School WLAN
Deploying a wireless local area network (WLAN) in a school environment can be an enormous asset in the learning process. However, such an environment presents unique challenges in ensuring the network’s security. This report will examine the probable user groups, their security requirements, and potential risks associated with a classroom WLAN, and propose security and authentication measures necessary to make the network secure.
User Groups and Their Security Requirements
Users in a school WLAN can be divided into three broad categories:
- Students. Generally do not require external access or access to restricted materials. Require very limited modification of resources on the network.
- Faculty members/teachers. May require external access or access to confidential internal materials, as well as modified access to resources.
- Other staff. This includes staff with responsibilities not necessarily involved in the teaching process, including those administrating the network. This group requires the most flexible security considerations as their needs can vary significantly, but generally, their requirements lie above those of the previous group.
It should also be noted that most users of a school WLAN can be expected to have limited computer literacy, preventing their use of complicated authentication systems. However, individual students can be capable of bypassing simpler security measures to engage in malicious activity.
Thus, a school WLAN should implement role-based access control with two primary groups with corresponding levels of access. Under this system, access is granted to users based on their assigned roles (Kizza, 2020). One, general access, for students, read-only permissions on data outside of specific circumstances (e. g. uploading assignments). Considering the ubiquity of Internet-enabled data plans, this group does not require Internet access for any purpose not already achieved by their devices. The second level should allow access to the school’s confidential data and a limited ability to modify it, as well as general access to the Internet. Finally, the requirements of the third group can be achieved by assigning individual roles with permissions elevated from the second level.
Protocol and Application Permissions
The TCP and IP protocols are necessary for the functioning of a network. DHCP is also required to automatically assign IP addresses to devices entering the network. As the network is likely to be used to distribute learning materials, which may include video and audio recordings, whose transmission is achieved by protocols such as UDP and RTSP. Therefore, these protocols may be allowed, depending on the implementation of the school’s distribution system. No additional protocols should be operating within the WLAN. As for applications, unless the school utilizes proprietary software, all necessary interactions within the network can be achieved through a general-purpose Web browser.
PDA Policy
Personal Digital Assistants (PDAs) are not a device commonly in personal used today. Most of their functionality has been superseded by smartphones or digital tablets. Thus, resolving any additional security issues associated with them would likely not be cost-effective. Therefore, PDAs should generally not be allowed to access the school’s WLAN. However, it is possible for school-issued PDAs to be used in the education process. If that is the case, only such PDAs should be allowed.
Data Classification Plan
Based on the descriptions above, a context-based data classification would be the most appropriate to this environment. The user accessing or modifying the data is the key attribute determining its sensitivity level, with the interface used to access or modify it as a secondary qualifier. Data can be divided into general (public), internal, and confidential sensitivity levels as follows (Khani, et al., 2018).
It can be safely assumed that students need no modify access to any data except their assignments, and no access to confidential data from within the WLAN. As such, the write and modify access is generally heavily restricted within the network.
References
Khani, P., Sharbaf, M., Beheshti, M., & Faraji, S. (2018). Campus network security: Threats, analysis and strategies. 2018 International Conference on Computational Science and Computational Intelligence (CSCI). Web.
Kizza, J. M. (2020). Guide to Computer Network Security (5th ed.). Springer.