+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 40
General Chat Thread, Use of personal devices on school network in General; We say the following: this is on the top of the sheet that records username, mac address and signature I ...
  1. #16

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    We say the following: this is on the top of the sheet that records username, mac address and signature


    I understand that by requesting and receiving access to, and using, the <<Academy Name>> wireless network that I have agreed to not disclose the access key to any other person; student, teacher or visitor. I will direct all requests for this information to the IT Department.

    I further agree that I will not disclose any other information about the colleges network, such as server addresses, IP schemes or proxy details, that I may have access to as a result of receiving wireless access.

    By signing this document I also confirm that my device has appropriate and up to date firewall, antivirus and system updates. I undertake to ensure that this protection will continue for the duration of my use of this wireless network

    I am aware that wireless access is a privilege, that it is filtered for my safety and that it's use will be monitored, and that the privilege can be withdrawn at any time.

  2. #17
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,319
    Thank Post
    40
    Thanked 142 Times in 117 Posts
    Rep Power
    53
    We just have a separate VLAN for the guest WiFi, on a separate SSID with a captive portal on Ruckus. Any staff member can connect their personal phones, tablets to it and login using their Active Directory login for our domain, or we can generate a guest pass. That way if there is something nasty it won't touch the main network, and we also have Fortigate checking all traffic on the separate VLAN for malware/viruses so we can see if something with an infection is on.

  3. #18

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,793
    Thank Post
    1,789
    Thanked 2,181 Times in 1,616 Posts
    Rep Power
    771
    School devices only on the curriculum network. Staff are only allowed to put their personal devices on the Guest network.

  4. #19

    Join Date
    Mar 2011
    Location
    York
    Posts
    70
    Thank Post
    14
    Thanked 10 Times in 10 Posts
    Rep Power
    15
    I'm curious about organisations who are using a single preshared key for wireless. Why do you do this when things like WPA 802.11x RADIUS authenticating against AD are available?

  5. #20

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Quote Originally Posted by iom100 View Post
    I'm curious about organisations who are using a single preshared key for wireless. Why do you do this when things like WPA 802.11x RADIUS authenticating against AD are available?
    Level of complexity that our staff won't stomach. We tried it, along with a captive portal that gave them the correct level of filtering based on their AD credentials (which should have been a massive bonus) they decided we were deliberately trying to be difficult. The feedback was 'we want it to work like it does at home' so preshared key it was...

  6. #21

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Oaktech View Post
    We say the following: this is on the top of the sheet that records username, mac address and signature
    That's very useful = thanks.

  7. #22

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Oaktech View Post
    ...so preshared key it was...
    That's interesting , we're looking at Radius at the moment.
    Last edited by kerryturner; 13th June 2014 at 01:26 PM.

  8. #23

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Quote Originally Posted by kerryturner View Post
    That's interesting , we're looking at Raduis at the moment.

    I wouldn't discount it untill you've tried it, we have some proper luddites!

  9. #24
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    123
    Thank Post
    12
    Thanked 17 Times in 17 Posts
    Rep Power
    3
    Similar to those above in separating byod access from the internal network except for pointing out to them they are not at home, they are working at a school dealing with confidential information about children and they should be looking for my replacement if they want a network like at home, I have visited some teachers homes (cough) usually to clean up the viruses from all 3 computers (cough) and would certainly not be plugging anything of mine into their home networks, so radius and ad based access it is...

  10. #25

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Quote Originally Posted by Jasbo View Post
    Similar to those above in separating byod access from the internal network except for pointing out to them they are not at home, they are working at a school dealing with confidential information about children and they should be looking for my replacement if they want a network like at home, I have visited some teachers homes (cough) usually to clean up the viruses from all 3 computers (cough) and would certainly not be plugging anything of mine into their home networks, so radius and ad based access it is...

    I totally understand and agree, but when you get the kind of backlash we've had, you do just go 'whatever' and go back to what you were doing before.

    If they were on the main network I'd be less inclined to roll over about it, but when it's a separate network and they are using essentially external tools (ePortal/HAP) to access things, to me it's not really any different from them using the tools at home.

  11. #26

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Can I ask what the difference in terms of access/use between the key and the Radius was? Was it like a two step authentication, or more lock down on filtering? What did they object to? Or did they just object because it wasn't what it used to be?

  12. #27

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by Oaktech View Post
    Level of complexity that our staff won't stomach. We tried it, along with a captive portal that gave them the correct level of filtering based on their AD credentials (which should have been a massive bonus) they decided we were deliberately trying to be difficult. The feedback was 'we want it to work like it does at home' so preshared key it was...
    I had some whinging along those lines here, and told them it was tough luck - we found a need to be able to pinpoint what anyone was doing on any web connected device in the school, so individual logins are mandatory.

  13. #28


    Join Date
    Jan 2009
    Posts
    1,230
    Thank Post
    151
    Thanked 240 Times in 166 Posts
    Rep Power
    155
    Quote Originally Posted by Oaktech View Post
    Level of complexity that our staff won't stomach. <SNIP> The feedback was 'we want it to work like it does at home' so preshared key it was...
    Are you sure you don't work here and how come we've never met?

  14. #29
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    797
    Thank Post
    84
    Thanked 173 Times in 142 Posts
    Rep Power
    65
    We've come up with a reasonably happy medium here using the ruckus Dynamic Pre Shared Key system.

    Each user has to authenticate every couple of weeks and they receive their own 64 character wifi password, after that it works like it does at home until it expires. From our point of view each device is authenticated to a user and we can filter appropriately, from their point of view, they don't have to authenticate every hour or day.

    If I didn't use Ruckus or have another solution with a similar feature, I'd have to insist on WPA2-Enterprise/Radius here. Otherwise all your users traffic encryption key is the same and therefore useless.

  15. Thanks to IrritableTech from:

    kerryturner (13th June 2014)

  16. #30

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Quote Originally Posted by kerryturner View Post
    Can I ask what the difference in terms of access/use between the key and the Radius was? Was it like a two step authentication, or more lock down on filtering? What did they object to? Or did they just object because it wasn't what it used to be?
    They came to us, we recorded the mac address, entered into the mac filtering and installed a certificate, The device was then allowed onto the network and when a browser was opened a pretty page was shown asking for username and password, they entered it, the system backed off and let them do anything they were allowed to do by the filtering.

    They didn't like the certificate process, they got jittery about us installing stuff they didn't understand (read:didn't want to understand) then they didn't like the captive portal as they felt it was intrusive as it overrode their homepage.

  17. Thanks to Oaktech from:

    kerryturner (13th June 2014)

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Replies: 19
    Last Post: 28th February 2013, 04:27 PM
  2. Legality of using book cover images on schools website
    By round2it in forum How do you do....it?
    Replies: 2
    Last Post: 15th November 2011, 04:09 PM
  3. Supporting public devices on school wireless network?
    By Dale_Mahalko in forum Wireless Networks
    Replies: 15
    Last Post: 25th October 2011, 09:58 PM
  4. notification of new device on network
    By RabbieBurns in forum Wireless Networks
    Replies: 13
    Last Post: 17th February 2011, 01:08 PM
  5. use of pupil images on website
    By adamyoung in forum School ICT Policies
    Replies: 4
    Last Post: 17th October 2005, 11:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •