Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Authentication Gets Into Stanford: Page 2 of 6

Today, guest faculty and other official visitors access Stanford's wireless LAN using guest accounts assigned by their hosts. "A guest doesn't show up in our MAC address database but gets an ISP IP address instead of a Stanford one," Reese says. "He or she can then use the network but not access resources that are restricted, like the library."

When Reese and his team first evaluated authentication options last year, they had three main criteria--the solution had to be inexpensive, it couldn't rely on proprietary client software and it had to be compatible with Stanford's Kerberos infrastructure. "Loading a client on thousands of computers would be a huge undertaking," Reese says. "We wanted authentication, not to kill our helpdesk."

But some operations at the university require a client package for authentication. The medical school is using Perfigo's optional SecureSmart client package so it can meet the encryption requirements of the Health Insurance Portability and Accountability Act (HIPAA), and the business school is next in line to go with the Perfigo wireless client. Although the Perfigo client is relatively lightweight, the medical school has set up its own helpdesk to handle support.

The wireless network meets the wired one at a main hub on campus, and the wireless segments are divided into eight areas. But Stanford has found that even within a wireless area, a user can lose his wireless connection if he travels to a nearby building. Then he has to authenticate all over again. "You should be able to close your laptop and walk from one office to another in the same area," Reese says. The problem could relate to how different laptop manufacturers handle hibernation mode, he says, but no one is certain why it happens. So Stanford gave Perfigo its internal APIs to integrate its S/Ident client with the SecureSmart servers. Now the servers automatically request the user's encrypted--and cached--credentials from the client machine. So if you lose a wireless session, Reese says, you don't have to authenticate all over again.

Reinventing Wireless