Who & What is Accessing My School's Wireless Network? The Importance of Role-Based Access Control in K-12
Schools today are home to a variety of mobile devices and applications. From laptops and smartphones to Facebook and YouTube, students, teachers and guests alike are all connecting to our school wireless networks in many different ways.
The challenge is making sure you have the right amount of visibility and control to support a safe and reliable user experience.
Download this free kit to learn everything you need to know BEFORE you update or deploy a new, high-capacity wireless network.
Before we jump into the question of what role-based access control can do for your school, let's take a look at a couple recent studies that share some insights into the current state of technology use by students today.
By the numbers
According to the "Teens, Social Media & Technology Overview 2015" by the Pew Research Center, "92% of teens report going online daily." A quarter of those students (24%) more specifically noted that, "they go online almost constantly."
Going online using a mobile device has become a way of life for students today, especially for high-school students, however it seems that the trend is only increasing in size and across grades.
In fact, The 2015 Pearson Student Mobile Device Survey (grades 4-12) found, "In 2015, 53% of elementary school students, 66% of middle school students and 82% of high school students use smartphones regularly. In 2014, these numbers were 44%, 58% and 75%, respectively."
Mobile device use isn't the only numbers that schools need to take note of, they need to also understand what students are doing when they're online.
Again, according to the Pew Research Center, Facebook (71%), Instagram (52%) and SnapChat (41%) dominate today's students online activity.
Each one of these social media platforms are heavily centered around streaming video, which can be a major strain on your mission-critical applications when it comes to bandwidth.
These numbers shouldn't come as too much of a surprise, however what should be surprising are the amount of schools that don't have the right wireless network design and infrastructure in place to properly deliver reliable and safe access to their networks.
This is where role-based access control can help.
What is role-based access control?
Role-based access control or RBAC, allows your school wireless network to identify the “who, what where, when and how” your users are connecting to your network. You then have the ability to enforce policies based on pre-determined sets of rules.
For a detailed overview of how RBAC works, check out this whiteboard video by Senior Network Engineer, Michael McNamee.
Why do you need it?
Whether it's mobile devices or applications, technology is evolving at an extremely fast pace. Smartphones for example are typically updated every 12-18 months. They have new operating systems, new chip-sets, new capabilities and new optimal operating requirements.
On top of that the application world is even more volatile, today it's SnapChat tomorrow it's something else. You can't ever really be sure what's going to catch on and be the next big thing inside your classrooms and hallways.
By nature, mobility is difficult to secure because of things like BYOD; it’s difficult to secure what you don’t own and can’t see. There are hundreds if not thousands of devices and applications trying to connect to your network, many of which require different levels of access.
The last thing you want to do is expose your school's resources and the data of your students to security threats by blindly allowing access to devices, users or applications that you can't see or control.
With RBAC you can assign roles based on specific attributes. For example, if you authenticate onto the network with both device credentials and user credentials you can say your a trusted user and a trusted device, giving allow all access to network. What you name that role is also completely up to you, you could call it faculty or administrator, it's up to how you want to name each role.
Another instance would be if you have a tablet for example, try to access the network but it's not joined to the domain so it's going to fail device authentication, however it passes user authentication because it's a teacher or a trusted user.
In this case you have an untrusted device and a trusted user, or in other words what's most likely a BYOD scenario where a personal device is trying to access the network.
In this BYOD role, you can deny that device/user access to all of your internal network resources but you can put them into the VLAN that gives them access to the internet, as well as flow through the edge firewall and it's security filters that you might have in place.
These are just two examples of two different types of conditions you can use to manage access to your network. Not all wireless network solutions have this capability right out of the box, and seeing how valuable this functionality is it's definitely something you should make sure comes standard.
School wireless networks have become increasingly more complex over the last 5-10 years, and it's critical for the safety and scalability of your school that you have the right wireless network design in place to create a reliable and safe wireless experience for your end-users.
Knowing where to start is the most important part of the entire Wi-Fi engineering process, which is not easy to navigate. It takes using the right software tools, having the right amount of experience as well as skill to get it done right the first time.
However, by doing so you'll be able to be confident knowing that your school's WLAN is reliable, safe and easy to manage.
At SecurEdge, we deliver affordable, robust, and secure wireless platforms – it’s all we do. If you have any questions about wireless network design or would like to discuss an upcoming project, please get in touch with us here.
Danny is the Marketing Manager at SecurEdge Networks. This basically means it’s his mission in life to make sure you have the secure mobility tools and resources that you actually want and can use. P.S. He also loves a good craft beer.