Antivirus on the webfilter.
So, if a student brings their tablet/laptop to school do you allow them onto your WiFi to access the net?
Here all unauthenticated (IE non AD) users get forced to our proxy and asked for an AD logon, hence students get the same level of filtering regardless of device because they have to login to the proxy with their AD account.
But what concerns me is what happens if they do something like download a virus to their device while using our Wifi, who gets the blame? And as an extension of that, am I to blame because I put the WiFi key in? I have a policy of not touching personal devices because I have no insurance should something happen like I drop it...
Antivirus on the webfilter.
Because i have not been asked to.
Because of experience in apps like evilgrade and other known nasties.
Because we dont, as yet, have a network that can split the traffic away from mission critical data.
Because im the only technical onsite staff and don't want to me lumbered with supporting student devices and a unauthorized electrical equipment plugged into the mains.
Because budgets and time to plan, and implement such schemes don't mix.
We have a guest network which students are allowed to connect their devices to. It's bandwidth restricted and it only lets traffic from ports 80 and 443 through.
Yes, we do allow students on the WiFi. We have four different SSIDs and four different VLANS (Staff, Year 7, BYOD, Student). The "Student" wifi is for college owned devices used by students. Each VLAN has filtering settings appropriate for the group and has bandwidth shaping as well, so we don't require authentication, but we can track the users anyway because devices must be enrolled so we know the IP address a device has and the user of that device. We don't worry about viruses as most of our WiFi devices are iPads or Macbooks and we have four layers of malware protection (ClamX AV for Macs or Avast! for PCs, iBoss web filter (malware and phishing sites), OpenDNS (only for botnet and malware protection), and firewall gateway AV).
Last edited by seawolf; 25th June 2013 at 11:51 AM.
You missed "Hell No!!!!" from your answers.
Also added an option for vlans to your poll to capture a bit more info for you.
Yes, we have an open Wi-Fi that they still have to logon to the internet for filtering.
This wireless is completely off our main subnet so they can't even attempt to access certain systems.
Only Sixth Form students.
Interesting, cheers for modifying the poll, one of the things we want to do when we get our new wireless in is to setup a guest SSID and route the traffic straight out.
For those of you who use some sort of control/AUP what to do you use/do?
Do you get the students to agree to a policy which means you aren't to blame and that they take responsibility etc? Or is it purely technical in the sense of security/vlans etc?
In other words, you use our network with your device - you swim at your own risk. If we deleted your data and you don't have a backup - learn to make backups. Users are about 100x more likely to get malware at home than on our network, and we have never had devices get infected on our network except by students bringing malware from home on USBs, which was sorted within a couple of days with restrictions on students opening or saving any executable files of any type on a USB or any network drives, even zip files (that they were using to run games from within the zip file to get around our restrictions). That little trick has saved sum a LOT of headaches let me tell you.
Information has to be secure, networks must be protected and users have to be monitored. However none of these are issues that can't be overcome with a bit of planning, money and time.
We allow sixth form students and staff to BYOD. We use firewalls, encryption and secure passwords to keep information secure, VLANs, ACLs and device segregation to protect the network, and AUPs, filtering and monitoring to keep the users safe.
All of which should already be set up even if you don't allow BYOD really. I think the arguments for not allowing people to use the devices they all ready own are becoming weaker by the day.
To follow on from @Norphy's answer, we require staff, not just students, to use our guest portal for BYOD devices.
I wouldn't entertain letting untrusted devices connect directly to the LAN via an unfiltered, unprotected wireless connection, and while I agree with irritable tech's comment about the arguments against letting people use their own devices becoming weaker, I would still stand firmly behind the idea that it's better not to do "BYOD" at all than to do it badly.
Last edited by Roberto; 25th June 2013 at 01:28 PM.
I definitely agree with IrritableTech that BYOD stuff should be segregated and treated by default as though it is virus ridden and dodgy and kept well away from critical areas! As for staff BYOD they too would be subject to traffic VLANs and what not, the technical aspects are fairly straight forward, what I can't get my head around is how we protect ourselves/the school, from accusations of "He deleted all my photos/infected my ipad/their internet destroyed my kindle" etc...
I voted "Yes" before the "guest SSID/VLAN" option was available.
I don;t think a VLAN in itself is good enough for BYOD, it has to be firewalled from the other networks.
There are currently 1 users browsing this thread. (0 members and 1 guests)