I've been asked to investigate the possibility of allowing students to use their own portable devices in school...
The idea has been pitched as the teacher says 'right kids get your browser out'.....they connect to the schools wireless network ( which we don't yet have) and access the Internet on whatever they take out of their bag or pocket...school laptops being available to those who don't have anything....
I can't see how we would be able to log which sites they have visited.....as they won't be 'logging' in via AD....
The school Internet feed is obviously filtered so they should nt be able to get to anything that nasty...and it could be argued that the teachers should be keeping the kids on task, so that it would nt be necessary to log everything....
Wondered how other schools tackle this issue?
tom_newton (23rd January 2012)
So with this we can direct the wireless traffic to the Internet via a logon screen linked to AD?
Would it matter which wireless solution we end up going for?
Are there any better ones which would work for the above scenario?
Yep, we're using Smoothwall with the SSL Login page authentication option for our student guest network. They login using their AD credentials and then they get their normal filter level depending if they're 6th form or yr7-11 etc as they would when they log onto one of the school computers.
And of course all the usual logging is done in case we need to check up on anything later.
I would advise paying attention to whether your wired network and broadband can cope with the projected number of machines (as well as whether the wireless solution is scalable).
Thanks guys, all the Smoothwall information presented here is correct as far as I see it We are working to integrate even more closely with various wireless providers, and to offer more options for login - but certainly right now the login page can be presented to wireless users so their accesses are logged against AD username.
It is worth mentioning though, that by 'browsers' we assume you mean 'personal laptops' as Android devices and IPads are a whole different kettle of fish. IPad browsers currently do support SSL Login, so SSL Login would be ideal for laptops and ipads, but android devices do not support the keep-alive connection within multiple browser windows that is needed for the SSL login page to work and iPad apps will only work if they are proxy-aware. There are other ways to get around this, but Android devices in particular are a bit of a spanner in the works at the moment - at least until Ice Cream Sandwich (and honeycomb for tablets).
It is also worth making you aware that if you set up a transparent SSL Login authentication method, the client machines will need to be using the Smoothwall as their default gateway and they must leave the login page open once they have logged in and browse via different tabs or a new browser window so some minor user training will be needed.
As Tom mentioned, there are lots of exciting things going on in the Smoothwall development office surrounding authentication methods, Android devices and iPads etc so watch this space, so to speak.
I would be interested to know if Smoothwall can prevent access to the network if a student unplugs a school device(wired) and plugs their own device in?
Switch port access set to MAC of the school machine attached and set to shut down on violation would take care of that. Since only outbound traffic hits the smoothwall, if they're trying to attack your servers, then the smoothwall is helpless, and that's where the switch security comes in. If they're unplugging school systems to plug in their own and browse, then yes, transparent proxying will catch the little blighters out
Packetfence is free and designed for this sort of thing
PacketFence: Open Source NAC (Network Access Control)
Another here for the SSL login via Smoothwall.
Been using it here for a while and works well - not that we have any time to actively check the logs, but the option is there if we ever need to.
There are currently 1 users browsing this thread. (0 members and 1 guests)