Open Secure Networking – The North-West University Approach

Saturday 1st June, 2013

Khipu Networks, provider of Cyber Security Solutions within the Education sector, today announce that North-West University (NWU) in South Africa has implemented Bradford Networks’ Network Sentry Solution to secure and manage network access for about 20,000 students of the total student population of 55,000.

NWU selected Network Sentry to automate registration and enforce security policy compliance on mobile devices connecting to their campus and residential networks (Resnet). To accommodate the growing use of mobile devices, including laptops, tablets and smartphones, NWU embarked on a project to provide wireless access to educational resources across its three campuses, creating a distributed network that needed to be centrally managed. As part of their Wi-Fi rollout, NWU had to find a solution that would provide complete visibility of who and what was connecting to their network at all times, ensuring that each user and their device was authorised and complied with NWU’s network security requirements before gaining access. Whatever solution NWU selected, it had to automate the entire process with little or no intervention between the students and NWU’s IT support team.

Prior to selecting Network Sentry, NWU reviewed several network access control (NAC) technologies, including Juniper Networks’ UAC and Alcatel-Lucent’s DNAC. Khipu approached NWU with their NAC deployment model based upon 6 years’ experience of implementing the Bradford Networks solution into Education environments. It was the only solution that met and exceeded all of NWU’s requirements both on the campus and Resnet wired and wireless networks, without the need of complex network redesign, multiple appliances or reliance on specific network vendor functionality.

“On paper and having reviewed Khipu’s and Bradford Networks customer deployments, the solution looked ideal for our environment. However, we still wanted to test the solution in our live environment against all of our requirements and on our specific network setup before making the investment”

Attie Juyn, IT Director at NWU.

Working in partnership with Khipu, NWU undertook an extensive pilot of the Bradford Networks Solution, deploying the technology in a live environment against an extensive list of test criteria including;

  • Must support all types of devices and Operating Systems
  • Fits into NWU’s environment with little or no network re-design
  • Foes not rely on a particular data or wireless vendor
  • Is ‘out of band’, not in-line architecture
  • Automates the student’s registration process
  • Enforces a security policy that does not affect the students experience or creates additional work for NWU’s IT team.

“Our campus population has embraced the use of mobile devices, specifically laptops and smartphones. We needed to provide an environment that will enable them to get secure, Wi-Fi access, anytime anywhere. As part of this effort, we had to make sure that these devices also met our IT security policies. Network Sentry was the only solution that satisfied all of our pilot criteria. Khipu proved the solutions fit within our environment, giving us the confidence that it was the right NAC technology to be rolled out across our 20,000 user multiple-site campus environment”

Hannes Kriel, Project Lead at NWU.

In May, soon after the completed pilot, Khipu and Hannes’ team commenced the full NAC roll out using Bradford’s virtual machine (VM) Network Sentry solution, enabling a quick and central deployment across NWU’s Mafikeng, Vaal Triangle and Potchefstroom campuses.

“Network sentry provides us with complete visibility of all the devices connecting to our network, while ensuring that the appropriate devices meet the security rules in place for access. By automating the provisioning process for network access, we’ve created an environment that is extremely friendly to our campus population, while ensuring the best level of security to protect our network”.

Network Sentry is the first network security offering that automatically identifies and profiles all devices and all users on a network, providing complete visibility and control. The solution provides automatic registration of the users device(s) the first time they connect to the network. If the user / device is valid, the system then enforces NWU’s Acceptable Use Policy (AUP) and security compliance check including; ensuring that virus and spyware protection is present and up to date. Devices without the proper security settings are remediated with simple instructions to ‘self-fix’ their device before being granted network access. The mobile devices are then able to roam among campuses without having to re-register.

“We are extremely pleased to have completed the project with the NWU team, having met all of their requirements for an open and secure network environment, the project has been a great success. With NWU being our first South African based University deployment, we believe that other Education Institutions will look to this as a model for providing secure network access to their user populations”.

Matt Ashman, Director, Khipu Networks.

About North-West University

The North-West University is a truly diverse, multi-campus South African university that strives to become a balanced teaching-learning and research institution. In terms of student numbers, it is the fourth largest university in South Africa with more than 55 000 enrolled students, annually conferring more than 13 000 degrees and diplomas. Apart from various accolades like winning the coveted prize of the Most Innovative University in South Africa, sponsored by the Department of Science and Technology’s Innovation Fund in 2008, the NWU received the award for the best governed higher education institution (PricewaterhouseCoopers award) for the fifth consecutive year in 2011.

More information about the NWU can be found at

About Khipu Networks

Khipu Networks core business is to provide secure and dynamic network solutions into public sector and corporate organisations, providing the following:

  • ACCESS – Wireless and Remote Mobility, LAN Infrastructures and Core Network Services Solutions
  • VISIBILITY – Device Visibility, User, Content and Threat Identification and Network Behaviour Analysis
  • CONTROL – Network Access Control, Next Generation Firewalls and Intrusion Prevention Solution