Allowing students to connect their own smartphones, tablets and laptops to the school wireless network is becoming commonplace across secondary and tertiary education.
This is also relevant to boarding schools who have a need to provide recreational internet access out of school hours. Students’ own devices still need to be authenticated and filtered – so that we know who is using which device and appropriate filtering can be applied.
A combination of two key technologies within Smoothwall Filter make this possible – transparent filtering and 802.1x BYOD authentication
How this works
Transparent filtering has only a minimal configuration requirement on each device to speak to the filter – all network traffic that passes across the Smoothwall Filter is automatically filtered, and after installation of the HTTPS filtering certificate the secure traffic can be inspected.
802.1x BYOD authentication is an advanced form of network-level authentication. It is possible with Smoothwall Filter to implement authentication like a hotel or conference Wi-Fi – where the user’s details are input to a web page when they connect to the wireless.
However, having to frequently re-enter credentials can be frustrating for users who connect daily to the network.
802.1x on Smoothwall Filter works in combination with an enterprise wireless network to authenticate the user when they connect (often using WPA2-Enterprise security) and store these credentials on the device.
The device will then automatically reconnect to the wireless when in range and provide the credentials without any action needed by the user.
Authentication and filtering on student’s own devices
Step 1 – Student connects to the wireless network.
Step 2 – Wireless network sends back authentication request and client provides user-name/password.
Step 3– Wireless network validates credentials with a directory service (e.g. Active Directory) using the RADIUS protocol and receives an acceptance message from the directory server indicating the credentials are correct.
Step 4 – The wireless access point allows the device to connect to the network, an IP address is assigned to the device, and Smoothwall is informed of this new connection.
Step 5– As the user browses the internet, traffic traverses the Smoothwall Filter and the filter knows which filtering policies to apply and with whom to associate the traffic based on the IP address equalling a specific user-name.
Step 6– Periodically, the wireless network automatically sends an update to the filter, to let it know that the user is still connected.
Step 7 – When the user disconnects, the wireless network sends a stop message to the filter, so that it knows to no longer associate that IP address with the student.
If you have a question or would like to learn more about the UK’s No.1 Web Filter, please get in touch. We’d be delighted to help.
Further reading
You may also be interested in other articles from our ‘Filtering Imperatives’ series.