Abstract
This presentation describes an approach taken at the Pennsylvania State University to provide comprehensive, overlapping user authentication and tracking throughout a highly distributed 20-campus system. Two overlapping security systems were constructed to provide secure Internet access for users with dedicated desktop systems and/or mobile, laptop systems. Both security systems work in conjunction with a centralized Kerberos server. All permanent computers are secured through a network of NT servers with a shared authentication database. Mobile computers are secured through a system of firewalls, authentication Web servers, and DHCP servers. These two systems overlap to provide a scalable security model that can be applied in any size higher education institution or corporate environment.