Home   |  Industries   |  Education  »

Liberal Arts, Not Liberal Access

Universities Experience Every IT Security Problem

University IT departments face virtually every IT problem—from the challenging task of maintaining network security while providing access to an ever wider set of network resources, to satisfying the needs of a diverse, ever-changing population of students, researchers, faculty and non-academic staff in a huge, complex network.

Compounding the security issues for universities is that most departments manage their own systems and access which result in inconsistent security and many doors to the network. In the post 9/11 world, universities must comply with a growing list of security regulations and reporting requirements, many of which start with managing who has access to the network.

Identity Engines delivers products that help universities deal with these issues in a phased approach that leverage existing systems and directories.

University Computing Environments Are Complex

The heterogeneous nature of university IT environments with many different network components and directories from different vendors makes it difficult for existing access products to be deployed campus-wide. Furthermore, new solutions have to integrate seamlessly with the existing network and directories, and should be easily phased in to ensure that upgrades have minimal impact on infrastructure services.

Multiple wired, wireless, and remote network systems—Wireless networks are quickly becoming the standard form of network access, hence the need to tackle the security challenges associated with them. Without the appropriate access control, your wireless network represents a significant risk: data theft can occur and attacks on the network can be carried out. In addition, wireless transmission of data such as personal information (for example, SSNs), grades and other records by students, faculty and staff can if the transmission is unencrypted or poorly encrypted pose security and governance risks.

Multiple directories—Universities deal with a large number of different computing and network systems as well as a large and constantly changing student, faculty, and non-academic staff population. The dispersal of user identity information across various departmental directories makes it difficult to arrive at authoritative network access decisions. This problem is compounded by the constant adding, moving, updating, and deleting of user accounts in the various directories.

Compliance and monitoring—A growing number of governance initiatives require universities to produce reports that tie user identity to network access. CALEA (Communications Assistance for Law Enforcement Act) mandates electronic surveillance obligations unless campus networks are authenticated, thus creating private networks which are exempt.

Groups such as the RIAA, MPAA and others send periodic requests to identify violators of the DMCA (Digital Millennium Copyright Act). University medical schools must adhere to relevant HIPAA (Health Insurance Portability and Accountability Act) regulations, and online tuition payments and other credit card transactions must conform to the PCI (Payment Card Industry) specifications. University computing systems are as diverse as the organizations that deploy them - from research databases to email systems to billing and enrollment systems to health care systems used in a medical center. These systems each have security implications for the university network as a whole, since HIPAA or other compliance regulations may be relevant. With the different compliance regulations and number of types of systems that universities require, nearly every regulation is applicable for universities.

The Solution: Identity Engines Ignition

The Identity Engines Ignition™ platform centrally manages network access based on user and group data in the university’s existing identity stores. From its central position as the network access control platform, Ignition Server is uniquely able to unify authentication, authorization, and usage reporting for all network services. Ignition Server’s network user authentication, authorization, and auditing covers your whole network: wired, wireless, VPN, SSL-VPN, dial-up and any other RADIUS-capable network access equipment.

Ignition Server is based on a new architecture with support for the native RADIUS, Active Directory and LDAP interfaces that your existing systems use. This allow Ignition Server to be phased easily into existing environments to apply centralized network access control and immediate value. Ignition does not require a lengthy implementation cycle like many identity management products.

Ignition Server is based on a new architecture with support for the native RADIUS and LDAP interfaces that your existing systems use. This allow Ignition Server to be phased easily into existing environments to apply centralized network access control and immediate value. Ignition Server does not require a lengthy implementation cycle like many identity management products.

For university environments, Ignition Server provides the following features:

  • Wired and Wireless—Manages network authentication across wired and wireless systems.
  • Multiple Directories—Works with any number or combination of existing Microsoft Active Directory, Sun ONE, Novell eDirectory and other LDAP-compliant identity stores. Support for multiple Windows domains and Active Directory forests in one platform. Integrates with multiple back-end LDAP directories for students and faculty.
  • Differentiated Access—Applies identity-based policies to determine which areas of the network a specific user will be permitted to access.
  • Compliance and Monitoring—Provides identity-based access reporting and real-time monitoring.
  • Guest Access—Streamlines guest and visitor access, with role-based network segmentation and VLAN defaulting. Ignition Guest Manager™ gives university receptionists and help desk staff the ability to provide a temporary login account for any network service.
  • Straightforward Deployment —Ignition Server’s appliance form factor and tested interoperability supports seamless migration from legacy systems.

Conclusion

Identity Engines Ignition Server simplifies campus-wide access control policy and improves security while reducing the operating cost to manage and deliver these services. Ignition Server is engineered for heterogeneous network environments like those found in the typical university, and, as a result, it is the most practical solution for managing access to universities’ wired, wireless, and remote access networks.

AutoConnect Free Trial

Available Resources

Webinars


Campus Technology Webinar
Making the Grade with Role-based Network Access: Leveraging User Directories and 802.1X - Featuring a case study from Metropolitan Community College Kansas City » View Webcast

 AutoConnect: Automatic Configuration of 802.1X Clients
Featuring Southern University! » View Webinar

Controlling Guest Access in the New World of Highly-mobile Users
» View Webinar

Ignition: Enabling Ubiquitous Authenticated Networks
» View Webinar

White Papers

» Managing Guest Access in Education Network
» Network Access Management for Universities

Identity Engines Products

» Ignition Server
» Ignition Portal
» Ignition Guest Manager
» Ignition AutoConnect
PRODUCTS | SOLUTIONS | INDUSTRIES | SUPPORT | RESOURCES | PARTNERS | NEWS & EVENTS | COMPANY
© 2008 Identity Engines, Inc. All Rights Reserved. Privacy Statement | Terms and Conditions