Implementing dynamic location-based internet content filtering in your district
A robust network that allows students and staff to access the internet is critical for every school district. However, to protect students and comply with CIPA and local regulations, a multi-strategy approach with reporting, monitoring, and flexibility tools is essential. In this web seminar, originally presented on December 11, 2012, an administrator described how the Hardin County (Ky.) School District worked with Enterasys Networks and iboss Security to build a robust network that can detect non-directory aware and student-owned devices, and adjust an individual’s level of access depending on grade level, location, time of day and more.
JK: We are going to discuss how to work the puzzle of filtering district-owned and non-district-owned devices, and non-directory devices such as iPads, in a way that promotes individualized learning and yet complies with CIPA and local regulations. Enterasys is a provider and manufacturer of enterprise-grade switching, wireless, and routing security software, as well as a full suite of identity and access products.
This allows districts to provide the highest level of networking to students, staff, and guests in the most secure yet productive fashion. We provide many things schools are looking for, including a lifetime warranty and unparalleled customer service. Many schools are trying to get a learning device in every student’s hand, which creates problems. How do you support BYOD (bring-your-own-device) in a learning environment? There is also the issue of managing non-directory devices such as iPads on a school’s domain. How do you identify that user on the back end? How do we provide a level of Internet access for each student that is tied to their needs and responsibilities?
In the past, districts lumped everyone together with the same, constant access levels, which is no longer possible in order to offer a personalized learning experience. Enterasys architecture is fabric architecture that allows management of both wired and wireless from the edge of the network all the way through the data center. We have a unique ability to “digitally fingerprint” every user and device on the network, whether the device is district owned or a BYOD device, or even non-directory-aware devices such as security cameras or card swipes.
With our system, students are identified as they come into the network with a device; you can collect information on the identification of that student, the device, location, and time of day. The Enterasys system may treat the same user differently if they are using a district-owned machine or a BYOD device. Users can be denied network access with certain devices, such as gaming, or non-educational devices. Or maybe those devices can have restricted access— such as only before or after school, or in a library or cafeteria but not classrooms.
Our architecture has as an identification engine for all devices that come onto the network. We can also employ location-based application delivery. There’s a lot of focus right now on social media platforms and whether they can be used in the classroom. A lot of districts are moving toward integrating social media into their curriculum. For example, a school can allow access to these platforms in certain rooms or at certain times of day. The goal is to keep the network complexity low but deliver a high-end user experience to students, faculty, and staff.
PM: Phantom Technologies is the parent company of iboss Security, which provides secure web gateways that control web filtering, application management, mobile security, bandwidth management, and comprehensive reporting, essentially securing of all aspects of your network. iboss serves thousands of schools across the country, ensuring the safety for millions of students and teachers.
We have found that previously, most filtering systems took a “yes or no” approach to websites. iboss understands that in education, a “depends on” approach is needed. Only educational areas of sites are allowed, and the inappropriate aspects are always blocked. One issue that can result from a BYOD policy is that mission-critical applications, such as state testing, could possibly be interrupted by the influx of devices on the network. When districts introduce BYOD, the number of devices accessing the network can quadruple.
Often, BYOD users are stuck with guest access, which is not conducive to progressive learning. A generic policy for all BYOD users creates frustration because of the inconsistent access to the web between BYOD and district-owned devices. Enterasys and iboss eliminate this inconsistency, giving the user the same policy access no matter the device he or she is using. Enterasys and iboss come together with a digital handshake. Enterasys identifies a BYOD user and then transfers the information to iboss, which applies user-based Internet access automatically. When a user comes and goes from a network, they are remembered and there is no need to reauthenticate each time.
Another unique advantage is the location-based filtering Jonathan mentioned. The device that was previously not directory aware now is. iboss filters ensure technology and education flows seamlessly. If it is on your network, we see it and we can control it. Reporting is very important to iboss. We believe complete insight into all devices, including BYOD devices, gives you the benefit of securing the network against bandwidth abuse, open connections, and more. Tracking user activity is important in ensuring resources are being used the way they should be.
Our district is the 4th-largest in the commonwealth of Kentucky, and we had a vision of a 1:1 device initiative. Our administration wanted to eliminate all print textbooks in favor of having digital books on one device. Unfortunately, insufficient funding made it impossible to give all students a device. We were also challenged with CIPA compliance, as well as a Kentucky law that states all Internet access for students and teachers must be filtered and monitored.
There was also an issue of integrating BYOD devices into our enterprise network. We employed Enterasys to install their Mobile IAM system, which gave us the ability to identify devices. Implementing filtering can become very complicated very quickly. We were lawfully compliant, but had over 54 separate VLANs to support our various filtering policies. These continued to grow. We also had a variety of servers to manage.
Every day, the network got more and more complex, introducing problems and making the troubleshooting of those problems very difficult. Also, due to our state network design, some applications, such as our student information system and financial systems, were not functional on certain devices. We were faced with the decision of losing our CIPA compliance and robust filtering, or losing some functionality. At that point, we were contacted by Enterasys, which introduced us to the Mobile IAM/iboss integration.
With this integration, our network design was drastically simplified, without separate VLANs. All applications are now available on all devices. If any internet traffic research needs to be done, iboss reporting makes the process simple for both BYOD and district-owned devices. I can pull reports on the number and types of devices being used on the network, as well as on websites users access and whether they attempted to access a blocked site.
JK: Enterasys enjoys delivering a network solution to school districts that is dynamic and fluid. Fifty-two percent of schools, according to an American Association of School Librarians survey, feel filtering impedes student research. Enterasys filtering eliminates this frustration by not grouping all users into one bucket.
To watch this web seminar in its entirety, please go to http://www.districtadministration.com/ws121112.