Center for Digital Education & Converge: research in education technology for K-12 and higher education

Mobile Devices Prompt Districts to Consider Security Measures

on December 19, 2011

As students and staff bring more mobile devices on campus, IT administrators figure out ways to allow the devices on their network without compromising security.


Users behave better when they authenticate on district networks

A number of teachers and administrators at Duval County Public Schools in Jacksonville, Fla., wanted to buy tablets. And the IT staff needed to support them. So Information Security Manager Jim Culbert asked vendor M86 to provide a solution that would give tablets the same level of authentication and monitoring that other devices have. In December, the company announced a new version that would solve that problem.

When the new Web filtering and reporting suite 4.2 became available, Culbert beta tested it against the iPad, different Android tablets and Windows 7 tablets. Once a user launches a website, the system asks for a user name and password. It checks the user name and supplies a profile based on who that person is, whether a principal, administrator, teacher or student.

The system also allows him to set time limits on log-ins. Principal log-ins last a week. Staff member log-ins last for a day. Students have to log in again after their class period of 90 minutes is up.

Previously, the district had a flat profile for the district where everyone got the same level of Internet access. Now that it switched to user authentication, it bases the level of access on who you are and ties it to the active directory. That's caused a huge reduction in attempts to access inappropriate materials and a big gain in the education category.

"My point to everyone always is having all users on your Internet both authenticate and be monitored cuts down on both your bandwidth utilization and also the inappropriate use of your network," Culbert said. "People behave better."

As Henry County Schools considers a bring your own device initiative, the district staff members are working on how to manage the devices from a security standpoint, said Matt Thompson, network specialist at Henry County Board of Education in McDonough, Ga. The challenges they face include managing Internet surfing so that secure filtering is in place at different levels for students and staff.

"We just want to make sure it's secure and functions properly for the end user, and they get a good experience."

With the current iBoss filter, the district has filtering levels for principals, students, teachers and administration in the board office. Thompson tested the iBoss solution for mobile devices on an iPad as a possibility for the district to use. In September, the company announced that it now allows users to authenticate from any operating system. 


2 wireless networks make a difference

Currently Henry County Schools has one flat network, but as it discusses a potential bring your own device initiative, it's considering segmenting different networks off.

Paso Robles Joint Unified School District in California already has two different wireless networks, one for district equipment and one for personal electronic devices, said Scott Knuckles, director of Information & Technology. He recommends that other districts do the same when starting a bring your own device initiative as his district did in August.

"Basically we've become a Starbucks of schools, but we are still CIPA compliant and use our Lightspeed system to do that," Knuckles said.

Students authenticate with their normal ID and password, and their activities are monitored. Staff get a trusted/verified status, so they can override the filter. Their managers get override reports every day showing site access like Facebook and YouTube.

On the student side, the student information system works with the filter so that when students or parents log in, they can see student attendance, gradebooks and where they've been on the network that day. That cut out 90 percent of the incidents where students went to inappropriate sites or searched for inappropriate terms, Knuckles said. 

If people log on with district devices, they can use internal network resources. If students and staff log on with their own devices, they can get to the Internet, school email and files in cloud storage. If someone logs on with a rogue machine, that person goes to a separate VLAN that will only send them to the Internet and won't give them access to devices on campus.

Students have been bringing in smart phones, tablets, e-readers and laptops from all kinds of operating systems. One morning at a high school of 200 students, 175 students were on the network at 9 a.m. with mobile devices.

"For the first time in my career, I'm able to say 'Yes, our network's agnostic to any device you want to use.'"

And those devices promote group collaboration and learning practices, Knuckles said.

"Anything about mobile learning, if it's school supplied or bring your own device, we truly believe that it's not a technology goal, it is a learning goal, and it is transforming education."

You may use or reference this story with attribution and a link to

If you enjoyed this story, subscribe for updates.

View Sample

Tanya Roscorla

Tanya Roscorla covers education technology in the classroom, behind the scenes and on the legislative agenda. Likes: Experimenting in the kitchen, cooking up cool crafts, reading good books.



Add a Comment

Add a Comment

on Feb 28, 2012
Its just too bad that none of the above mentioned solutions effectively block against newly launched anonymous proxy sites. That should be a lot more concerning than anything else. Whats the use of having a web filter in place if users can easily bypass the filter with anonymous proxy sites??
on Apr 25, 2012
why do you need to block, the site only gives information about the games and hints how to do stuff it makes no sense to me why you block it