Feeds

back to article Universities teach us a thing or two about BYOD

Our Regcast of 13 June, BYOD Beyond the Noise, focused on the infrastructure you build to accommodate the consumerisation of IT. Trevor Kelly and Andy Cooper, our studio guests from HP, pointed out that universities are one group of institutions that know how to do BYOD (bring your own device) well. In the past 10 years further …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Swings and roundabouts...

Having the backend of the Metropolitan Area Networks and JANET means that we are spared a lot of the network hassles most folk see. It means we have a surfeit of IPv4 addresses (two B class blocks iirc), so even fewer hassles.

OTOH, the students who BTOD then demand I install all the software they would be using on their devices, and refuse to accept that it's not legal.

They then decide that I'm repsonsible for fixing things when they torrent a dodgy copy of Photoshop and get hit by the Zero Access toolkit or other malware....

...which they then pass on to each other and every one else by sharing thumbdrives, and I then have 20 machines to disinfect.

all of which means I have more work to do than if they used our devices.

On the other hand, the alternative is working somewhere else and actually having to work...

9
0
Silver badge
Linux

Re: Swings and roundabouts...

"...which they then pass on to each other and every one else by sharing thumbdrives, and I then have 20 machines to disinfect." EddieD, we made it a policy to only actually put effort into fixing machine's where the user has taken reasonable precautions to protect their devices. In the case of Windows, if they haven't updated their AV (or if they haven't installed any) we pack them off to a Computer Shop to have it fixed at their expense. The Students were basically abusing us and we put a stop to it. We no longer see knackered laptops that students drop in at the end of term expecting a full re-install, backup and a one day turn around with absolutely no thank you at all. We have also forced all Academics, Graduates and Undergraduates through Eduroam so they are no risk to our mission critical infrastructure and they enjoy the benefit of single sign on internet connectivity worldwide.

Edit: Great article btw

3
0
Bronze badge
Childcatcher

Re: Swings and roundabouts...

"On the other hand, the alternative is working somewhere else and actually having to work..."

How about RDP session to University provided desktop?

Appropriate policies (the one I use in a Further Education College allows drag and drop of text between device OS and the session window, but no direct file exchange)?

All they would need on their own device is an RDP client. Only your properly licenced software can be used in the session, and their course work related data stays on your servers. The latter works well for our students some of whom might lose their head if it wasn't securely attached to body.

I remember accessing such a desktop at Sheffield Uni years ago (Citrix, modems).

PS: Note to editor/article author: Universities are usually referred to as higher education in UK.

1
0
Linux

Re: Swings and roundabouts...

Cost perhaps?

Each RDP session requires a CAL on your windows server.

Last time I looked there were no open source RDP servers or Citrix servers.

Also last time I was at uni and everybody I know who works in educational IT departments use Linux based servers.

VNC perhaps? It's pretty awful though, even on a LAN.

1
0
Bronze badge
Linux

Re: Swings and roundabouts...

"Each RDP session requires a CAL on your windows server."

I suspect we are getting it cheap as part of education deal &c. Certainly pushed heavily to students and staff as preferred remote access method, and the only way you get to use your own device on College network.

0
0
Silver badge

Re: Swings and roundabouts...

That's my policy too*, but when a grade 9+ academic insists it is my problem, I don't have a right of refusal. Nor do I when the same academics ask as a favour that I look after their RA/Supervisee/Blue eyed boy.

*Actually my policy is to blink, say "you've messed up your machine and it's /my/ problem? How does that work?" I then offer to fix the machine - I wipe it and apply a standard image. I'm not expecting promotion

4
0

Re: Swings and roundabouts...

Yeah a few pence per CAL.

A few quid per processor

It's next to sod all for educational types.

0
0
Bronze badge
Linux

Re: no open source RDP servers

xrdp has been around for a while, looks like it might be quite usable now.

0
0

vnc not that bad

I regularly VNC in to machines 3000km away. There's some lag, but it's acceptable (and *way* better than poorly-written native X applications).

0
0
h3
Bronze badge

Re: Swings and roundabouts...

The proper X11rdp server works quite well now - clipboard sharing works - fast as a normal rdp session (Not the one that just uses Xvnc that is easy to package). It is a bit annoying to build but it works quite well. (If my job required it then I think I could get something up and running quite reasonably it was much easier before it started using Xorg with autotools. imake is easier to deal with for something like this).

0
0
Silver badge

Re: Swings and roundabouts...

"That's my policy too*, but when a grade 9+ academic insists it is my problem, I don't have a right of refusal."

Damn. I'm only a grade 8. Does that mean I get told to feck off?

2
0
Silver badge
Linux

Re: Swings and roundabouts...

Yeah, we get the demanding types too, we just increase the lead time of the problem to be fixed based on the degree of an asshole that the person is, we also reduce the amount of fixing that "we are able to achieve". Further more, we can also point at support documents provided on-line that they can go away and follow, after all Academics should be able to follow simple instructions (with pictures), surely?

0
0
Silver badge
Linux

Re: Swings and roundabouts...

"I wipe it and apply a standard image. I'm not expecting promotion" -- Ah the infamous 'PC World' approach, a nice touch.

0
0
Bronze badge

Re: Swings and roundabouts...

I was quite impressed with SPICE last time I tried it. I had a KVM virtual machine running on my desktop with ADSL at home (guest was Windows XP Pro), accessing it via a 3G link and VPN, it felt like the VM was local.

I had clipboard sharing, sound, the works.

0
0
Silver badge

Re: Cost perhaps?

Can only speak to the US, but over here schools including universities and 501(c)3s get MS software at what is essentially cost plus what a grocer would regard as a normal markup instead of the typical IP monopoly rate businesses are charged. I imagine it would be similar elsewhere.

0
0
Anonymous Coward

Good article. Would be interested to see an article or articles about multi device (e.g droid, ios,osx etc) integration into AD or $managment system, using something like centrify or similar.

2
0
Anonymous Coward

and there end'th the lesson on why most business IT departments HATE BYOD and why we don't do it!

1
0
Mushroom

Basically this article explains where my tax money is going, into providing high bandwidth torrent access for a bunch of students who take out massive loans and cost me, the tax payer, the better part of £100K for their higher education each, who take out loans which are only paid back once they earn over a certain amount of money.

This mob then expect me to pay to maintain their broken IT crap, whinge incessantly when they can't stream the latest episode of Big Brother, and who have no real SLA demands other than cheap access to beer at the student union bar, yet this is still meant to be some example to business IT?

Add to this the fact that they're poncing around studying media studies or humanities, which no employer in the known world who has to actually make money is interested in, they spend 3 years passing around viruses (both computer and STD's), then leave to go work part time for a minimum wage in a supermarket, or if the likely grade is really bad, the girls get themselves pregnant and live off the state for the next 16 years.

Somehow, I really don't see the commercially relevant example here!

2
16
Bronze badge
Trollface

Poor you

Students have never paid more for the higher education than they do now. The tax payer is steadily reducing the available subsidies to higher education, and has been for decades.

Student with a broken laptop? good like trying to get it repaired without shelling out for it yourself. That's the beauty of BYOD - the device is the users problem. Bandwidth? Yeah, the university pays for it through a combination of corporate R&D money and student fees, and the taxpayer benefits from the enormous pipes that university institutions have laid between them (and a few taxpayer subsidies implied - good use of money IMHO).

I wouldn't pass too much blame onto the media studies students either - they pay 9 grand same as I would if I was studying engineering. My labs and full week of lectures cost considerably more than their space in the library and their 5 hours contact time a week. I think if you look at the books, they're paying the subsidies to train engineers and doctors - you know, these people that you and society has come to take for granted.

The commercially relevant example is that BYOD is done, and done well at universities. Yeah, sysadmins have a hell of a lot more work making their systems hardened and solving new IT problems that BYOD introduces- that's why they are paid to do what they do. For the time being, executives in industry listen to their scare stories of viruses and pen drives being open gateways to the pirates in the East who will steal all IP they can get their hands on (i'm not arguing that these are false threats), but the world is changing, and corporations will have to start tackling this problem head on.

I never said it was going to be easy - but times are changing. I've often heard that brand new graduates are often the cause of the most major security breaches at corporations. When that is happening, it's time to up your game. Restrictions that work with your current employees do NOT work with my generation, we've had years in school to learn how to circumvent filters to do what we want, and to use our IT for our purposes efficiently. IT security is generally not something we take seriously, but that is your problem to solve.

And seriously, when corporate suppliers websites don't support IE6 anymore, don't you think that archaic IT is holding you back? I've got adobe acrobat reader 4 installed here, it can't open half the pdfs I throw at it. It's getting to the point where I can either obey IT policy or I can do my job, but not both. Tell me again how BYOD isn't relevant in the corporate future? It'll be keeping job security for reg readers at an all time high for the next decade if you ask me...

8
2
Silver badge

"Basically this article explains where my tax money is going, into providing high bandwidth torrent access for a bunch of students who take out massive loans and cost me, the tax payer, the better part of £100K for their higher education each, who take out loans which are only paid back once they earn over a certain amount of money.

This mob then expect me to pay to maintain their broken IT crap, whinge incessantly when they can't stream the latest episode of Big Brother, and who have no real SLA demands other than cheap access to beer at the student union bar, yet this is still meant to be some example to business IT?"

By the sound of it you work in a university, so aren't you not in fact a taxpayer after all, but just one of the people scrounging off the state, albeit doing work for it, like students (sometimes) are?

(I personally don't think that, but if you start throwing around "bloody students costing the tax payer a fortune" and then your job is paid for by the tax payer, and wouldn't exist without said students, well...)

(Apologies if you don't work in a university. But if you don't, you are wrong to write misleading things. Ha, I win either way!)

0
1
Flame

Re: Poor you

"Students have never paid more for the higher education than they do now. The tax payer is steadily reducing the available subsidies to higher education, and has been for decades."

So essentially students have been freeloading off the tax payer for years and now you're upset because you're asked to take resposibility for what you cost the country (which is made up of tax payers who fund it's continued operation). The tax payer subsidy does not need reducing, it needs removing completely, and students should take responsibility for their education, like companies and individuals have to in the private sector.

"Bandwidth? Yeah, the university pays for it through a combination of corporate R&D money and student fees, and the taxpayer benefits from the enormous pipes that university institutions have laid between them (and a few taxpayer subsidies implied - good use of money IMHO)."

No, we don't benefit, the pipes are part of JANET (again paid for by the tax payer), if you want a truly good use of tax payer subsidies, try superfast broadband for 100% of the UK, in case you've not noticed the roll out is being slowed down to consumers by the massive investment required by the private sector. I don't see the benefit to me from the high bandwidth JANET network.

"I wouldn't pass too much blame onto the media studies students either - they pay 9 grand same as I would if I was studying engineering. My labs and full week of lectures cost considerably more than their space in the library and their 5 hours contact time a week. I think if you look at the books, they're paying the subsidies to train engineers and doctors - you know, these people that you and society has come to take for granted."

Yes, and exactly what does a media studies graduate do for a living, I can't think of a valid use for one of them, and if they can't be found ause for, the loan doesn't get paid back and that costs the country. As far as taking engineers and doctors for granted..you're joking, I pay via tax and NI for the doctors in this country, and I work with 30+ engineers at one of the sites I look after and have respect for their field and their education, they actually do produce something valid - a profit for the company employing them!

"For the time being, executives in industry listen to their scare stories of viruses and pen drives being open gateways to the pirates in the East who will steal all IP they can get their hands on (i'm not arguing that these are false threats), but the world is changing, and corporations will have to start tackling this problem head on."

These are not scare stories as anone with 20+ years experience in running and securing systems will tell you. the recent PRISM scandal should tell you all you need to know, and if you don't see the relevance, then it proves you've never had to be accountable for IP and data protection in the real World.

" I've often heard that brand new graduates are often the cause of the most major security breaches at corporations. When that is happening, it's time to up your game."

Wrong, it's time for you to grow up and learn to follow corporate IT policy, you're paid to do a job according to company rules, learn how to do it or there is a P45 in your near future.

"Restrictions that work with your current employees do NOT work with my generation, we've had years in school to learn how to circumvent filters to do what we want, and to use our IT for our purposes efficiently. IT security is generally not something we take seriously, but that is your problem to solve"

No, you follow the restriction or you don't have a job, employees do not dictate policy, you learn to work within it or you're shown the door. If you don't like it, a job on the checkout a Morrisons beckons.

"It's getting to the point where I can either obey IT policy or I can do my job, but not both"

When you actually have had a few real jobs with resposibility, and you have experience, come back and start talking with some facts under your belt. I have 25 years under my belt and given the attitude of people like you, many more to come!

1
1

"(Apologies if you don't work in a university. But if you don't, you are wrong to write misleading things. Ha, I win either way!)"

I don't work in a university, never have, never will! As for writing misleading things, another writer here commented on the expectations of students to fix their broken IT by the University IT dept. As for the cost to the tax payer, who do you think ultimately pays for all this? It comes from corporation tax and tax paid by people working in this country. Both entities are tax payers. All I ask is this, does my tax deliver acceptable ROI to me? I don't see what the money spent on Universities does for me, or for the companies which I work for. Given the higher education budget for the Uk, the return seems poor. BYOD seems an extravagance we cannot afford, students should be todl what to buy and what is supported, it's up to them to supply compliant equipment which are to IT policy of the Universities, this would be more efficient and economical. I really don't see the problem other than a bunch of spoilt students wanting to do what they want at my expense.

0
3
Bronze badge

It's quite amusing and also annoying to see people ranting about how much of their tax money goes to paying for UK Universities an their IT provision without the slightest clue as to what the actual answer is.

Since the advent of the student paid tuition fees going to £6-9k a year, the larger proportion of most Universities funds these days do not come from tax payers via government funds, but directly from students via their tuition and accommodation fees*, not to mention the fact that most Universities operate other commercial elements such as professional qualification training, business incubation centers and the leasing of space to private conferences.

Overseas students also provide a good income to Universities, whose attendance is entirely funded by themselves or overseas organisations.

@DavCrav I'm rather puzzled by your statement "By the sound of it you work in a university, so aren't you not in fact a taxpayer after all, but just one of the people scrounging off the state".

As an employ at a Higher Education institution I pay taxes and national insurance just like anyone in the private sector, at the same rates as everyone else.

In what way does my sector of employment make me "not in fact a taxpayer after all"?

*Admittedly this is usually fund the students acquire through the goverment owned Student Loans Company.

3
0
Silver badge
Linux

"Basically this article explains where my tax money is going, into providing high bandwidth torrent access for a bunch of students" -- We block all Bittorrent connections.

0
0
Silver badge
Devil

Security deserves more attention.

I know I'm cynical here, but the last thing you want as an administrator in an "educational facility" such as a school or Uni is students who bring their own stuff to connect to your own network.

Because although the theory behind it all sounds very nice and fluffy, the dirty truth of the matter is that no other semi-commercial network environment will suffer from more direct and internal attacks than a school network. This isn't bad mouthing the students, and I'm also not exaggerating; it's merely a given. Anyone who has worked in this field for a while knows this.

So I think the article goes over the enrolment process a little bit too easy. Commonly speaking you don't want to give students direct access to the main school network, enrolment or not.

Note that I'm not claiming that providing easier Internet access or a "student network" which allows students to, well, use their own stuff is a bad idea. However; in these scenario's you're talking about sections which have been carefully locked down in order to clearly sever any ties between these "outer networks" and the schools own network facility.

But most certainly not an environment where a teacher puts some presentation in his own home or working directory to be used in a class room and right after storing it can be accessed by the rest of the school.

4
0
Silver badge

Re: Security deserves more attention.

"Because although the theory behind it all sounds very nice and fluffy, the dirty truth of the matter is that no other semi-commercial network environment will suffer from more direct and internal attacks than a school network. This isn't bad mouthing the students, and I'm also not exaggerating; it's merely a given. Anyone who has worked in this field for a while knows this."

Never mind this. Think of the staff. Without BYOD, universities wouldn't work. Full stop. There's not a single academic I know who works a standard 9-5, and if they did, the system would collapse, because it's predicated on about 20+ hours of unpaid overtime being standard for university lecturers. Without BYOD, home access, etc., lecturers wouldn't be able to put in the overtime necessary to make the system work.

3
0
Bronze badge

Re: Security deserves more attention.

"Without BYOD, home access, etc., lecturers wouldn't be able to put in the overtime necessary to make the system work."

Not sure about that. In most UK Universities the academic staff get any devices they need for their work provided to them, so BYOD isn't necessary.

Remote access isn't strictly necessary either, but I admit it does make working a lot easier.

0
1
Silver badge

Re: Security deserves more attention. @Phil W

"In most UK Universities the academic staff get any devices they need for their work provided to them, so BYOD isn't necessary."

I don't know where you get this idea from. Of the many jobs I've had in universities (lecturing and research), only one supplied me with a laptop for the work (which I was more than happy to use, even though it was a bottom-of-the-range Toshiba laptop). All the rest required (and still require) my own IT provision.

I'm intrigued what those who advocate a supplied-IT approach in universities would like to see? The only other option is to supply thousands of staff and students every year with standard equipment, creating a huge inventory and attendant stock-taking and replacement cycles. Alternatively, are you advocating that all students/staff must only use local desktops, (which shows you don't have a grasp on how learning works these days - distance-learning is a fact, guys and gals)? My current university is some 400 miles from where I live, and I need to be able to work when I'm not actually at my (non-existent) desk. So, seriously - what is your answer?

2
0

Re: Security deserves more attention. @Phil W

Intractable Potsherd:

You hit the nail right on the head, distance learning is a fact, it works, it's results are as good as any fixed university, and it's cost effective, so why are we paying for all of these university buildings and students accommodation when they could stay at home studying, have lectures delivered via webcasts and if they need to speak to the actual lecturer, they can speak via video conference applications like Skype. You could house the actual teaching staff in an anonymous office building on an estate and get rid of many of those costly university buildings and extra staff to run them. Big savings all round! Now the only university facilities you need are for those with highly specialised equipment in the fields of research (and even then much of that could probably be virtualised) whilst the purely academic courses such as maths don't really need any specialised equipment, so need no space on a university campus.

Meanwhile we could remove the high costs of the intangible courses (such as your humanities, arts and others which have no tangible return or use) and just have those vanity courses taught on line in an efficient manner, the reduction in building and staffing would make the whole cost of the vanity courses affordable to those who were interested and remove another burden from the tax payer.

0
2
Silver badge

Re: Security deserves more attention. @ukaudiophile

I didn't downvote you, but you are are half-right, and half-wrong. Distance learning works for *some* people. Having the option is important.

I can never agree with you that "humanities, arts and others ... have no tangible return or use). Learning is valuable in and of itself. You seem to be one of those that think history (for example) is a pointless subject, whereas, say, engineering isn't. I'd say that you let your prejudice get in the way of clear thinking. That doesn't mean to say that I think the current policy of channelling thousands of people into university courses is necessarily good, but I think that people should have access to education (broadly defined) throughout their lives.

However, remember that universities do not only teach - there is a vast amount of research going on, and so premises must be available.

0
0

Eduroam is an amazing achievement and it's nice to see it getting some well-deserved kudos.

6
0
Silver badge
Thumb Up

Eduroam is very nice indeed. It is very handy for me to have internet access in the universities I visit.

0
0
Bronze badge
Thumb Up

Eduroam is marvellous. It's got so big that Universities that don't have it are considered pariahs. Turn up, open laptop, start working. Wonderful.

0
0
Anonymous Coward

Eduroam is great: I just wish it was easier to configure on Windows. Fortunately, you don't have to do it often !

1
0
Silver badge

Eduroam is easy to set up on windows as most universities use a simple executable that does the whole set up and join to network for you.

1
0
Silver badge
Mushroom

Alternatively

People bring their own devices because those provided are not up to scratch.

2
2
Silver badge

Does this really count as BYOD?

To me, BYOD implied a requirement to run a Standard Operating Environment. If you are 'just' allowing network access and possibly web-based applications, surely it's only half the problem?

My company, I think, would expect its employees to have an SOE with Lotus Notes, Microsoft Office, our selection of anti-malware tools, particular VPN clients and so on - including a few options based on role (e.g. Visio). Furthermore, there would be full disk encryption, in the expectation that documents and other assests you create for the company have to stay in corporate controlled storage. Getting that working on a bunch of different devices that the staff might choose is a completely different kettle of fish to just giving them network access and the URLs for a few server-side apps.

1
0
Silver badge

Re: Does this really count as BYOD? @John H

If you look at large corporate BYOD programs, one of the conditions is often that you surrender a lot of control of your own device. This normally means purchasing hardware from a list, installing company supplied tools like VPN, encryption and AV, and also surrender some control (have additional administrator accounts created). Certainly challenges the idea of it being your device.

What most Universities do is to have an open(ish) student network (or, in fact, many of them, often firewalled from each other and the main University campus network), together with a portal or gateway on each that allows them restricted access to the central file servers and other facilities of the core University networks. In addition, there is firewalled access to the Internet.

I don't see why that model cannot be used by business. It keeps your core network safe, while providing much of the access that is required by the user.

My kids were always told that it was their responsibility to make sure that their systems were adequately secured, and the only assistance given by the collage was to perform standalone virus scans. If the system failed the scan, they were offered one of the free AV packages, and told to either install and run it, or get someone to do it for them. Their machines/accounts were blacklisted until it had been proved to be virus free.

0
0
Silver badge

BYOD at university does have it's own issues. I should know as I worked for a Uni and it used to drive me a little bit mad. I had to be able to configure anything and everything. The only positive that came out of it was I had exposure to every kind of device that you can think of, from spoofing pages so that you can join your Kindle to the network to more mobiles than you can think of. The only issues we every had was cloned \ fake macbooks from China, as well as a couple of hacked imported phones. I did become somewhat adept at virus and malware removal as students will click and link, as well as the staffers. The one thing that I will say is that the network bods and the server chaps totally earn their cash, because the sheer amount of spam / malware / virus / etc is huge, and the systems never did get compromised.

0
0

Security???

How is the security on this type of network? Is every device required to install specific software before being allowed to connect? How are malware loaded devices contained? How are private data protected? If you rely only on the client device to provide protection then you're only as strong as your weakest link ... Or am I missing something? Students share credentials ( have them stolen ) and universities are some of the greatest environments for testing out social engineering experiments. It would be great to see how they provide all of this protection!?

0
0
Silver badge

Re: Security???

You're missing the fact that these are not single networks, but networks of networks, with fenced links between them, and at arms length from the core University networks. The only really complex part is the distributed user authentication that allows access to the core systems.

It really is a case of divide and conquer.

2
0

Re: Security???

"the University core networks" -- no. The learning and research facilities are the core network. It's the administration networks which are non-core. That's the essential mindset difference between university and business computing.

The same is true of applications. You break some Oracle thingie used by administtration, that's bad news. You break e-mail across the university, you're fired.

At universities BYOD is simply fact. It's not a "strategy" open to debate. Even non-IT staff will have a laptop, a tablet and a phone and will expect equivalent access to resources from all of them. The university may or may not own all of those devices. Students definately don't want the uni to provide their IT -- although if the uni can arrange a hefty discount on a MacBook Air they'd be grateful.

The idea that you can limit access to administrative systems to a subset of platforms isn't a goer either. Just the other day I checked a student's recorded test mark from my phone (connected via Eduroam), whilst the student and I were discussing their progress. Business would call this "responsive customer service" and the more you tighten down the access to the admin systems the less responsive the staff can be.

0
0
Bronze badge

I moved from the private sector to working in education. The change was one heck of a shock. In the private sector we had complete device lock down, massive firewalls, and the ability to get people fired for not following the BOFH IT rules.

In education, you have the complete opposite. No device lockdown. Any device (Windows, Mac, Linux, iOS, Android, Palm, *BSD, etc.) There were few firewalls (my desktop machine has a public IP address !) And no control over the users - "Academic freedom" (well, except Students ;-) )

At first you think this is just plain crazy and it can't work. But you soon "get it" and it all works quite well. Yes, it does take a little bit more work to make sure your systems are secure and usable across all platforms, but once you've done it once or twice, you get the hang of it.

It is a very different mindset, and I can see why corporate IT chiefs are against it all. But you have to keep on asking the question: Is IT here to serve the users, or the users to serve IT ?

4
1
Anonymous Coward

"There were few firewalls (my desktop machine has a public IP address !)"

huh? just because you have a public IP address it doesn't usually equate to not having a firewall. I dont know of any UK universities that dont have a firewall....most of them are just a lot more 'permissive' than the typical corporate lockdown (academic freedom et al!) - don't confuse a NAT'd network with security - the world will also learn THAT lesson when they (like the higher educational establishments who have been using IPv6 for the past decade) start using IPv6 more generally.

1
0
Bronze badge

just because you have a public IP address it doesn't usually equate to not having a firewall. I dont know of any UK universities that dont have a firewall

We start coming into semantics here. (I'm not criticising - just clarifying) Some people think a firewall is something like a deep packet inspection device (think Checkpoint, maybe Cisco ASA) For others, a simple TCP/UDP packet filter is a firewall.

At my place, the "firewall" is a small access list that blocks just a few ports (e.g. 23, 143, etc). Other than those few blocked ports, I can run pretty much anything on my machine. (and frequently do !)

0
0
Anonymous Coward

Why is BYOD scary?

Seriously, I don't really get the big deal.

Providing sufficient network infrastructure is relatively simple- chuck a few wifi base stations about over campus with fibre or CAT6 connections between them.

But your services- whether they're file sharing, printing, media streaming, whatever- all these should be secured serverside anyway.

Access to it should be controlled as though one was connecting from the Internet, treating every single connection as suspect until you have verification that it is not. Unfiltered internet available to anyone who connects, wired or wireless (for clients), with a VPN link required to actually access the actual network assets. This also gives you a worldwide campus.

But this should ALREADY be how it is. Far too often have I visited a Client's offices and connected to their WLAN- only to find that I can now see just about everything! At a previous employer the way they hid their most precious IP was to have everyone work from different drive letter assignments. Seriously, their security was hoping you didn't type //[secret-server]/[secret folder] into the Address bar. In a multibillion-dollar company.

Even if they have secured their wireless, many a company will have a wired LAN that is again absolutely wide open.

So from what I can see, BYOD is ONLY an issue for half-arsed IT types or those who are Manager-ed into half-arsedness. And, with BYOD whispered in the right ears in the right way, that manager can be worked around- be honest, it's something everyone would like.

4
1
Anonymous Coward

Re: Why is BYOD scary?

"Manager-ed into half-arsedness"

Priceless.

0
0
Anonymous Coward

Re: Why is BYOD scary?

"...chuck a few wifi base stations about over campus with fibre or CAT6 connections between them."

oh really? you are aware that most of the larger UK Universities have AP counts in the low thousands (yes, thousands) - all needing to be driven by gigabit switching and resilient backhaul links across the campus/buildings (and streets in cities).

but the rest is correct. yes, the user is known...they've authenticated to the wireless using 802.1X (and not just WEP/PSK or using captive portal) - but so what? what state is the machine in. if you have posture checking/NAC then you given them more access. students on a student network segment/VLAN(s), staff on another.... visitors using eduroam go on a totally different network that yes, does have internet access with firewalling but is off the main campus network so all users go through same external access policies if they want to talk to any local servers/networks. I think a lot of corporate networks are very dumb and flat and maybe the view of a real network isnt seen in many places.

0
0
Silver badge

Interesting article

The University environment is indeed taxing, and its IT is fascinating, although most of what transits on a University network hardly counts as "work".

So, could we have an example like this about a bank ?

No ?

Thought so.

0
0
Anonymous Coward

Re: Interesting article

" although most of what transits on a University network hardly counts as "work"." - yep. and thats one of the challenges to be dealt with. ensuring that people have the right access (or right level of access) to services whilst also keeping those services and their soft underbelly protected from other systems.

0
0

Page:

This topic is closed for new posts.