the feel of “free love” with a single login per device per semester, all while enabling the IT staff to maintain security and visibility on the back end.
Security becomes an issue when you allow more users onto your network. The more
bandwidth, the harder your security devices have to work. This means they may get overwhelmed and fail to “open,” thereby allowing full access to your network.
Even if you have a segmented guest network, you’re still putting those on it at risk for getting a virus from another user’s computer if there is not a posture check being used. Users are what can potentially bring in viruses and malware, so you need a system in place to understand the threats and prevent users from causing problems.
Successfully applying all of these important steps and staying on top of security across the campus’s network requires the skills and experience of a strong IT team. To strengthen your team’s capabilities, consider partnering with a network security solutions provider that has the tools and expertise to make your campus’s network “appear” to be open while still securing it with the proper networking protocol on the back end.
With the right approach, there’s no need to sacrifice “free love” or security at your institution’s campus. Get more information about how to ensure a high-performing and highly secure wireless networking infrastructure by reading our free Step-by-Step Guide to Wireless Networking for Higher Education IT Pros.