With regards RBCs Schools have a responsibility to ensure that they do not compromise their RBC. This includes making sure that devices that are connected to their network are not a 'risk'. Whilst it is impossible to eliminate every risk there are certain things that can be done to minimise it.
Most RBCs / LAs will have a standard network build to help schools with this. The Technical and Functional Specification for IT Infrastructure from Becta also points out what that targets are (and yes ... there are caveats in there to say that your RBC / LA over-rule anything in these two documents!) and how to achieve them.
We can argue for ever about what mechanisms to protect your network and the WAN/MAN you are connected to, but we have seen good examples on here already with NAC, wireless security, locking down machines, etc.