+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 40 of 40
General Chat Thread, Use of personal devices on school network in General; Captive portals do cause issues on smartphones and tablets. Users hate having to open up their browser to authenticate before ...
  1. #31
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    982
    Thank Post
    130
    Thanked 229 Times in 183 Posts
    Rep Power
    75
    Captive portals do cause issues on smartphones and tablets. Users hate having to open up their browser to authenticate before an app can be used.

    If you want to invite the devices onto the network, you have to make them usable - over complicating matters unfortunately puts barriers in the way of the original brief. Finding the happy medium is tough.

  2. #32

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by IrritableTech View Post
    Captive portals do cause issues on smartphones and tablets. Users hate having to open up their browser to authenticate before an app can be used.

    If you want to invite the devices onto the network, you have to make them usable - over complicating matters unfortunately puts barriers in the way of the original brief. Finding the happy medium is tough.
    Having to open a browser before using an app is not a dreadful hardship. Much like logging in to a desktop PC before using Word isn't.

  3. #33
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    982
    Thank Post
    130
    Thanked 229 Times in 183 Posts
    Rep Power
    75
    Quote Originally Posted by localzuk View Post
    Having to open a browser before using an app is not a dreadful hardship. Much like logging in to a desktop PC before using Word isn't.
    I largely agree, but found the average end user didn't follow our mind set. I do believe however that we need to put in place as many solutions as possible to make a project a success for the learners - whilst ensuring regulations, legislation and laws are still respected.

  4. #34

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    3,217
    Thank Post
    943
    Thanked 645 Times in 504 Posts
    Rep Power
    288
    Quote Originally Posted by IrritableTech View Post
    Captive portals do cause issues on smartphones and tablets. Users hate having to open up their browser to authenticate before an app can be used.

    If you want to invite the devices onto the network, you have to make them usable - over complicating matters unfortunately puts barriers in the way of the original brief. Finding the happy medium is tough.
    We offered them a 'without captive portal' option in the consultation which would give them a general set of restriction at the firewall, they decided they didn't want the restrictions, then after half a term of grumbling about what they'd asked for, they decided they didn't want the means of working round the restrictions - so now they have the general restrictions, but otherwise it works like it does at home. Go Figure. The students adapted fine and were actually a bit miffed that we took the portal away.

  5. #35
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    152
    Thank Post
    12
    Thanked 20 Times in 20 Posts
    Rep Power
    5
    Quote Originally Posted by Oaktech View Post
    I totally understand and agree, but when you get the kind of backlash we've had, you do just go 'whatever' and go back to what you were doing before.

    If they were on the main network I'd be less inclined to roll over about it, but when it's a separate network and they are using essentially external tools (ePortal/HAP) to access things, to me it's not really any different from them using the tools at home.
    No criticism intended btw - I know exactly where you are coming.

    Radius for us is part of the same ruckus setup that does dpsk that irritable tech mentioned, its reasonably smooth and we have the promise of shiny apps and services staff we can entice them with when they play ball

  6. #36

    Join Date
    Jun 2012
    Location
    UK
    Posts
    39
    Thank Post
    0
    Thanked 6 Times in 5 Posts
    Rep Power
    7
    For those using pre shared keys and saying only IT know the key, you do know there are lots of tools out there that can recover the key once its on a system??? usually the tools require admin rights which all users shouldn't have but with it being there personal device then they will probably have admin rights. so my question is how do you stop this??

    To the original question we have a separate SSID with a captive web portal which uses AD for authentication, this puts the users on a separate vlan with ACL's and then our firewall also filters traffic and only allows some ports out.
    For email we run exchange 2010, we only allow SSL connections to the server and if the user wants to connect there phone they are required to encrypt there device and setup a passcode.

  7. #37

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,074
    Thank Post
    1,384
    Thanked 1,889 Times in 1,170 Posts
    Blog Entries
    19
    Rep Power
    614
    On a note about personal mobile devices being used to access emails, etc ...

    Within your AUP you must point out that these devices must be encrypted, secured with a complex passphrase (4 digit pass code or being able to follow a greasy, sliding trail on the screen is *not* good security) and, where possible, set to autowipe after x failed attempts to log in.

    Staff should give permission for routine checks to see that this is in place on personal devices, and should it not be then that device will be blocked from accessing the service.

    These are the *reasonable* technical and organisational measures that can be put in place to protect data (DPA principle 7).

    If staff don't like the IT staff doing checks then you increase the technical measures (VDI, etc) but the school accepts that this increases the capital and operational costs of the service.

  8. #38

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,839
    Thank Post
    669
    Thanked 2,188 Times in 1,493 Posts
    Blog Entries
    19
    Rep Power
    900
    Quote Originally Posted by GrumbleDook View Post
    Within your AUP you must point out that these devices must be encrypted, secured with a complex passphrase (4 digit pass code or being able to follow a greasy, sliding trail on the screen is *not* good security) and, where possible, set to autowipe after x failed attempts to log in.
    You don't even need it in the AUP.

    You can set security rules in O365 if they're adding it to mobile devices. [IIRC]

  9. #39

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,074
    Thank Post
    1,384
    Thanked 1,889 Times in 1,170 Posts
    Blog Entries
    19
    Rep Power
    614
    You don't even need it in the AUP.

    You can set security rules in O365 if they're adding it to mobile devices. [IIRC]
    You *do* need it in the AUP as you are keeping staff informed, gaining their acceptance and understanding of how and why things are set up in a particular way. If you don't include things like this you are not helping yourself or the school.

    It is not *all* about the technology, but also about the education of users ... oh, and PR too.

  10. #40

    Join Date
    Apr 2010
    Posts
    2,169
    Thank Post
    111
    Thanked 192 Times in 159 Posts
    Rep Power
    85
    This is a very handy post, although working in primary schools with very basic filtering etc makes BYOD much harder to implement. I have noticed remote wipe / policy pushing to devices in the Google apps for Education admin panel but have never played with it, something I will now rectify.



SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Replies: 19
    Last Post: 28th February 2013, 05:27 PM
  2. Legality of using book cover images on schools website
    By round2it in forum How do you do....it?
    Replies: 2
    Last Post: 15th November 2011, 05:09 PM
  3. Supporting public devices on school wireless network?
    By Dale_Mahalko in forum Wireless Networks
    Replies: 15
    Last Post: 25th October 2011, 10:58 PM
  4. notification of new device on network
    By RabbieBurns in forum Wireless Networks
    Replies: 13
    Last Post: 17th February 2011, 02:08 PM
  5. use of pupil images on website
    By adamyoung in forum School ICT Policies
    Replies: 4
    Last Post: 17th October 2005, 12:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •