+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 40
General Chat Thread, Use of personal devices on school network in General; My apologies if this has already been posted and answered elsewhere on here. I trawled the forums and struggled to ...
  1. #1

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Use of personal devices on school network

    My apologies if this has already been posted and answered elsewhere on here. I trawled the forums and struggled to find anything. Essentially, more and more staff are wanting to use their personal devices on the school network. It stands to reason that if tablets and phones can connect to a filtered wireless connection, so could laptops. This then leads to staff being able to type in a file path to their network documents, bringing about a potential risk. Should I be less worried about IOS devices and more concerned about Android/others?

    What do others do about foreign devices on their networks? Has anyone set up a Sophos UTM? Perhaps we should be looking at a VDI solution? (Sounds expensive.)

    Also, school email access on personal phones, iPads? Seems a bit of a data protection risk if the device can't be wiped if lost, stolen or sold on? Or am I over thinking this?

    Sorry if all of this seems really simple. I'd appreciate responses.

  2. #2
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,175
    Thank Post
    47
    Thanked 152 Times in 133 Posts
    Rep Power
    46
    We allow personal devices but they are fully audited for firewall / AV / etc before being allowed on the network. No one but IT know the encryption key.

    We also get staff to sign a disclaimer waiving any damage to the device and they are held accountable for any network breaches via their device.

  3. Thanks to fairm010 from:

    kerryturner (13th June 2014)

  4. #3
    hardtailstar's Avatar
    Join Date
    Apr 2012
    Posts
    1,796
    Thank Post
    547
    Thanked 238 Times in 209 Posts
    Rep Power
    58
    I dont allow it.

    Purely because they get given a laptop for School work

  5. Thanks to hardtailstar from:

    kerryturner (13th June 2014)

  6. #4

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Much appreciated! This sounds like a simple solution. I found another thread about this - once I'd posted this and the AUP seems to be important too. It was the emails on phones thing which had me worried.

  7. #5

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Fair point! Thank you. I think its more the phones/iPads which I'm concerned about. We also have assistants who are often in on a short turn around and they aren't issued with laptops.

  8. #6
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,175
    Thank Post
    47
    Thanked 152 Times in 133 Posts
    Rep Power
    46
    We offer RDS / HAP+ so that even those without school hardware can work remotely. We allow school email on phones ONLY if they consent to having the Meraki app installed so that in the event of loss we can wipe.

  9. Thanks to fairm010 from:

    speckytecky (13th June 2014)

  10. #7

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by fairm010 View Post
    We offer RDS / HAP+ so that even those without school hardware can work remotely. We allow school email on phones ONLY if they consent to having the Meraki app installed so that in the event of loss we can wipe.
    Thanks again!

  11. #8

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,392
    Thank Post
    600
    Thanked 2,168 Times in 992 Posts
    Blog Entries
    23
    Rep Power
    629
    Quote Originally Posted by kerryturner View Post
    My apologies if this has already been posted and answered elsewhere on here. I trawled the forums and struggled to find anything. Essentially, more and more staff are wanting to use their personal devices on the school network. It stands to reason that if tablets and phones can connect to a filtered wireless connection, so could laptops. This then leads to staff being able to type in a file path to their network documents, bringing about a potential risk. Should I be less worried about IOS devices and more concerned about Android/others?

    What do others do about foreign devices on their networks? Has anyone set up a Sophos UTM? Perhaps we should be looking at a VDI solution? (Sounds expensive.)

    Also, school email access on personal phones, iPads? Seems a bit of a data protection risk if the device can't be wiped if lost, stolen or sold on? Or am I over thinking this?

    Sorry if all of this seems really simple. I'd appreciate responses.
    The technical term is Bring Your own Device or BYOD as it's more commonly known. If you search for that you will find a lot more topics on this especially in the Wireless and Netbooks, PDA and Phones forum.

  12. #9

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Dos_Box View Post
    The technical term is Bring Your own Device or BYOD as it's more commonly known. If you search for that you will find a lot more topics on this especially in the Wireless and Netbooks, PDA and Phones forum.
    Thanks. Will look - had always thought BYOD referred to student devices not staff, but it makes sense to look there too.

  13. #10

    HarryMonkey's Avatar
    Join Date
    Mar 2007
    Location
    Bedford
    Posts
    1,128
    Thank Post
    55
    Thanked 217 Times in 164 Posts
    Rep Power
    173
    Staff are allowed to put their own devices on using the BYOD network. It gives filtered access to the Internet as well as any apps that they have installed. If they decide to pick up their email from the Exchange server then they are required to put a pin lock on their device. It's mainly tablets and phones, very few bring laptops in as all staff are issued with a school laptop.

  14. #11
    RobD's Avatar
    Join Date
    Mar 2007
    Posts
    110
    Thank Post
    0
    Thanked 8 Times in 8 Posts
    Rep Power
    17
    We allow personal devices on the wifi but apply a load of ACL's so they can only get to the internet on port 80 and 443. They also have to authenticate against our proxy!

  15. #12
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    798
    Thank Post
    84
    Thanked 173 Times in 142 Posts
    Rep Power
    65
    Hi @kerryturner.

    You're asking all the right questions. Some can be answered using technology, other risks mitigated through policy. Some risks will remain but might be outweighed by advantages.

    If you are going to put BYOD devices on your network you are best off separating these devices from your normal network. Your smoothwall can definitely help here, but you'll need to consider the capabilities of your switches and your wireless network here too. Generally I'd advise putting these devices in another VLAN. Adding a suitable access list to the vlan will help keep these devices from accessing your server too.

    If you're worried about your server security though, this is something you need to look into anyway... If a teacher brought in their laptop now and unplugged their classroom PC, they'd potentially have the same network access and administrator rights on their machine. In places where this happens regularly, a well managed BYOD scheme can help improve security!

    Some schools have gone down the VDI route - I think it depends on what you want your users to access and where the curriculum is heading. Much of our curriculum is heading towards web technology. We're trying to be device agnostic in our BYOD scheme, so everything can be served through the browser. It's cheaper generally too!

    School email on phones/tablets should really be covered under policies. I think it would be obstructive to disallow it, but you should be putting safeguards in place - devices must be pin protected, loss must be reported etc. You could put a restriction on how much mail can be cached, to reduce the data loss risk.

    A further note I'd add is around your core infrastructure and your internet connection. Is it up to the job of another 30-50-100-1000 devices jumping on it?

    I've blogged a bit about BYOD on my site. Feel free to have a look.

  16. #13

    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    15
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by IrritableTech View Post
    Hi @kerryturner.


    I've blogged a bit about BYOD on my site. Feel free to have a look.
    Thanks for all of these replies. IrritableTech - I follow you on twitter, so I'll take another look at your blog. (@4goggas)

  17. #14

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    separate wireless network on VLan with no route to the main network, IP provided by firewall. Every device registered for MAC filtering, horrifically complex 26 digit hex key jealously guarded..

  18. #15
    DrPerceptron's Avatar
    Join Date
    Dec 2008
    Location
    In a house
    Posts
    922
    Thank Post
    34
    Thanked 134 Times in 114 Posts
    Rep Power
    41
    If you're thinking about allowing staff laptops etc onto your network - have a think about: Network Policy and Access Services

    You can then look at making sure that stuff connected to your network has at least working anti-virus, firewalls and a minimum windows update level etc.
    Last edited by DrPerceptron; 13th June 2014 at 12:22 PM.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 19
    Last Post: 28th February 2013, 04:27 PM
  2. Legality of using book cover images on schools website
    By round2it in forum How do you do....it?
    Replies: 2
    Last Post: 15th November 2011, 04:09 PM
  3. Supporting public devices on school wireless network?
    By Dale_Mahalko in forum Wireless Networks
    Replies: 15
    Last Post: 25th October 2011, 09:58 PM
  4. notification of new device on network
    By RabbieBurns in forum Wireless Networks
    Replies: 13
    Last Post: 17th February 2011, 01:08 PM
  5. use of pupil images on website
    By adamyoung in forum School ICT Policies
    Replies: 4
    Last Post: 17th October 2005, 11:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •