Protecting Higher Education Networks with Secure Access Architecture

Colleges and universities have unique wireless network and security needs. They are typically densely-populated and highly-collaborative environments. Students and faculty alike rely on a consistent wireless connection that allows them fast and constant communication with each other across campuses and buildings.

They require access to various online resources and publications to conduct research for assignments and lesson plans, as well as access to various applications and software solutions to record, present, and share their findings. Furthermore, depending on the school or department, the priorities for accessing different applications and resources can vary drastically.

Aside from supporting academic needs, higher-education IT teams also must build a WLAN that can support devices students use during their daily lives in dorm rooms and residence halls, such as smart TVs, wireless printers, mobile devices, and more, with 42 percent of college students using two or more devices in an average day.

Building a wireless network that has the bandwidth and capabilities to deal with such high amounts of traffic and varying priorities is a challenge in and of itself. It is not uncommon for colleges and universities to have to deploy hundreds, or even thousands of access points across campuses to provide 24/7 Wi-Fi coverage. This infrastructural challenge is further complicated when factoring in the new security threats associated with the open networks in higher education.

Colleges and universities have become high-value targets for cybercriminals because of the types of data they store. This does not just include information on enrolled students, but often health, financial, and personally identifiable information on faculty, staff, administrators, and even students applying for entry. In fact, since 2005, higher education institutions have been victims of 539 breaches resulting in about 13 million known compromised records. This stolen information can then be sold on the dark web and used for fraudulent purposes that can have lasting effects on individuals. Schools are also at risk of hacks due to the housing of intellectual property from original research conducted in labs or other research facilities.

With these cyber threats in mind, higher-education institutions have to consider where they are most vulnerable and how they can mitigate risks.

WLAN Challenges in Higher Education

Today, university IT teams have to build WLAN infrastructure that offers strong connectivity with minimal restrictions and downtime, while simultaneously protecting users and data from current and evolving threats. These threats are exacerbated by increased application use and bring your own device (BYOD) popularity.

• Bring Your Own Device

Students and faculty are increasingly bringing multiple devices to campus and connecting to the network, creating a wider attack surface. This poses a unique challenge to wireless network security, as IT teams have to manage and secure devices that do not belong to them, and might be carrying some form of malware or exploitable vulnerability. These types of devices, such as wearables, tablets, gaming consoles, phones, and more, are popular targets for cybercriminals looking to leverage this access to compromise valuable information stored elsewhere on the network.

• Vulnerable Web Applications

The network is put at further risk by an influx of web applications used by students and faculty, both academically and personally. as Google Apps and Office 365. In addition to these applications, which university IT teams are more aware of, an increased number of connected devices means more applications with varying degrees of security and updates. This can be a major security problem for universities, as web application attacks accounted for 40 percent of data breach incidents in 2016.

Higher-education institutions have to secure the access layer with secure switches and access points to keep up with the technical demands of students and faculty at all times, while also keeping personal data stored on the network secure. With increased endpoints, IT teams are realizing that network access and network security must be an integrated process. Access layer security ensures that the network remains protected from the many user-owned devices, in addition to providing strong protection and detection features at the application layer.

Integrated Network Access and Security

Fortinet’s Secure Access Architecture addresses the connectivity challenges plaguing universities today, such as coverage, reliability, and BYOD onboarding, while incorporating advanced cybersecurity.

The Secure Access Architecture allows IT teams to rapidly scale their WLAN to support thousands of access points with high throughput as more devices connect. On large college campuses, channel planning – the process of ensuring that overlapping coverage cells do not have overlapping frequency space – can take months. This drastically slows IT’s ability to respond to increased connectivity needs. Secure Access Architecture, however, uses Virtual Cell to provide coverage across the network as if by one single radio. This ensures simplified roaming and handoff as students, staff, and faculty move about the campus. Additionally, because the network, rather than the user, chooses when it would be best to roam for better service, they are ensured the optimal connection as they move throughout campus.

This wireless infrastructure is integrated with Fortinet’s FortiGate security solution, which incorporates next-generation firewalls, anti-malware, web filtering, application control, and more within one manageable interface. For added layered security, Fortinet’s Secure Access Architecture also includes internal segmentation. This breaks up an otherwise flat network with added controls throughout, ensuring that any breaches are isolated and cannot compromise the entire network.

These security tools are fed with automatic threat intelligence updates from FortiGuard Labs, to provide immediate protection from new and emerging threats. Working together, these features increase prevention and detection measures to minimize the effects of cyberattacks through perimeter defenses and reduced dwell times.

Final Thoughts

Technology use on university campuses is only going to increase as students become more reliant on connected devices and applications in their academic and personal lives. At the same time, universities will face more frequent and sophisticated cyberattacks from criminals seeking valuable personal data. Universities have to integrate their network access and network security protocol to provide scalability and visibility to keep up with students’ needs while combatting malicious actors.

Let’s get a conversation going on Twitter! How do you integrate WLAN connectivity with security?