+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
General Chat Thread, Personal laptops in school - good idea? in General; There are several threads on this topic but I wonder if I could ask 2 questions to tie these together? ...
  1. #1

    Join Date
    Mar 2006
    Location
    Chelmsford
    Posts
    115
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    19

    Personal laptops in school - good idea?

    There are several threads on this topic but I wonder if I could ask 2 questions to tie these together?

    1. Why should teachers and students NOT use their personal laptops at school?
    ( I wouid like as many reasons as possible please)

    2. If they should be allowed, how should the network be configured? (here I need some ideas of cost and suppliers/installers of hardware, software, VLANs, managed wifi, switches, etc.)

    Many thanks.

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,989
    Thank Post
    1,852
    Thanked 2,298 Times in 1,697 Posts
    Rep Power
    819
    They can have them in school, BUT they must PAT tested in line with our H&S policy.

    They may not be connected to the network as we have no control over viruses etc on the machines.

  3. #3
    ChrisC's Avatar
    Join Date
    Mar 2006
    Location
    Dorset
    Posts
    767
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    19
    Seriously Security is a really big reason not to, as you don't have them set on the same security policy so they aren't locked down and virus protection may be weak.

    You can solve all this as long as your support team has enough time, but if like us, you're pretty much flat out 99.9% of the time, then it becomes rather unmanagable.

    Chris

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,813
    Thank Post
    110
    Thanked 586 Times in 507 Posts
    Blog Entries
    1
    Rep Power
    225
    You can also solve the problem in an automated fashion with a NAC box.

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    The problem with using a NAC box is that all the teachers and students laptops will need a CAL to access the network which is often forgotten. I'd be tempted to say NO as you can't rely on student PC's to be upto date on AV and patches and judging by most i've come accross will almost certainly be infested with spyware. You could VLAN them to give them internet access only but that's as far as i would go.

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,813
    Thank Post
    110
    Thanked 586 Times in 507 Posts
    Blog Entries
    1
    Rep Power
    225
    Nope, they only get Internet here if they connect and the NAC doesn't hate them. You only need CALs if you let them connect to the domain.

    Our NAC box will OS fingerprint them when they connect, audit their machine with Nessus when they authenticate and then passively monitor them with snort. If they should incur it's wrath at any point during this process, they get arp poisoned and their mac address is blacklisted in the NAC database.

  7. #7
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,490
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Aside from virus, don't forget whatever lovely hacking or packet capturing programs they little darlings might have installed, too.

    We are considering ways in which Sixth Formers could hook up to a wireless VLAN allowing them Starbucks-style Internet access, but that is as close to our network as a private computer is ever going to get. We have full SLT-backing for our policy of saying no to any non-school equipment going on our network; no ifs, no buts, no exception. We have had a few high profile sacrificial lambs to drive this point home, too!

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,813
    Thank Post
    110
    Thanked 586 Times in 507 Posts
    Blog Entries
    1
    Rep Power
    225
    Aside from virus, don't forget whatever lovely hacking or packet capturing programs they little darlings might have installed, too.
    Again this will piss off snort here. Thus leaving them lacking a network connection.

  9. #9
    PEO
    PEO is online now
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,096
    Thank Post
    457
    Thanked 152 Times in 96 Posts
    Rep Power
    72
    Quote Originally Posted by Geoff View Post
    Nope, they only get Internet here if they connect and the NAC doesn't hate them. You only need CALs if you let them connect to the domain.

    Our NAC box will OS fingerprint them when they connect, audit their machine with Nessus when they authenticate and then passively monitor them with snort. If they should incur it's wrath at any point during this process, they get arp poisoned and their mac address is blacklisted in the NAC database.

    what software are you using for your NAC box?

  10. #10
    flyinghaggis's Avatar
    Join Date
    Jan 2006
    Posts
    1,048
    Thank Post
    105
    Thanked 76 Times in 59 Posts
    Rep Power
    116
    There's also no way to audit what software is installed on a computer and whether the licence covers you to use that software for teaching. For example what happens if a teacher brings in laptop loaded with software that it loaded with programs that are only licences for 'home/non-public' use and then runs them for pupils to use/see?
    Then there's the issue of what happens if a teacher brings in a laptop full of personal/illegal material and copies it onto a network share. Also what happens if another user(staff or pupil) browse's onto their laptop or hacks it when they're on your network and steals that users personal files/data?
    Tech support could also be a massive drain on resourses. How can you be expected to troubleshoot problems and make things work when you have hundreds of computers with different OS's, software and hardware configurations all of which you have no control over whatsoever?

    It's one thing if it's a locked down laptop provided to the staff by the school specifically for school-use but as far as Im concerned there are far too many issues to allow even staff to bring in their own computers into school and onto the network. And don't even think about the possibility of letting pupils bring in their own PCs!
    Last edited by flyinghaggis; 4th March 2008 at 02:59 PM.

  11. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,141
    Thank Post
    522
    Thanked 2,550 Times in 1,979 Posts
    Blog Entries
    24
    Rep Power
    877
    We have a 'no non-school owned equipment in school' policy here. This is due to the following:

    1. Insurance - if the item is damaged, stolen etc... whilst on the premises, it is not covered by our insurance and we don't want the hassle.
    2. Security - by allowing computers into school they could be using them to attempt to connect to the network, which is not allowed due to them not having a fully audited machine.
    3. Security - allowing them access to the network introduces an aspect of risk. Regardless of security features in place, you could still end up with an infected network.

  12. #12

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,048
    Thank Post
    226
    Thanked 63 Times in 56 Posts
    Rep Power
    30
    Well being a boarding school we have 3 boarding house's full of students laptops and also have a 6th form center kitted out with points at every desk. Always looking at ways to improve our network bandwidth as they often max things out.

  13. #13
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Hmm, the PAT testing thing. How do you know the charger is rated for the battery etc?

    <I can do the whole smug 802.1x / MAC already implemented site wide thing here>. Also locked down with ACLs even after you get in. Windows 2008 NAP will be online and testing soon. Also got a procurve managed wireless mod on the way for my zl

  14. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,813
    Thank Post
    110
    Thanked 586 Times in 507 Posts
    Blog Entries
    1
    Rep Power
    225
    Quote Originally Posted by MrHappy View Post
    what software are you using for your NAC box?
    Packetfence.

  15. #15
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    Well there's been a lot of good points mentioned already. There are issues regarding PAT testing (but if the laptop isn't been plugged into the mains then there's the way around that). Antivirus issues. There's no way for you to ensure that "foreign equipment" (as in not your school's kit) is up to date on the current definitions. Security policies. Kids'll install all sorts of crap and play around when they're meant to be doing work etc.

    I'd like to implement a secure method of access for students and staff for their own machines to gain network access. This would probably centre around a VMPS, a captive portal, a liability waver (Ts&Cs), some cisco APs etc etc. For access to network shares the remote access system for home access would probably be used.

    </dreams>

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. good idea [mobile phone - ICE]
    By russdev in forum General Chat
    Replies: 7
    Last Post: 21st January 2008, 09:15 AM
  2. I love a good idea!
    By laserblazer in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 20th January 2008, 05:28 PM
  3. vista for school laptops
    By david12345 in forum Windows Vista
    Replies: 8
    Last Post: 5th December 2007, 08:05 AM
  4. Asus Laptops - Any good?
    By tarquel in forum Hardware
    Replies: 5
    Last Post: 18th May 2007, 02:47 PM
  5. Replies: 10
    Last Post: 1st February 2006, 01:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •