Cisco: Taking a LeapBy Baselinemag | Posted 2003-11-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
The networking giant has come up with its own version of a wireless security standard. It works well for some. Others see limitations.
Market leader Cisco Systems says it has an answer for network managers trying to sort out Wi-Fi security. Known as the Lightweight Extensible Authentication Protocol (LEAP), it's Cisco's implementation of an emerging wireless-network security standard that plugs holes in the authentication and encryption standard built into most existing corporate facilities.
There's just one problem: Even though they agree it is a big improvement, many users of Cisco's wireless-network access points are avoiding LEAP. Some Cisco customers, such as Carolyn Coulter, systems officer at the Boston Public Library, see LEAP as a proprietary system that doesn't fit on a network open to a variety of devices, from standard PC laptops to Macs and handheld devices.
In Boston's 27 librarieswhere 100 Cisco wireless access points have been deployed over the last year for patron useCoulter can't be sure that all visitors will have Cisco-compatible gear. So she plans to use a gatewayBluesocket's WG-2100to authenticate users on the library's network and possibly to encrypt wireless traffic.
Other Cisco customers are bypassing both LEAP and other gateways altogether. The Hotel Valencia in San Jose, Calif., for example, provides unlimited access to its wireless network but restricts what guests can do. The upscale, 213-room hotel, which has deployed four Cisco wireless access points covering the property's public areas, doesn't authenticate users, nor does it encrypt wireless traffic. But it limits users to Internet access, and walls off its wireless network from its wired one, according to Information Technology Director David Besser.
At CareGroup Healthcare Systems' six hospitals, where doctors can't afford to have the network fail, laptops and a Cisco wireless network are used to access patient records. Cisco LEAP security works in the hospital environment, says CIO John Halamka, because the type of clients accessing the network there can be strictly limited to those with LEAP-compliant cards and software. "The hospital is a more-controlled environment versus academia," says Halamka, who is also CIO at the Harvard Medical School. "Here we can really clamp down and be rigorous about what kinds of wireless devices we allow and what we don't allow."
170 W. Tasman Drive, San Jose, CA 95134
(408) 526-4000 www.cisco.com/en/us/products/hw/wireless/index
Senior VP, Ethernet Access Technology Group
Heads the unit that designs and markets wired and wireless networking products for large and medium-size businesses.
VP, Wireless Networking Business Unit
Responsible for day-to-day operations and strategic direction of the unit.
Director, Mobility and Wireless, Product and Technology Marketing
Handles marketing for the entire wireless product line.
Aironet access points, antennas, and client adapter cards; Linksys wireless access points for home and small office; Cisco Wireless Security Suite, the wireless-security package; CiscoWorks Wireless Network Solution Engine, a management package.
University of North Carolina
Director of Technology
Project: UNC has installed 350 Cisco wireless access points on campus, but has bypassed Cisco's LEAP encryption.
Valencia Hotel Group
Project: Hospitality company has installed four Cisco access points to provide wireless Internet access to guests at San Jose, Calif., hotel.
University of Massachusetts at Amherst
Project: Began deploying Cisco network-access points last March, initially extending existing virtual private network to provide wireless security. Now, uses 35 access points.
Boston Public Library
Project: Library's 27 branches have installed 100 Cisco access points, but are evaluating other vendors for security.
St. John's University
Project: University has 171 Cisco access points to cover two of its five campuses, but bypassed Cisco's security product.
Caregroup Healthcare System
Project: Healthcare provider uses 50 Cisco access points to cover six hospitals. It has opted for Cisco LEAP/Radius to authenticate doctors and other staff with network access.
Executives listed here are all users of Bluesocket's products. Their willingness to talk has been confirmed by Baseline.