Mar 01 2012

How to Secure a BYOD-Friendly Network

Virtualization, firewalls and other strategically used technologies can protect the school network from the threats student-owned devices might harbor.

The idea of opening the network to well-traveled student devices that could very well be infected with viruses, malware and scareware is a frightening proposition for most school administrators. But it doesn’t have to be.

Using virtualization along with internal and external firewalls, schools can cordon off a secure section of their WLAN, thereby ensuring that students never come in contact with any school databases or sensitive IT assets. At “bring your own device” (BYOD) schools, students generally authenticate through the district portal onto a virtualized LAN (VLAN) that’s been set up to handle student traffic. From there, they can go online, but their activities are monitored by a content filtering solution, which prevents them from accessing inappropriate content using school resources (as mandated by the Children’s Internet Protection Act).

Forsyth County (Ga.) Schools offered students a choice in how they access the school network. They can go through the official portal or they can also utilize an open, public Wi-Fi network that was built specifically for student-owned devices. The latter approach negates any need for student authentication, which school officials felt was too time-consuming.

Cloud technologies allow schools to provide students with traditionally internal functions such as printing, storage and e-mail, without exposing their internal resources to online hazards. When students at Brebeuf Jesuit Preparatory School in Indianapolis need to print something, the network routes them to Google Cloud Print. Deer Park (Texas) Independent School District, meanwhile, is creating digital “lockers” in which students can store their electronic documents and project materials.

Viruses are an obvious concern, given that most student devices face potential exposure whenever they connect with social networking, gaming and other high-risk sites. BYOD adopters acknowledge this reality and keep viruses out of the student tunnel by programming the firewall to do quick scans during the authentication process, by educating students about the need to stay up to date with their virus programs and by implementing stringent device registration processes. As long as the VLAN routes students through a hardened tunnel out to the web, schools say, viruses cannot threaten school resources.

For more guidance on BYOD programs in K–12 schools, download our white paper.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT