Wireless Networks Thread, Pupil Access in Schools in Technical; OK first off let me say that I work for a boarding shcool and I am well aware that the ...
9th October 2008, 04:09 PM #1
Pupil Access in Schools
OK first off let me say that I work for a boarding shcool and I am well aware that the answer the sensible answer to my question is "don't even think about" however pressing on...
Does anyone allow students to connect their laptops to their network? Either Wirelessly or cabled? If so what have you done to secure it and prevent them from spending most of their time looking for adult material on the internet, spreading virus and generally being pains in the backside?
9th October 2008, 04:15 PM #2
Use a seporate routed, filtered and restricted VLAN to isolate them and only give them access to filtered net and those services that you can provide securely, it is almost like setting the network up for external access. You lock them off the primary network with something like packetfence or MAC based dynamic VLANs if your switches support this and you are away.
9th October 2008, 04:15 PM #3
Personally I wouldnt allow the kids to connect there laptops, full stop!
If it was a member of staff I would check it over first for virus, spyware etc etc
9th October 2008, 04:29 PM #4
When john used to work at a boarding school one of the little blights plugged in a wireless router. This gave everyone different IP address.
I would do all that put also in the DHCP give all laptops reserved IP's so you can trace back to a user more easier.
se a seporate routed, filtered and restricted VLAN to isolate them and only give them access to filtered net and those services that you can provide securely, it is almost like setting the network up for external access. You lock them off the primary network with something like packetfence or MAC based dynamic VLANs if your switches support this and you are away.
9th October 2008, 04:41 PM #5
Thats where a combo of packetfence and dynamic VLANS come in, it is trivial to clone the MAC of an existing pc to get past this but it is an extra layer of protection that would probably have stopped this form of bypass.
Originally Posted by FN-GM
Implementing the NAP protection avalible in Server 2008 would also have rendered this pointless as they would not have been able to make contact with anything useful anyway.
9th October 2008, 06:18 PM #6
Yes, anyone can wander in and use our network. I guess decent switches that can block unknown bits of hardware would be nice, but we can't afford those. I vaguely intend to get around to splitting the wireless network off onto its own separate VLAN at some point (although that wouldn't stop people simply plugging stuff into a wired port). We have a transparently filtered Internet connection, of course, and we secure our servers (er, I hope).
Originally Posted by Stuart_C
9th October 2008, 06:20 PM #7
We're similar to David here except our router will only allow access to the internet via the proxy so we're covered on that angle.
A seperate vlan for wireless would be nice, and maybe for Christmas Santa'll give me it.
9th October 2008, 08:05 PM #8
We do pretty much that here. We freely give the WEP key out to all who want it and I think this way the plugging laptops directly into the network will be avoided.
Originally Posted by SYNACK
10th October 2008, 05:54 PM #9
I'm currently working on this for our school.
We've just updated our cisco wireless system. We can now have multiple SSIDs on any of our APs. Each SSID can have a different authentication method and will assign you to a pre defined VLAN.
We have an SSID with no security, that puts the users onto a separate VLAN where our smoothwall box sits.
When users attempt to access the internet it can be set to ask for a username / password or just an email address.
It was an expensive upgrade but it now gives us a great deal of flexibility. We intend to provide SSIDs for our conference centre, fitness centre and for pupils / trainee teachers.
By thom in forum ICT KS3 SATS Tests
Last Post: 20th May 2009, 03:27 PM
By Butuz in forum How do you do....it?
Last Post: 22nd April 2008, 10:13 AM
By laserblazer in forum General Chat
Last Post: 29th February 2008, 12:51 PM
By pete in forum Wireless Networks
Last Post: 1st February 2008, 01:46 PM
By mortstar in forum Windows
Last Post: 25th January 2008, 03:22 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)