Data Security | News
Wolf Creek District Deploys NAC To Support BYOD
- By Dian Schaffhauser
An Alberta school district has gone public with its use of a network access control system from Alcatel-Lucent and InfoExpress to support a bring-your-own-device (BYOD) program. Wolf Creek Public Schools, which has about 7,200 K-12 students, implemented Safe Access Network Access Control (Safe NAC) as part of its development of the BYOD policy, which was introduced in September 2010.
Safe NAC checks to see that user devices have the required security software and updates before they're allowed access to the school's network and the Internet. It also enforces the district's policies for student devices, blocking access to services such as Skype.
"The vision was to have authenticated access, be able to identify who was using our network, and be able to check the integrity of student systems, so we could trust those systems to access network servers and other resources," said Mark McWhinnie, director of technology integration. "This is precisely what we've been able to achieve with Safe NAC."
Added district Assistant Superintendent Gary Spence, "We wanted more than a simple ISP service available to our staff and students. We wanted the experience to be as similar as possible to district device use. We wanted personally-owned devices to be full network citizens with access to all internal resources, and we wanted the experience to be seamless for the end user." The challenge, he noted, was that those non-district devices can introduce new security dangers to the district's network.
The school district began preparing for its BYOD project in 2005 at the same time it was piloting a 1-to-1 initiative. By 2008 it had started to assess various vendors for handling the NAC aspects of BYOD implementation.
"After considering various products we looked specifically at three vendors by having them provide an on-site demo," McWhinnie said. "After the demo and quote process was completed, we selected Alcatel-Lucent's Safe NAC during the late fall of 2008. In January 2009 our technology services team started working with engineers from Alcatel-Lucent and InfoExpress for several months with one particular school pilot site with a lead team. In fall 2009 we started to work with an entire department of teachers and students, and in September 2010 Safe NAC started to be deployed to be accessed by additional schools in the jurisdiction."
Safe NAC is an integrated system that provides guest access, device integrity checking, and role-based access control. It includes a number of components from Alcatel-Lucent and InfoExpress:
- OmniVista Access Guardian, which performs authentication, device compliance, and access control operations;
- Quarantine Manager, for securing the wired and wireless network by isolating devices that are "misbehaving";
- VitalQIP, for automating DNS and DHCP IP address management;
- InfoExpress' CyberGatekeeper Server, a NAC appliance for managing network access; and
- CyberGatekeeper Remote, a NAC appliance for managing remote access virtual private networks.
The system also comes with multi-vendor professional services.
McWhinnie said the decision to proceed with the use of personally owned devices has been up to each school administrator "as they feel their students, staff, and parents are ready to proceed." Currently, the district has 19 of 24 schools using BYOD to varying degrees.
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.