I work at an independent boarding school so internet filtering here is quite complex. We keep all pupils away from web based email sites during their school day. Out of hours we allow those over 13 years old to access web based email sites and social networking sits.
Trying to recreate something like this on a guest wireless network proving difficult for us due to how personal devices vary in how they can work with proxy servers.
Not sure if a guest wireless network using a transparent proxy with no auth giving all connected users KS3 filtering would actually be used, they would probably just turn on their 3G connections :getmecoat:
(Plus, they can connect to the web that way whether you offer a wireless provision or not. If anything, offering something should reduce the numbers using mobile tethering etc.)
Can they do this without knowing administrator credentials? I have tried on a student login, both trying to show the key and copying the wireless profile to memory stick require admin credentials.
Of course the allowing of student wireless devices opens a whole bunch of filtering, distraction, technical issues and access to unwanted sites and think there must be an SMT decision on this with all these points raised with any cost to infrastructure support.
Some Wireless solutions can produce a shared key per user per device, once the key has been put into a device that key can't be used again.
Ruckus calls a it a Dynamic Pre-Shared key, AeroHive calls it a Private Pre-Shared key - I dont know of any other Wi-Fi solutions that offer this feature!
the reason we let them use their laptops at school is as a learning device.
so they can google, they can read wikipedia, they can access learning resources etc.
I have whitelisted a couple of SSL sites namely our MIS and Live@edu which is achieved by IP based ACL
You need a better firewall \ filter for BYOD really, so much stuff can tunnel through 80 \ 443 now an application-aware firewall is a must imo...
@tom_newton I'm sure that I have the right filter in that case :D It's a shame it depends on the device being used though.