Close this Advertisement

School Security

Flipping the Switch on Mobile Security

  • By Bridget McCrea
  • 08/11/09

East Grand Rapids Public Schools in Michigan has taken a novel approach to mobile computing, one that has required a novel approach to wireless security. The district encourages students to bring their own devices to school and use them in their classes.

"We felt that if a student could learn better working in front of a computer," said Jeff Crawford, manager of networking and security for East Grand Rapids Public Schools, "that he or she should be able to maximize that learning tool."

Of course, any time you allow students to use their own devices, you introduce "all sorts of variables" (such as computer viruses, for example) into the classroom setting, said Crawford. Originally, he said a school IT representative would sit down with every student for about 30 minutes to look at the device or laptop, set it up on the school's network, and discuss the security concerns and measures.

"During the following three years, we had 30 students go through that process, and only 17 kids actually used their laptops in class," said Crawford. "It was underwhelming, to say the least." Knowing there had to be a better way to get more students using equipment that they were already familiar with (i.e., their own computers), Crawford set out to find a more viable way to promote and, hopefully, expand the program.

Crawford started looking for a solution to provide network access control (NAC), a computer network security approach that unifies endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement. His early options included large vendors like Cisco Systems and Juniper Networks, both of which were hawking "entire solutions" that included wireless access points, controllers, switches, and the like.

Crawford wasn't interested. "Not only are they expensive, but these vendors lock you into a solution," he explained. "I'm a big believer in open standards and open source options, and I don't like anyone telling me what's best for me. If I purchase a solution, it has to rely on open standards and be able to 'play well' with everyone else."

That's where Avenda came in. Avenda is the developer of a "network policy solution for securing wireless and wired access solutions for any operating system." After an unexpected meeting with the vendor at a trade show, Crawford came up with a plan for integrating the Avenda's solution for the 2,800-student East Grand Rapids School District, which comprises three elementary schools, one middle school, and one high school. Known as eTIPS, Avenda's 5000 Series NAC platform is a network access security suite that features guest access and provisioning, RADIUS authentication, 802.1X support, and endpoint device detection and management.

The system, which was installed in two days, integrates with the district's existing Cisco wireless solution. Students, teachers, parents, guest speakers, and other authorized individuals log into the system with a user name and password to gain free access to the wireless Internet from their laptops and mobile devices.

Originally intended for use at the middle school level, the solution has since been expanded to the district's high school. Crawford said guest speakers and other visitors to the campus find the option especially useful in that it allows them to get connected by setting up an account and obtaining a password. "They can connect just like they would at a hotel," he added.

Crawford said the automated system has cut down on the time it once took to initiate a student on the use of wireless access. It has also boosted usage numbers significantly. "We didn't even advertise the new solution, and we already have 226 students using it," said Crawford. "We basically just flipped the switch, and the news spread."

Even more importantly, Crawford could now quickly see exactly who is using the school's wireless system and whether their individual computer firewalls were intact and operating. "We can observe who is getting onto our network and ensure that they're not doing what they shouldn't be doing," he explained.

Up next, said Crawford, will be a push to secure the school's "wired" Internet access system. "Right now we're consolidating all of the equipment we have that requires access to create a sort of one-stop IT security shop," stated Crawford, who said he looks forward to a time in the near future when he no longer has to change a password in 100 different places just because someone "leaked" the secret word to the wrong person. "Next time around, it will be just one password change at a single source."

About the Author

Bridget McCrea is a business and technology writer in Clearwater, FL. She can be reached at bridgetmc@earthlink.net.

Comments

Tue, Sep 1, 2009 Jeff Crawford East Grand Rapids Public Schools

One of the reasons we purchased a PacketShaper was because we were bandwidth challenged. We originally had two T1's or 3 Mbps of bandwidth. Prior to installing the Packeteer we found that our 3 Mbps connection would quickly get consumed by a few users. Once we put the PacketShaper in we were able to provision that 3 Mbps pipe by the number of users on a particular network segment (for example I had a VLAN for my high school which has around 500 machines which I provisioned 1 Mbps for). Now I have a 10 Mbps connection. I am now working towards provisioning bandwidth based on user by using RADIUS to authenticate to the PacketShaper. This way I can guarantee users a certain amount of bandwidth as opposed to an entire network segment. If you are bandwidth challenged this makes a traffic shaping device more of a necessity.

Wed, Aug 12, 2009 Dallas McPheeters Sonoran Desert

I assume the school has the bandwidth to share in order to offer this service. ?? What do you recommend for the bandwidth challenged?

Wed, Aug 12, 2009 Jeff Crawford East Grand Rapids Public Schools

Gary- The majority of student and guest users are Windows. But yes, we support Windows, Macintosh, and most major Linux distributions. Avenda offers a dissolveable agent for both Mac and Windows (last time I checked). You can also check out the openSEA Alliance project. http://www.openseaalliance.org/ I hope this helps, Jeff Crawford Manager of Networking and Security East Grand Rapids Public Schools

Tue, Aug 11, 2009 gary kerschner

Do you happen to know if the Grand Rapid's mobil netwook supports both Macs and PC's as we use both in our high school and many of our students would be bringing in MacBooks? Thanks

Add your Comment

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

White Papers:

  • Desktop Virtualization in K-12 Schools: Reducing Costs, Saving Time And Delivering Anytime, Anywhere Access for Students and Staff PDF screen shot

    This paper will show how desktop virtualization can positively position educational institutions for the future, enabling them to reduce expenses through hard dollar savings and time efficiencies while delivering the experience that students, faculty and staff need and desire. Through the experiences of Babylon School District, as well as Manchester Essex Regional School District in Massachusetts and Rockford Public Schools in Michigan, we’ll paint a picture of how desktop virtualization can revolutionize education’s approach to delivering technology — an approach schools can actually afford. Read more...

all white papers