Skip Navigational Links
LISTSERV email list manager
LISTSERV - LIST.UVM.EDU
LISTSERV Menu
Log In
Log In
LISTSERV 17.5 Help - SCHOOL-IT Archives
LISTSERV Archives
LISTSERV Archives
Search Archives
Search Archives
Register
Register
Log In
Log In

SCHOOL-IT Archives

School Information Technology Discussion

SCHOOL-IT@LIST.UVM.EDU
Menu
LISTSERV Archives LISTSERV Archives
SCHOOL-IT Home SCHOOL-IT Home
Log In Log In
Register Register
Subscribe or Unsubscribe Subscribe or Unsubscribe
Search Archives Search Archives
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: wireless password policies - guidance requested
From:
Bob Wickberg <[log in to unmask]>
Reply To:
School Information Technology Discussion <[log in to unmask]>
Date:
Fri, 4 Jan 2013 15:06:23 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (186 lines) 
Sometimes empowering learning means figuring out how to keep people who
want to use the network for non-educational uses uses off, to preserve
bandwidth for legitimate activities.     Peer to peer file sharing can
kill your bandwidth in a hurry if you don't put a stop to it somehow. 
Also, there are regulatory issues here.  If you get erate reimbursement
for your internet access, you're supposed to be able to tell USAC the
internet is only being used for educational purposes.  

When we had open access points, I could see huge utilization spikes on our
internet late at night, which coincided with reports I had from students
of people sitting outside the school at night and downloading stuff from
pirate bay.  We've gotten rid of the open access points, and also replaced
our firewall with one that eliminates that sort of activity, too.  Now
that open wifi is more common around town, and DSL much cheaper, people
probably aren't as tempted to do that as they were several years ago,
but.... 

Our access points support multiple SIDs with different encyption schemes
on each one, so there's a guest nework with a password I change
frequently, and WPA with enterprise authentication hitting IAS on our
windows servers for the folks, staff and students, who are here every day.
 So I only have to give the guest password to real guests, and it doesn't
spread like wildfire. 

Bob Wickberg
Technology Coordinator
Brattleboro Union High School District # 6
802-451-3418



School Information Technology Discussion <[log in to unmask]> writes:
>Thank you Craig!  Double Like!
>
>
>That is exactly what we are doing at MEMS.  We find it exciting that our
>users want to use technology  and love the challenge of supporting their
>ever expanding digital needs. 
>
>
>My job is to remove barriers and empower our learning community - Amanda
>
>
>
>
>
>
>
>
>
>Because of that we have an open wireless network.  People walk into the
>building and if their device is set to do so they connect transparently
>with no user intervention.
>
>
>
>On Fri, Jan 4, 2013 at 12:52 PM, Craig Lyndes <[ mailto:[log in to unmask]
>][log in to unmask]> wrote:
>
>
>
>Our goals are to have a technology rich educational environment and users
>(both staff and students) who are proficient using technology to learn.  
>
>We have momentum, people are using these new tools.  Frustrating them
>with barriers and insufficient resources steals this momentum and must be
>avoided.
>
>
>My job is to remove barriers and empower our learning community.
>
>
>Because of that we have an open wireless network.  People walk into the
>building and if their device is set to do so they connect transparently
>with no user intervention.
>
>
>We have a lot of wireless traffic.  My design target 3 years ago when I
>set up the system was to support 50 devices per room.  I'm now looking at
>an environment where that is routinely surpassed.  An access point in
>every room seems to be the next phase.
>
>
>Internet bandwidth is now our most mission critical technology.  Getting
>enough, and figuring out how to pay for it isn't easy, but not having
>enough is unacceptable.  
>
>
>Issues such as people using their Internet connection for non-educational
>purposes are best solved by educating people.  If you sidestep this
>opportunity by putting technological barriers in place you have given up
>a valuable teachable moment.
>
>
>
>Tech Talk -
>
>
>Open wireless networks do not have encryption.  So far all applications
>in our building that carry student identifiably information can be forced
>to use SSL.  It is my responsibility to be vigilant and maintain an
>environment where confidentiality is maintained without imposing
>obstacles on our users. 
>
>
>High density wireless networks present a problem.  Especially for devices
>that must use 2.4 Ghz because there are only 3 non-overlaping
>frequencies.  Before we can implement wireless that handles the densities
>I'm experiencing we will have to move the majority of the traffic to the
>5 Ghz frequencies.
>
>
>One must have a very solid wired infrastructure to support a high
>capacity wireless network.
>
>
>Having a direct route from the end user's device to the resource they are
>using (the Internet primarily) uses the expensive Internet bandwidth most
>efficiently.  Get rid of bottlenecks.  Using Open Dns for filtering keeps
>the number of devices handling packets to a minimum.  This works well
>when filters are viewed as a safety net to keep people from accidentally
>stumbling on inappropriate sites.
>
>
>I've got to get back to work!
>
>
>
>Craig Lyndes
>
>
>
>
>
>On Fri, Jan 4, 2013 at 8:03 AM, Ben Leslie <[ mailto:[log in to unmask]
>][log in to unmask]> wrote:
>
>I just setup a few APs throughout our elementary school and didn't want to
>deal with password sharing so I set the APs to use WPA-Enterprise
>authentication to authenticate with MS IAS (Internet Authentication
>Service)
>which requires active directory credentials.  When attempting to connect
>to
>the SSID, a username/password box appears and you enter your AD creds.
>MAC address filtering while effective, I find very cumbersome and would
>rather
>not deal with the management side of that.
>
>In Regards to students bringing in their own devices for WiFi use, I
>think that
>opens up another can of worms with MDM (mobile device management) and
>BYOD which requires their own set of policies beyond "passwords"
>
>Our Content filter still requires a second log in for non-windows devices
>so it's a
>little cumbersome but it works in the sense that I'm not sharing
>passwords and
>Internet content filtering still works based on teacher/student policies.
> I have
>not setup a guest network or account but if/when I do it will be severely
>limited with only access to the Internet and heavily filtered for only
>HTTP/s
>traffic.
>
>As far as proper bandwidth utilization (prioritization of traffic), QoS
>Protocols
>are really the only way to go, unless everyone abides by the written
>policy of
>no streaming this or that.  Content filters can also control who accesses
>what
>Internet material and when.
>
>Ben Leslie
>Technology Manager
>Battenkill Valley Supervisory Union
>
>
>
>
>
>
>
>
>-- 
>Amanda Bickford

ATOM RSS1 RSS2

LIST.UVM.EDU CataList Email List Search Powered by LISTSERV