+ Post New Thread
Results 1 to 13 of 13
Internet Related/Filtering/Firewall Thread, Bring your own device? Do you log which sites are visited? in Technical; I've been asked to investigate the possibility of allowing students to use their own portable devices in school... The idea ...
  1. #1
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,316
    Thank Post
    83
    Thanked 47 Times in 33 Posts
    Rep Power
    31

    Bring your own device? Do you log which sites are visited?

    I've been asked to investigate the possibility of allowing students to use their own portable devices in school...

    The idea has been pitched as the teacher says 'right kids get your browser out'.....they connect to the schools wireless network ( which we don't yet have) and access the Internet on whatever they take out of their bag or pocket...school laptops being available to those who don't have anything....

    I can't see how we would be able to log which sites they have visited.....as they won't be 'logging' in via AD....

    The school Internet feed is obviously filtered so they should nt be able to get to anything that nasty...and it could be argued that the teachers should be keeping the kids on task, so that it would nt be necessary to log everything....

    Wondered how other schools tackle this issue?

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by kennysarmy View Post
    I can't see how we would be able to log which sites they have visited.....as they won't be 'logging' in via AD....
    Get them to log in to AD via the proxy is how we do it.
    Smoothwall is probably what you need here.

  3. Thanks to CyberNerd from:

    tom_newton (23rd January 2012)

  4. #3

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35
    Quote Originally Posted by CyberNerd View Post
    Get them to log in to AD via the proxy is how we do it.
    Smoothwall is probably what you need here.
    This is exactly what I'm proposing as the solution to the same problem where I work.

    Matt

  5. #4
    kennysarmy's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    1,316
    Thank Post
    83
    Thanked 47 Times in 33 Posts
    Rep Power
    31
    Quote Originally Posted by CyberNerd View Post
    Get them to log in to AD via the proxy is how we do it.
    Smoothwall is probably what you need here.
    We are thinking of moving from our RM smartcache to the smoothwall product....

    So with this we can direct the wireless traffic to the Internet via a logon screen linked to AD?

    Would it matter which wireless solution we end up going for?
    Are there any better ones which would work for the above scenario?

  6. #5

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    312
    Thank Post
    21
    Thanked 82 Times in 69 Posts
    Rep Power
    45
    Yep, we're using Smoothwall with the SSL Login page authentication option for our student guest network. They login using their AD credentials and then they get their normal filter level depending if they're 6th form or yr7-11 etc as they would when they log onto one of the school computers.

    And of course all the usual logging is done in case we need to check up on anything later.

  7. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by kennysarmy View Post
    So with this we can direct the wireless traffic to the Internet via a logon screen linked to AD?
    yes.

    Quote Originally Posted by kennysarmy View Post
    Would it matter which wireless solution we end up going for?
    Are there any better ones which would work for the above scenario?
    It should work with any wireless solution, essentially your just redirecting traffic to a proxy server.

    I would advise paying attention to whether your wired network and broadband can cope with the projected number of machines (as well as whether the wireless solution is scalable).

  8. 2 Thanks to CyberNerd:

    kennysarmy (23rd January 2012), tom_newton (23rd January 2012)

  9. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    Thanks guys, all the Smoothwall information presented here is correct as far as I see it We are working to integrate even more closely with various wireless providers, and to offer more options for login - but certainly right now the login page can be presented to wireless users so their accesses are logged against AD username.

  10. #8

    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,243
    Thank Post
    406
    Thanked 662 Times in 414 Posts
    Rep Power
    272
    It is worth mentioning though, that by 'browsers' we assume you mean 'personal laptops' as Android devices and IPads are a whole different kettle of fish. IPad browsers currently do support SSL Login, so SSL Login would be ideal for laptops and ipads, but android devices do not support the keep-alive connection within multiple browser windows that is needed for the SSL login page to work and iPad apps will only work if they are proxy-aware. There are other ways to get around this, but Android devices in particular are a bit of a spanner in the works at the moment - at least until Ice Cream Sandwich (and honeycomb for tablets).

    It is also worth making you aware that if you set up a transparent SSL Login authentication method, the client machines will need to be using the Smoothwall as their default gateway and they must leave the login page open once they have logged in and browse via different tabs or a new browser window so some minor user training will be needed.

    As Tom mentioned, there are lots of exciting things going on in the Smoothwall development office surrounding authentication methods, Android devices and iPads etc so watch this space, so to speak.

  11. #9

    Join Date
    Dec 2009
    Location
    london
    Posts
    108
    Thank Post
    31
    Thanked 9 Times in 8 Posts
    Rep Power
    11
    I would be interested to know if Smoothwall can prevent access to the network if a student unplugs a school device(wired) and plugs their own device in?

  12. #10
    DT2
    DT2 is offline
    DT2's Avatar
    Join Date
    May 2011
    Location
    Lakeville, Carleton County, New Brunswick
    Posts
    695
    Thank Post
    140
    Thanked 197 Times in 138 Posts
    Rep Power
    74
    Switch port access set to MAC of the school machine attached and set to shut down on violation would take care of that. Since only outbound traffic hits the smoothwall, if they're trying to attack your servers, then the smoothwall is helpless, and that's where the switch security comes in. If they're unplugging school systems to plug in their own and browse, then yes, transparent proxying will catch the little blighters out

    DT

  13. Thanks to DT2 from:

    10101010 (24th January 2012)

  14. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by 10101010 View Post
    I would be interested to know if Smoothwall can prevent access to the network if a student unplugs a school device(wired) and plugs their own device in?
    Other than securing your switches, you could also look at Network Access Control.
    Packetfence is free and designed for this sort of thing
    PacketFence: Open Source NAC (Network Access Control)

  15. Thanks to CyberNerd from:

    10101010 (24th January 2012)

  16. #12

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,238
    Thank Post
    375
    Thanked 381 Times in 339 Posts
    Rep Power
    148
    Another here for the SSL login via Smoothwall.

    Been using it here for a while and works well - not that we have any time to actively check the logs, but the option is there if we ever need to.

  17. #13
    kernewek-sam's Avatar
    Join Date
    Sep 2010
    Location
    UK
    Posts
    264
    Thank Post
    67
    Thanked 50 Times in 46 Posts
    Rep Power
    68
    Quote Originally Posted by CyberNerd View Post
    Get them to log in to AD via the proxy is how we do it.
    Smoothwall is probably what you need here.
    They log in to AD via proxy, but the LA provides filtering which includes logging.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 177
    Last Post: 7th July 2014, 12:56 PM
  2. Bring Your Own Computer (BYOC)
    By Grimley in forum Netbooks, PDA and Phones
    Replies: 30
    Last Post: 1st April 2011, 11:53 AM
  3. Students bringing their own devices in
    By stevenr in forum How do you do....it?
    Replies: 3
    Last Post: 23rd August 2010, 09:12 PM
  4. Replies: 5
    Last Post: 28th April 2008, 12:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •