Wireless Networks Thread, Wireless keys - students passing it on in Technical; I am in the position where school policy denotes that all KS5 students can bring their own wireless devices into ...
4th October 2010, 05:16 PM #1
- Rep Power
Wireless keys - students passing it on
I am in the position where school policy denotes that all KS5 students can bring their own wireless devices into school and connect to the internet (as part of their studies is very much debatable!)
What i have tried to do, to ensure that only KS5 students were on the system was to get them to come down to ICT Support get the key put in and the details of the device noted on a spreadsheet eg. user / mac address etc
Have reached a point where i feel its all futile - Windows 7 allows you to see what the key is by simply ticking a box; sites like Nirsoft allow you to download software to a laptop and pick out the keys from the registry. Whichever way, having given the key to only 9 students this term, you look at the DHCP and theres 35 devices!! Its fairly obvious whats going on!
Whats the solution here - shall i just admit defeat?
IDG Tech News
4th October 2010, 05:20 PM #2
The only sensible solutions are:
- withdraw access
- enforce MAC filtering on your access points, but this is trivial to bypass
- implement a proper RADIUS setup, but students sharing their account details pose the same problem
4th October 2010, 05:22 PM #3
but if something bad happens you can trace it to a user and say "you did this" If they then say "no, but person X knows my password" then you can still get the culprit (and deal with the original user for passing on their details)
Originally Posted by powdarrmonkey
4th October 2010, 05:30 PM #4
I'd point out to management that you can demonstrate wide spread abuse is taking place and that you'd like to withdraw wireless access for students.
It probably won't work, but it's worth a shot. Maybe point out there's a safeguarding issue since you can't monitor the internet usage of younger students.
How do you have the wireless setup, is there a separate vLan and SSID for students?
4th October 2010, 05:35 PM #5
yeah just let them all on but don't give out the key freely.
4th October 2010, 05:36 PM #6
I'd go with the above, stick it in their own VLAN and SSID then route through a more stringent filter, well at least pass these logs on the 6th form head
5th October 2010, 11:44 AM #7
* [If your using Server '08] Have a look at Network Access Protection (XP SP3 and up don't need the client to be installed on the end client!) and have it check for system health (virus/update status) and block them off if not
* Then do some MAC filtering (Easily bypassed but some security
* RADIUS based network auth (which is linked to their AD accounts) compared to your current PSK (Pre shared key)
* Seperate VLAN or Subnet setup that only gives them access to the web (a separate more filtered box) and possibly printing services
5th October 2010, 11:59 AM #8
We use the Radius authentication method against their AD account.
Each user when joining school abides by the User Access Policy - this states that if you share out your details, in this case it would be their user name and password, in order for another student can gain access to the WIFI both students will be disciplined.
This has worked well.
By jreimer in forum Windows
Last Post: 15th November 2013, 09:05 PM
By Bruce123 in forum Wireless Networks
Last Post: 3rd October 2010, 08:15 PM
By cookie_monster in forum Scripts
Last Post: 6th November 2009, 09:57 AM
By NickDay85 in forum How do you do....it?
Last Post: 14th October 2009, 11:29 PM
By farquea in forum Windows
Last Post: 15th July 2009, 03:24 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)