+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, Pupil Access in Schools in Technical; OK first off let me say that I work for a boarding shcool and I am well aware that the ...
  1. #1

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,666
    Thank Post
    119
    Thanked 126 Times in 102 Posts
    Rep Power
    45

    Pupil Access in Schools

    OK first off let me say that I work for a boarding shcool and I am well aware that the answer the sensible answer to my question is "don't even think about" however pressing on...

    Does anyone allow students to connect their laptops to their network? Either Wirelessly or cabled? If so what have you done to secure it and prevent them from spending most of their time looking for adult material on the internet, spreading virus and generally being pains in the backside?

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    Use a seporate routed, filtered and restricted VLAN to isolate them and only give them access to filtered net and those services that you can provide securely, it is almost like setting the network up for external access. You lock them off the primary network with something like packetfence or MAC based dynamic VLANs if your switches support this and you are away.

  3. #3
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,887
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    59
    Personally I wouldnt allow the kids to connect there laptops, full stop!

    If it was a member of staff I would check it over first for virus, spyware etc etc

    Ian

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    When john used to work at a boarding school one of the little blights plugged in a wireless router. This gave everyone different IP address.

    se a seporate routed, filtered and restricted VLAN to isolate them and only give them access to filtered net and those services that you can provide securely, it is almost like setting the network up for external access. You lock them off the primary network with something like packetfence or MAC based dynamic VLANs if your switches support this and you are away.
    I would do all that put also in the DHCP give all laptops reserved IP's so you can trace back to a user more easier.

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    Quote Originally Posted by FN-GM View Post
    When john used to work at a boarding school one of the little blights plugged in a wireless router. This gave everyone different IP address.
    Thats where a combo of packetfence and dynamic VLANS come in, it is trivial to clone the MAC of an existing pc to get past this but it is an extra layer of protection that would probably have stopped this form of bypass.

    Implementing the NAP protection avalible in Server 2008 would also have rendered this pointless as they would not have been able to make contact with anything useful anyway.

  6. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,498
    Thank Post
    1,185
    Thanked 745 Times in 647 Posts
    Rep Power
    228
    Quote Originally Posted by Stuart_C View Post
    Does anyone allow students to connect their laptops to their network?
    Yes, anyone can wander in and use our network. I guess decent switches that can block unknown bits of hardware would be nice, but we can't afford those. I vaguely intend to get around to splitting the wireless network off onto its own separate VLAN at some point (although that wouldn't stop people simply plugging stuff into a wired port). We have a transparently filtered Internet connection, of course, and we secure our servers (er, I hope).

    --
    David Hicks

  7. #7


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,657
    Thank Post
    350
    Thanked 789 Times in 710 Posts
    Rep Power
    344
    We're similar to David here except our router will only allow access to the internet via the proxy so we're covered on that angle.

    A seperate vlan for wireless would be nice, and maybe for Christmas Santa'll give me it.

  8. #8

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,151
    Thank Post
    369
    Thanked 365 Times in 323 Posts
    Rep Power
    145
    Quote Originally Posted by SYNACK View Post
    Use a seporate routed, filtered and restricted VLAN to isolate them and only give them access to filtered net and those services that you can provide securely, it is almost like setting the network up for external access. You lock them off the primary network with something like packetfence or MAC based dynamic VLANs if your switches support this and you are away.
    We do pretty much that here. We freely give the WEP key out to all who want it and I think this way the plugging laptops directly into the network will be avoided.

  9. #9
    steve's Avatar
    Join Date
    Oct 2005
    Location
    West Yorkshire
    Posts
    1,040
    Thank Post
    22
    Thanked 175 Times in 121 Posts
    Rep Power
    51
    I'm currently working on this for our school.

    We've just updated our cisco wireless system. We can now have multiple SSIDs on any of our APs. Each SSID can have a different authentication method and will assign you to a pre defined VLAN.

    We have an SSID with no security, that puts the users onto a separate VLAN where our smoothwall box sits.

    When users attempt to access the internet it can be set to ask for a username / password or just an email address.

    It was an expensive upgrade but it now gives us a great deal of flexibility. We intend to provide SSIDs for our conference centre, fitness centre and for pupils / trainee teachers.

SHARE:
+ Post New Thread

Similar Threads

  1. Pupil Import
    By thom in forum ICT KS3 SATS Tests
    Replies: 9
    Last Post: 20th May 2009, 03:27 PM
  2. Pupil Questionnaire?
    By Butuz in forum How do you do....it?
    Replies: 5
    Last Post: 22nd April 2008, 10:13 AM
  3. Pupil Discipline
    By laserblazer in forum General Chat
    Replies: 33
    Last Post: 29th February 2008, 12:51 PM
  4. Netlinc Schools - Web access subtly broken?
    By pete in forum Wireless Networks
    Replies: 2
    Last Post: 1st February 2008, 01:46 PM
  5. Pupil Access to 'Previous Versions'
    By mortstar in forum Windows
    Replies: 4
    Last Post: 25th January 2008, 03:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •