How Ontario schools secure WLANs

A Northern Ontario school board is using wireless local-area networks (WLANs) to allow students and staff to connect to the Internet without cables, but security is a constant concern.

Event:  GovSym – Executive Track will focus on emerging business trends and government IT challenges that are affecting the public sector C-level decision-making process. This track is designed for senior government executives: Senior IT and program executives, CIOs, DCIOs, CTOs, DGs, and ADMs.
 Tuesday, December 1, 2009 – Gatineau-Ottawa, QC


Spread between Sault Ste. Marie, Espanola in the east and north to Hornepayne, the Huron-Superior Catholic District School Board covers an area nearly ten times the size of Prince Edward Island.


Its 5,800 students and 1,100 employees depend on wireless devices, including Apple Inc. Macbooks, to connect to the network over a wireless network using the Institute of Electrical and Electronics Engineers 802.11 standards.


Although preventing hackers from getting in is one concern, the priority is to have an authentication system granting access to authorized users by prompting for a user name and password, said Derek Warmington, the board’s network administrator.


“We want to make sure if you’re a user inside the board’s network you’re legitimate so people outside the board can’t get in,” Warmington said. “It’s a small step but it’s important.”


The board, which has 23 elementary and three high schools, has built its network using power over Ethernet switches from Cisco Systems Inc. of San Jose, Calif. For wireless access, it installed 135 access points, plus MC3000 wireless LAN controllers, made by Sunnyvale, Calif.-based Meru Networks Inc.


To help control access, the board is using eTIPS 5000, a RADIUS server made by Avenda Systems Inc. of Santa Clara, Calif.


“We use it for policy-based authentication against (Microsoft Corp.’s) Active Directory,” Warmington said.


The Avenda eTIPS 5000, which the board installed last July, is also designed to prevent certain types of devices from accessing the network. For example, Warmington said, if teachers decide to bring their own Wi-Fi devices to school, they will not be able to connect to the network.

“I haven’t turned it up to it’s full potential yet,” Warmington said, adding the board administrators have yet to decide whether they want to let students connect using their iPhones.

Warmington said one reason the board chose eTIPS was its price tag – less than $9,000 in total – plus the fact that it needed only one piece of hardware.

“We looked into Cisco boxes. They were fairly pricey and we would have needed two or three to do the same amount of work,” he said. “Avenda was cheap and easy to manage.”

The board does not use 802.11n yet, but uses the 802.11a, b and g protocols.

Price was one important consideration for the Wi-Fi network, which is why the board did not do a detailed wireless site survey for each school, Warmington said.


“If we were to do a wireless survey (on each) site would have been a ridiculous amount,” Warmington said. “It would have been $14,000 per site. We just put in a couple of extra Meru (wireless access points) in each school.”


The board needs to strike a balance between security and accessibility, Warmington said, adding its password policy is not as strict as some government departments.


“You’re talking about a Grade 1 student who’s six years old having to remember a password that’s upper case and lower case and numbers and stuff,” he said. “In the real world, you might have those rules.”


The board’s communications officer, Jim Fitzpatrick, said the information that gets transmitted across the network is not highly sensitive, as most of that is available to citizens who request it under the Freedom of Information Act.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now