+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
General Chat Thread, Personal laptops in school - good idea? in General; There are several threads on this topic but I wonder if I could ask 2 questions to tie these together? ...
  1. #1

    Join Date
    Mar 2006
    Location
    Chelmsford
    Posts
    115
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    19

    Personal laptops in school - good idea?

    There are several threads on this topic but I wonder if I could ask 2 questions to tie these together?

    1. Why should teachers and students NOT use their personal laptops at school?
    ( I wouid like as many reasons as possible please)

    2. If they should be allowed, how should the network be configured? (here I need some ideas of cost and suppliers/installers of hardware, software, VLANs, managed wifi, switches, etc.)

    Many thanks.

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,787
    Thank Post
    1,789
    Thanked 2,180 Times in 1,615 Posts
    Rep Power
    771
    They can have them in school, BUT they must PAT tested in line with our H&S policy.

    They may not be connected to the network as we have no control over viruses etc on the machines.

  3. #3
    ChrisC's Avatar
    Join Date
    Mar 2006
    Location
    Dorset
    Posts
    767
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    19
    Seriously Security is a really big reason not to, as you don't have them set on the same security policy so they aren't locked down and virus protection may be weak.

    You can solve all this as long as your support team has enough time, but if like us, you're pretty much flat out 99.9% of the time, then it becomes rather unmanagable.

    Chris

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You can also solve the problem in an automated fashion with a NAC box.

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    The problem with using a NAC box is that all the teachers and students laptops will need a CAL to access the network which is often forgotten. I'd be tempted to say NO as you can't rely on student PC's to be upto date on AV and patches and judging by most i've come accross will almost certainly be infested with spyware. You could VLAN them to give them internet access only but that's as far as i would go.

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Nope, they only get Internet here if they connect and the NAC doesn't hate them. You only need CALs if you let them connect to the domain.

    Our NAC box will OS fingerprint them when they connect, audit their machine with Nessus when they authenticate and then passively monitor them with snort. If they should incur it's wrath at any point during this process, they get arp poisoned and their mac address is blacklisted in the NAC database.

  7. #7
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Aside from virus, don't forget whatever lovely hacking or packet capturing programs they little darlings might have installed, too.

    We are considering ways in which Sixth Formers could hook up to a wireless VLAN allowing them Starbucks-style Internet access, but that is as close to our network as a private computer is ever going to get. We have full SLT-backing for our policy of saying no to any non-school equipment going on our network; no ifs, no buts, no exception. We have had a few high profile sacrificial lambs to drive this point home, too!

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Aside from virus, don't forget whatever lovely hacking or packet capturing programs they little darlings might have installed, too.
    Again this will piss off snort here. Thus leaving them lacking a network connection.

  9. #9
    PEO
    PEO is offline
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,093
    Thank Post
    457
    Thanked 150 Times in 95 Posts
    Rep Power
    71
    Quote Originally Posted by Geoff View Post
    Nope, they only get Internet here if they connect and the NAC doesn't hate them. You only need CALs if you let them connect to the domain.

    Our NAC box will OS fingerprint them when they connect, audit their machine with Nessus when they authenticate and then passively monitor them with snort. If they should incur it's wrath at any point during this process, they get arp poisoned and their mac address is blacklisted in the NAC database.

    what software are you using for your NAC box?

  10. #10
    flyinghaggis's Avatar
    Join Date
    Jan 2006
    Posts
    1,003
    Thank Post
    100
    Thanked 74 Times in 58 Posts
    Rep Power
    115
    There's also no way to audit what software is installed on a computer and whether the licence covers you to use that software for teaching. For example what happens if a teacher brings in laptop loaded with software that it loaded with programs that are only licences for 'home/non-public' use and then runs them for pupils to use/see?
    Then there's the issue of what happens if a teacher brings in a laptop full of personal/illegal material and copies it onto a network share. Also what happens if another user(staff or pupil) browse's onto their laptop or hacks it when they're on your network and steals that users personal files/data?
    Tech support could also be a massive drain on resourses. How can you be expected to troubleshoot problems and make things work when you have hundreds of computers with different OS's, software and hardware configurations all of which you have no control over whatsoever?

    It's one thing if it's a locked down laptop provided to the staff by the school specifically for school-use but as far as Im concerned there are far too many issues to allow even staff to bring in their own computers into school and onto the network. And don't even think about the possibility of letting pupils bring in their own PCs!
    Last edited by flyinghaggis; 4th March 2008 at 02:59 PM.

  11. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    We have a 'no non-school owned equipment in school' policy here. This is due to the following:

    1. Insurance - if the item is damaged, stolen etc... whilst on the premises, it is not covered by our insurance and we don't want the hassle.
    2. Security - by allowing computers into school they could be using them to attempt to connect to the network, which is not allowed due to them not having a fully audited machine.
    3. Security - allowing them access to the network introduces an aspect of risk. Regardless of security features in place, you could still end up with an infected network.

  12. #12

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,042
    Thank Post
    226
    Thanked 63 Times in 56 Posts
    Rep Power
    30
    Well being a boarding school we have 3 boarding house's full of students laptops and also have a 6th form center kitted out with points at every desk. Always looking at ways to improve our network bandwidth as they often max things out.

  13. #13
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,450
    Thank Post
    10
    Thanked 493 Times in 433 Posts
    Rep Power
    111
    Hmm, the PAT testing thing. How do you know the charger is rated for the battery etc?

    . Also locked down with ACLs even after you get in. Windows 2008 NAP will be online and testing soon. Also got a procurve managed wireless mod on the way for my zl

  14. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by MrHappy View Post
    what software are you using for your NAC box?
    Packetfence.

  15. #15
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    Well there's been a lot of good points mentioned already. There are issues regarding PAT testing (but if the laptop isn't been plugged into the mains then there's the way around that). Antivirus issues. There's no way for you to ensure that "foreign equipment" (as in not your school's kit) is up to date on the current definitions. Security policies. Kids'll install all sorts of crap and play around when they're meant to be doing work etc.

    I'd like to implement a secure method of access for students and staff for their own machines to gain network access. This would probably centre around a VMPS, a captive portal, a liability waver (Ts&Cs), some cisco APs etc etc. For access to network shares the remote access system for home access would probably be used.


SHARE:

Similar Threads

  1. good idea [mobile phone - ICE]
    By russdev in forum General Chat
    Replies: 7
    Last Post: 21st January 2008, 09:15 AM
  2. I love a good idea!
    By laserblazer in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 20th January 2008, 05:28 PM
  3. vista for school laptops
    By david12345 in forum Windows Vista
    Replies: 8
    Last Post: 5th December 2007, 08:05 AM
  4. Asus Laptops - Any good?
    By tarquel in forum Hardware
    Replies: 5
    Last Post: 18th May 2007, 02:47 PM
  5. Replies: 10
    Last Post: 1st February 2006, 01:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •