West Point Secures Wireless LANWest Point Secures Wireless LAN

The U.S. Military Academy at West Point knows something about the importance of security. The school didn't want to take any chances when it installed a wireless LAN to enhance classroom training. "It had to be secure before we did anything," since the wireless LAN was connected to West Point's main network, says Col. Donald Welch, associate dean for information and educational technology.

The school looked at a variety of wireless LAN security options, including virtual private networks and the Wired Equivalent Privacy protocol, before selecting the WirelessWall Software Suite security software from Cranite Systems Inc. (see "Networks Without a Safety Net," June 24, p. 70).

Welch wanted software that complied with the Federal Information Processing Standard 140-2 for implementing encryption software. Plus, he needed an easy way to create user policies using his existing directories because his department each fall has to handle the arrival of 1,000 new cadets who are issued a wireless-enabled notebook. "We wanted a way to increase the quality of our education," Welch says. "Because people write differently in longhand, the English department wants cadets to write on a computer." In addition, West Point professors wanted to teach in a real-time wireless environment, and many had developed online curricula.

The software also provides strong mutual authentication between the notebook and the wireless server and uses the new Advanced Encryption Standard in place of the Wired Equivalent Privacy protocol. "There are a lot of people doing a lot of tricks with WEP. With that encryption standard, you're always in a race against the hackers," Welch says. "If you miss a step, you're in trouble."

Cranite's suite uses three components: a policy server that creates policies for how devices and users can connect to the network, an access controller that enforces policies for connections and encrypts and decrypts authorized traffic, and the client software that's installed on each mobile device and encrypts and decrypts the data. A starter bundle with one policy server and an access controller for up to 25 connections is priced about $4,000.

While security administrators at many universities complain that students often use their networks as a playground to hack, Welch says that's not a problem at West Point. "Generally, if we tell them something is wrong and not to do it, they listen," he says. "If they don't, we have ways of dealing with that here."