In 2001, the university embarked on a program to improve its technology infrastructure, which included upgrading the wiring on campus. But it wasn’t reaching all areas of campus, particularly classrooms.

“We have a very technology-literate body here, particularly in faculty and staff,” says Marilyn Hay, manager of UBC’s Network Management Centre. “Some of the departments were trying to set up their own wireless networks and [we could see] some of the issues they were having. Wireless isn’t something that’s easy to contain in small spaces.”

As a result, the university spun off a sub-project to install wireless across the entire campus, which would be managed by the central IT department. This included a Cisco Wi-Fi wireless local area network (WLAN), a Nortel Connectivity virtual private network (VPN) and Colubris authentication servers. By 2003, it had installed 1,200 wireless access points across campus.

A campus-wide login system propagates through the authentication servers, explained Hay, which means users can’t access the Internet unless they have an account with UBC. When students or faculty log in, they have full access to the Internet, but their sessions are not encrypted unless they use the VPN — which is not a requirement but provided as an option. The university has a student population of 40,000 to 50,000 and, as such, there are security incidents on a regular basis.

“There’s always somebody trying to do something,” says Hay. “It doesn’t matter what network they’re on.”

UBC has an IT security team that deals with hacking and other security incidents. If need be, a situation is escalated to authorities such as the RCMP. “Because you have to be authenticated to get on the system, we know who is using the system at any one time and what IP address and what MAC address [they’re using],” says Hay.

“We also use Cisco’s management software for wireless called Wireless Control System and it provides very good information as to what systems are connected to which access points, so we have monitoring in place for being able to follow that as we need to.” UBC was an early adopter of large-scale access point deployments across campus, but as wireless standards changed, the university had to be able to support those changes.

“It was challenging because the wireless network went through three technology changes over the course of four years,” says Hay. The adoption of the 802.1x standard (which provides port-based network access control) has been slow because it requires users to go through several steps on their Windows machine to get it set up properly. “We’re hoping that as the operating systems mature for supporting wireless that will become easier,” she says.

Around 2004, as standards were better defined for wireless access, UBC rolled out its second service set identifier (SSID) — the ID of a WLAN ”“ called UBC Secure. This means if users have an 802.1x-compliant machine, they can connect with UBC Secure using that protocol, which provides encryption. Every day during the school year, more than 9,000 students and faculty use wireless Internet access on campus, and at any one point in time there are about 4,000 people logged in to the system.

“That stretches the limits of the authentication system in place,” said Hay, “so we’re looking at how we can address that a little bit better.” There’s also a need for more awareness campaigning so students choose to use more secure access methods, such as the VPN. Some universities provide public access to the Internet, which means it’s unprotected, but at the same time must protect their internal private network.

This means networks in university settings are typically segmented, says Doug Cooper, country manager of Intel of Canada, which uses Cisco extensions in its Centrino chips to interoperate with a Cisco WLAN infrastructure. At UBC, for example, anyone can access its library site because it’s a public institution, but they can’t get into any of the underlying databases that are registered for university use only.

Despite the challenges, wireless is becoming more ubiquitous in university settings because it offers more flexibility in the classroom — and students have come to expect it. Microsoft Windows XP Service Pack 2 has added more support for wireless, such as prioritizing profiles, which means the system naturally gravitates to certain connections over others — and users can stop it from connecting to rogue networks. “So it’s getting a lot easier,” says Cooper. “We’re actually starting to use the encrypted protocols from the access point directly with the notebook.”

If the notebook itself uses standards for security, users can authenticate, connect and have a secure connection without a VPN.

“That’s better because there’s no additional software needed on the system,” he says. “It does the authentication with the access point.”

This is actually more secure than a wired connection, he says, because most wired connections are unencrypted. “The perception is still there that wireless networks are not secure,” he says. “More people, though, are aware of the fact that they can be made secure and the access point vendors are getting smarter about making it easy to configure them so they don’t require you to enter Web keys — and it becomes more transparent.”