Lots of Devices, Lots of Security
- By Christine Beitenhaus
- December 1st, 2012
Wireless devices have opened up the traditional lecture environment, but they have also exposed some very open networks at schools. What security issues should a school consider when its campus is flooded with student devices?
Philip Wegner, president of SecurEdge Networks, a specialty IT solutions provider focused on wireless and data security, suggests schools ask a few questions first to address both wireless security and performance. “The way you build your security is going to affect performance,” he explains. “You’ve really go to rethink the entire network if you want to allow BYOD. You can’t just turn it on and say, ‘Okay, we’re going to allow it.’ You’ve got to do a lot of planning on the front end.” Here are some security questions to think about first:
- How will the school allow student devices to connect securely and keep students from accessing content on internal servers?
How will the school manage to bring all the devices online without touching each device or handing out a pre-shared key?
How will the school know who is doing what on the network?
There are three ways to address these questions. The first is directory accounts. Giving faculty, staff, administrators, and students separate directory accounts allows IT to see who is doing what on the network.
Role-based access control, which segments users via a firewall, means a professor can use her PC to log in and access the school server; a student logging in on an iPad will only get to use the Internet, keeping him off the internal servers.
Device registration should be an automated process. IT does not have the time or the manpower to go to each student to register their multiple devices. Users should be able to enter in their active directory credentials and register themselves.
Performance is another issue when every student has a device trying to connect to the college’s network. Wegner stresses the need for capacity planning. Suddenly adding a lecture hall full of devices to a single access point that used to serve five rooms will result in terrible performance and a frustrating experience for all involved.
“In higher ed, we actually, and this is from seven years of doing large-scale wireless deployments, we actually need to figure three to five wireless devices per college student. Because you’ve got a tablet, a PC, an iPhone, a gaming system, and something else. We’ve got some colleges that have 1,800 students and 400 access points,” Wegner adds. Coverage for multiple devices will require an increased number of access points.
Another point schools need to consider is wireless performance management — can the wireless system tell when someone is streaming media versus just surfing the web? Auto-adjusting to change power settings and channel settings is a must in order for the wireless system to work smoothly between the number of rooms in a building.
Load balancing is another performance issue. “If I’ve got a big auditorium with 100 people in it,” Wegner explains, “I might have four access points in there and the system has to be able to know if one AP is getting overwhelmed and move users to another AP.” Sharing users among all of the access points prevents sluggish WiFi when all the students in a lecture hall want to connect at once.
Thinking about security and performance when you’re looking at students using their own devices on campus allows for a holistic, more complete solution. “You really have to build your entire solution around what you’re trying to get at in the end game, and usually that’s four or five products integrated into one system,” Wegner concludes. Working with a goal in mind of how the process is going to work for faculty and students and walking back from that end-user experience will help ensure a secure but extremely useful wireless network.
To find read more about setting up a wireless network and data security, visit the SecurEdge IT Solutions Blog
and check out the BYOD tag