Cisco: Taking a Leap

The networking giant has come up with its own version of a wireless security standard. It works well for some. Others see limitations.

Market leader Cisco Systems says it has an answer for network managers trying to sort out Wi-Fi security. Known as the Lightweight Extensible Authentication Protocol (LEAP), it's Cisco's implementation of an emerging wireless-network security standard that plugs holes in the authentication and encryption standard built into most existing corporate facilities.

There's just one problem: Even though they agree it is a big improvement, many users of Cisco's wireless-network access points are avoiding LEAP. Some Cisco customers, such as Carolyn Coulter, systems officer at the Boston Public Library, see LEAP as a proprietary system that doesn't fit on a network open to a variety of devices, from standard PC laptops to Macs and handheld devices.

In Boston's 27 libraries—where 100 Cisco wireless access points have been deployed over the last year for patron use—Coulter can't be sure that all visitors will have Cisco-compatible gear. So she plans to use a gateway—Bluesocket's WG-2100—to authenticate users on the library's network and possibly to encrypt wireless traffic.

Other Cisco customers are bypassing both LEAP and other gateways altogether. The Hotel Valencia in San Jose, Calif., for example, provides unlimited access to its wireless network but restricts what guests can do. The upscale, 213-room hotel, which has deployed four Cisco wireless access points covering the property's public areas, doesn't authenticate users, nor does it encrypt wireless traffic. But it limits users to Internet access, and walls off its wireless network from its wired one, according to Information Technology Director David Besser.

At CareGroup Healthcare Systems' six hospitals, where doctors can't afford to have the network fail, laptops and a Cisco wireless network are used to access patient records. Cisco LEAP security works in the hospital environment, says CIO John Halamka, because the type of clients accessing the network there can be strictly limited to those with LEAP-compliant cards and software. "The hospital is a more-controlled environment versus academia," says Halamka, who is also CIO at the Harvard Medical School. "Here we can really clamp down and be rigorous about what kinds of wireless devices we allow and what we don't allow."

---

Cisco
170 W. Tasman Drive, San Jose, CA 95134
(408) 526-4000 www.cisco.com/en/us/products/hw/wireless/index

Ticker: CSCO
Exchange: NASDAQ
Employees: 34,466
Larry Birenbaum
Senior VP, Ethernet Access Technology Group
Heads the unit that designs and markets wired and wireless networking products for large and medium-size businesses.

Bill Rossi
VP, Wireless Networking Business Unit
Responsible for day-to-day operations and strategic direction of the unit.

Christine Falsetti
Director, Mobility and Wireless, Product and Technology Marketing
Handles marketing for the entire wireless product line.

Products
Aironet access points, antennas, and client adapter cards; Linksys wireless access points for home and small office; Cisco Wireless Security Suite, the wireless-security package; CiscoWorks Wireless Network Solution Engine, a management package.

---

Reference Checks

University of North Carolina
Jim Gogan
Director of Technology
(919) 962-7155
Project: UNC has installed 350 Cisco wireless access points on campus, but has bypassed Cisco's LEAP encryption.

Valencia Hotel Group
David Besser
Director, I.T.
dbesser@valenciagroup.com
Project: Hospitality company has installed four Cisco access points to provide wireless Internet access to guests at San Jose, Calif., hotel.

University of Massachusetts at Amherst
Christopher Misra
Network Analyst
cmistra@oit.umass.edu
Project: Began deploying Cisco network-access points last March, initially extending existing virtual private network to provide wireless security. Now, uses 35 access points.

Boston Public Library
Carolyn Coulter
Systems Officer
(617) 536-5400
Project: Library's 27 branches have installed 100 Cisco access points, but are evaluating other vendors for security.

St. John's University
Joe Tufano
Executive
Director, I.T.
tufanoj@stjohns.edu
Project: University has 171 Cisco access points to cover two of its five campuses, but bypassed Cisco's security product.

Caregroup Healthcare System
John Halamka
CIO
jhalamka@caregroup.harvard.edu
Project: Healthcare provider uses 50 Cisco access points to cover six hospitals. It has opted for Cisco LEAP/Radius to authenticate doctors and other staff with network access.

Executives listed here are all users of Bluesocket's products. Their willingness to talk has been confirmed by Baseline.