LinkBack URL
About LinkBacksKey Stage 3 (KS3) are filtered more strongly than Key Stage 5 (KS5 i.e. 6th form) here. As KS5 are voluntary students, it's up to them if they waste their time on Hotmail, as far as I'm concerned.Originally Posted by drewp
Key Stage 3 (KS3) are filtered more strongly than Key Stage 5 (KS5 i.e. 6th form) here. As KS5 are voluntary students, it's up to them if they waste their time on Hotmail, as far as I'm concerned.
drewp (24th November 2011)
@sonofsanta thanks!
I work at an independent boarding school so internet filtering here is quite complex. We keep all pupils away from web based email sites during their school day. Out of hours we allow those over 13 years old to access web based email sites and social networking sits.
Trying to recreate something like this on a guest wireless network proving difficult for us due to how personal devices vary in how they can work with proxy servers.
Not sure if a guest wireless network using a transparent proxy with no auth giving all connected users KS3 filtering would actually be used, they would probably just turn on their 3G connections
Last edited by drewp; 24th November 2011 at 12:46 PM.
That's where "100 year old building out in the sticks" actually works out for me for once - to get 3G signal here I have to go and stand on the playing field over the road, so given the choice between unfiltered-GPRS-web and filtered-fibre-optic-web I reckon that unfiltered 3G connections isn't a worryNot sure if a guest wireless network using a transparent proxy with no auth giving all connected users KS3 filtering would actually be used, they would probably just turn on their G3 connections
(Plus, they can connect to the web that way whether you offer a wireless provision or not. If anything, offering something should reduce the numbers using mobile tethering etc.)
Apologise for being off subject.
Can they do this without knowing administrator credentials? I have tried on a student login, both trying to show the key and copying the wireless profile to memory stick require admin credentials.
Of course the allowing of student wireless devices opens a whole bunch of filtering, distraction, technical issues and access to unwanted sites and think there must be an SMT decision on this with all these points raised with any cost to infrastructure support.
Last edited by Davit2005; 24th November 2011 at 11:34 AM.
if they are bringing their own devices they are going to be admins of their own machines.
Some Wireless solutions can produce a shared key per user per device, once the key has been put into a device that key can't be used again.
Ruckus calls a it a Dynamic Pre-Shared key, AeroHive calls it a Private Pre-Shared key - I dont know of any other Wi-Fi solutions that offer this feature!
I accept that https traffic would have to be blocked if using a transparent proxy as it can’t be filtered, but how usable is the internet without it?
the reason we let them use their laptops at school is as a learning device.
so they can google, they can read wikipedia, they can access learning resources etc.
I have whitelisted a couple of SSL sites namely our MIS and Live@edu which is achieved by IP based ACL
drewp (25th November 2011)
You need a better firewall \ filter for BYOD really, so much stuff can tunnel through 80 \ 443 now an application-aware firewall is a must imo...
It is possible to transparently filter https with the right filter. Sadly this relies on client side extensions not present in winXP, early IOS or pre-gingerbread android.
drewp (25th November 2011)
@tom_newton I'm sure that I have the right filter in that caseIt's a shame it depends on the device being used though.
SNI is the trick we use - basically the browser gives away where it is going, so you can domain filter (and MITM if you feel that way out), sadly its a fairly new extension, but support is there in all major tablets and laptops afaik@tom_newton I'm sure that I have the right filter in that case
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
