Poll: Do you allow students personal devices on your Wifi?

+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
General Chat Thread, Do you let student devices use your Wifi? in General; So, if a student brings their tablet/laptop to school do you allow them onto your WiFi to access the net? ...
  1. #1

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14

    Do you let student devices use your Wifi?

    So, if a student brings their tablet/laptop to school do you allow them onto your WiFi to access the net?

    Here all unauthenticated (IE non AD) users get forced to our proxy and asked for an AD logon, hence students get the same level of filtering regardless of device because they have to login to the proxy with their AD account.

    But what concerns me is what happens if they do something like download a virus to their device while using our Wifi, who gets the blame? And as an extension of that, am I to blame because I put the WiFi key in? I have a policy of not touching personal devices because I have no insurance should something happen like I drop it...

    Also, poll!

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    Antivirus on the webfilter.

  3. #3
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,461
    Thank Post
    9
    Thanked 344 Times in 238 Posts
    Rep Power
    107
    Nope.

    Because i have not been asked to.

    Because of experience in apps like evilgrade and other known nasties.

    Because we dont, as yet, have a network that can split the traffic away from mission critical data.

    Because im the only technical onsite staff and don't want to me lumbered with supporting student devices and a unauthorized electrical equipment plugged into the mains.

    Because budgets and time to plan, and implement such schemes don't mix.

  4. #4

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,580
    Thank Post
    59
    Thanked 370 Times in 286 Posts
    Blog Entries
    7
    Rep Power
    134
    Yes.

    We have a guest network which students are allowed to connect their devices to. It's bandwidth restricted and it only lets traffic from ports 80 and 443 through.

  5. #5

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 287 Times in 219 Posts
    Blog Entries
    1
    Rep Power
    176
    Yes, we do allow students on the WiFi. We have four different SSIDs and four different VLANS (Staff, Year 7, BYOD, Student). The "Student" wifi is for college owned devices used by students. Each VLAN has filtering settings appropriate for the group and has bandwidth shaping as well, so we don't require authentication, but we can track the users anyway because devices must be enrolled so we know the IP address a device has and the user of that device. We don't worry about viruses as most of our WiFi devices are iPads or Macbooks and we have four layers of malware protection (ClamX AV for Macs or Avast! for PCs, iBoss web filter (malware and phishing sites), OpenDNS (only for botnet and malware protection), and firewall gateway AV).
    Last edited by seawolf; 25th June 2013 at 11:51 AM.

  6. #6

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,683
    Thank Post
    755
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    You missed "Hell No!!!!" from your answers.

    Ben

  7. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,683
    Thank Post
    755
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    Also added an option for vlans to your poll to capture a bit more info for you.

    Ben

  8. #8
    mthomas08's Avatar
    Join Date
    Jun 2008
    Posts
    1,670
    Thank Post
    142
    Thanked 184 Times in 154 Posts
    Rep Power
    66
    Yes, we have an open Wi-Fi that they still have to logon to the internet for filtering.

    This wireless is completely off our main subnet so they can't even attempt to access certain systems.

  9. #9
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,568
    Thank Post
    346
    Thanked 328 Times in 248 Posts
    Rep Power
    113
    Only Sixth Form students.

  10. #10

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    Interesting, cheers for modifying the poll, one of the things we want to do when we get our new wireless in is to setup a guest SSID and route the traffic straight out.

    For those of you who use some sort of control/AUP what to do you use/do?

    Do you get the students to agree to a policy which means you aren't to blame and that they take responsibility etc? Or is it purely technical in the sense of security/vlans etc?

  11. #11

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 287 Times in 219 Posts
    Blog Entries
    1
    Rep Power
    176
    Quote Originally Posted by shadowx View Post
    Interesting, cheers for modifying the poll, one of the things we want to do when we get our new wireless in is to setup a guest SSID and route the traffic straight out.

    For those of you who use some sort of control/AUP what to do you use/do?

    Do you get the students to agree to a policy which means you aren't to blame and that they take responsibility etc? Or is it purely technical in the sense of security/vlans etc?
    Our AUP includes sections specifically related to the college having no responsibility or liability for damage caused by malware or loss of data whether or not it is the fault of the college (e.g. we delete a students work from the server accidentally or server crashes and backups are no good).

    In other words, you use our network with your device - you swim at your own risk. If we deleted your data and you don't have a backup - learn to make backups. Users are about 100x more likely to get malware at home than on our network, and we have never had devices get infected on our network except by students bringing malware from home on USBs, which was sorted within a couple of days with restrictions on students opening or saving any executable files of any type on a USB or any network drives, even zip files (that they were using to run games from within the zip file to get around our restrictions). That little trick has saved sum a LOT of headaches let me tell you.

  12. #12
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    978
    Thank Post
    130
    Thanked 229 Times in 183 Posts
    Rep Power
    75
    Information has to be secure, networks must be protected and users have to be monitored. However none of these are issues that can't be overcome with a bit of planning, money and time.

    We allow sixth form students and staff to BYOD. We use firewalls, encryption and secure passwords to keep information secure, VLANs, ACLs and device segregation to protect the network, and AUPs, filtering and monitoring to keep the users safe.

    All of which should already be set up even if you don't allow BYOD really. I think the arguments for not allowing people to use the devices they all ready own are becoming weaker by the day.

  13. #13

    Join Date
    Oct 2005
    Location
    mnah mnah!
    Posts
    1,124
    Thank Post
    274
    Thanked 227 Times in 173 Posts
    Rep Power
    113
    To follow on from @Norphy's answer, we require staff, not just students, to use our guest portal for BYOD devices.

    I wouldn't entertain letting untrusted devices connect directly to the LAN via an unfiltered, unprotected wireless connection, and while I agree with irritable tech's comment about the arguments against letting people use their own devices becoming weaker, I would still stand firmly behind the idea that it's better not to do "BYOD" at all than to do it badly.
    Last edited by Roberto; 25th June 2013 at 01:28 PM.

  14. #14

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    Quote Originally Posted by seawolf View Post
    Our AUP includes sections specifically related to the college having no responsibility or liability for damage caused by malware or loss of data whether or not it is the fault of the college (e.g. we delete a students work from the server accidentally or server crashes and backups are no good).

    In other words, you use our network with your device - you swim at your own risk. If we deleted your data and you don't have a backup - learn to make backups. Users are about 100x more likely to get malware at home than on our network, and we have never had devices get infected on our network except by students bringing malware from home on USBs, which was sorted within a couple of days with restrictions on students opening or saving any executable files of any type on a USB or any network drives, even zip files (that they were using to run games from within the zip file to get around our restrictions). That little trick has saved sum a LOT of headaches let me tell you.
    So I take it your AUP is one which students (and staff) are required to sign before they are given the college owned device?

    I definitely agree with IrritableTech that BYOD stuff should be segregated and treated by default as though it is virus ridden and dodgy and kept well away from critical areas! As for staff BYOD they too would be subject to traffic VLANs and what not, the technical aspects are fairly straight forward, what I can't get my head around is how we protect ourselves/the school, from accusations of "He deleted all my photos/infected my ipad/their internet destroyed my kindle" etc...

  15. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    I voted "Yes" before the "guest SSID/VLAN" option was available.
    I don;t think a VLAN in itself is good enough for BYOD, it has to be firewalled from the other networks.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •