The U.S. Dept of Education suggested in their 2010 National Technology Plan that schools begin to implement BYOD programs. But, a data security plan must be put in place for a BYOD program to be successful. Find out how Sophos UTM Wireless Protection can protect your school's network.
For more on Sophos UTM, visit: http://bit.ly/ULoBZV
1. BYOD - protecting your school
Prepare your school’s network with Sophos UTM Wireless Protection
2. Agenda
Q&A What is
BYOD?
How Sophos BYOD
UTM can help
Agenda Benefts
BYOD
Concerns & Preparation
Considerations
2
3. What is BYOD?
• General term which may mean different things to
different people
• Big topic that covers more than just technology
• Most people agree it means allowing personal devices to
access business networks
• Also used to describe programs where equipment is
provided (1:1 initiatives)
• BYOD concerns relate to both policy and infrastructure
• Today, we’ll focus mostly on infrastructure concerns
3
4. BYOD Benefits to Schools
Why the trend?
• U.S. Department of Education suggested BYOD in 2010
National Technology plan
• http://www.ed.gov/technology/netp-2010/executive-summary
• Technology may enhance:
• Creativity and Innovation
• Communication and Collaboration
• Critical thinking, Problem solving, Decision-making
• Present concept of Digital Citizenship
• Tech skills are essential for modern life and business
• BYOD may save money
• On equipment, apps, and management
4
5. BYOD Preparations
What should you be thinking of if you’re planning a BYOD initiative?
• BYOD Policy
• What are we trying to accomplish?
• What’s acceptable use for equipment and network?
• Infrastructure
• What do we need to support the policy?
• Do we have the proper equipment or do we need to purchase?
• Impact on community
• Are teachers prepared to use and maybe support devices?
• Privacy concerns, can all students afford devices, do parents
support, etc…
5
6. BYOD Infrastructure Considerations
The Network
• How many new users/devices are you adding onto your
network? Twice as many? 3 times?
• Will your current network handle that traffic?
• What are the security risks? (How can we ensure that
Guest and/or BYOD traffic is segregated?
• Will current network and web security solutions be able
to support BYOD policy?
• How much extra work is this going to be for IT staff?
6
7. BYOD Infrastructure Considerations
The Network
• Network & Web Security equipment should provide (at
least):
• QOS functionality to shape bandwidth
• Content filtering to enforce CIPA
• Application Control (Next Generation Layer 7 Firewall)
• Ability to scale as demands increase
• Reporting
7
8. BYOD Infrastructure Considerations
Your Wireless solution and its capabilities
• Does it support multiple SSID’s (wireless zones)?
• What security policies does it offer?
• What levels of encryption does it offer?
• How easy it is to add capacity?
• What are the Guest capabilities?
• How much work for staff to deploy and manage?
8
9. BYOD Infrastructure Considerations
Your Wireless solution and its capabilities
• Wireless Solution should provide (at a minimum):
• Multiple Wireless Zones
• At least WPA2 encryption
• Ability to integrate with security solutions
• Usage reporting
• Guest Options
9
10. How can Sophos help with BYOD?
• Sophos Mobile Device Management solution
• Sophos Endpoint protection for Laptops
• Sophos UTM Wireless Protection
10
11. Sophos Wireless Protection
• Easy deployment of Access Points
• Simple setup and management of zones
• Enterprise level encryption
• Configurable Guest options
• Integrated protection via UTM security suite
• Easily scales to meet increased demand
11
12. Sophos UTM Wireless Protection
Components
Now also
available
Sophos AP 50
12
13. Sophos AP 10 / AP 30
Plug and Play Access Points for classrooms
AP 10 AP 30
• Up to 10 users • Up to 30 users
• 150 Mbit/s throughput • 300 Mbit/s throughput
• 1 x 10/100 Base TX • 1 x 10/100 Base TX
• IEEE 802.11 b/g/n • IEEE 802.11 b/g/n
• 1 x detachable dipole antenna • 3 x internal antennas
• Power consumption: < 8 Watt • Power consumption: < 8 Watt
• Desktop/wall mounting • Desktop/ceiling mounting
• Power over Ethernet (IEEE 802.3af)
PoE-Injector included!
13
14. Sophos AP 50
Plug and Play Access Points for common areas
• Dual-band/dual-radio access point
• IEEE 802.11 a/b/g/n support
• Support for up to 50 users
• 300 Mbit/s throughput
• 1 x 10/100/1000 Base TX
• PoE+ compatibility (IEEE 802.3at)
• Power consumption: < 10 W
• 2 x 2.4G/5G detachable antenna
• Desktop/wall mounting
PoE-Injector included!
14
17. Guest Portal Hotspot support
Most flexible UTM based
Hotspot solution
• Manage temporary Internet
Access for guests
• Options for:
Configurable Usage agreement and
logos
Automatic ‘Password of the day’
Quota’s on time and usage
Part of UTM Wireless Subscription
17
18. Flexible access for the entire organization
Sophos Access Points can be placed anywhere in your organization.
Easily create multiple separate wireless zones.
18
19. Advantages
Sophos UTM Wireless Protection
Easy installation and management
• Centralized configuration (all work done via UTM GUI)
• Plug and Play Access Point simplify deployment
Secure and reliable
• Integrated UTM security for wireless devices
• Best protection for wireless connections (separate zones, isolate client
connections, configure quota’s)
Flexible access
• Easy Internet access options for guests
• Multiple SSID support for varying levels of access
19
20. Integrated security
Once connected to the UTM easily integrates with other security features
Strong Encryption
Sophos UTM
Integrated UTM Security
20
21. UTM Security features
Optional Subscriptions provide the security features you want
UTM Endpoint
Protection Antivirus
• Antivirus
• HIPS
• Device Control
UTM Wireless UTM Network
Protection Protection
optional
• Intrusion prevention
• Wireless controller Essential Network • IPSec/SSL VPN & RED
• Multi-zone (SSID) support Firewall • HTML5 VPN Portal
• Captive Portal • Reporting
• Stateful firewall
• Network address translation
• PPTP/L2TP remote access
UTM Webserver UTM Web
Protection Protection
• URL filter
• Reverse proxy • Antivirus & antispyware
• Web application firewall UTM Email
• Application control
• Antivirus Protection
• Reporting
• Anti-spam & -phishing
• Dual virus protection
• Email encryption
21
22. Sophos UTM fit any size network
Hardware Multiple
UTM 110/120 UTM 220 UTM 320 UTM 425 UTM 525 UTM 625
Appliance + RED
Small Medium Medium Large Large Large Large networks
Environment
network network network network network network + branches
Network ports 4 8 8 6 & 2 SFP 10 & 4 SFP 10 & 8 SFP Multiple
Max.
recommended 10/80 300 800 1.500 3.500 5.000 10.000+
firewall users
Max.
recommended 10/35 75 200 600 1.300 2.000 5.000
UTM users
Software
Appliance * Runs on Intel-compatible PCs and servers
Virtual VMware Ready & Citrix Ready certified
Appliance * Runs in Hyper-V, KVM, and other virtual environments
*Pricing based #IPs/Users
22
24. Staying ahead of the curve
US and Canada
1-866-866-2802
NASales@sophos.com
http://nakedsecurity.sophos.com
Editor's Notes
What is BYOD – BRING YOUR OWN DEVICE- Used to describe the practice of allowing personal technology (laptops, Ipads, phones, etc…) access to privileged resources such as networks and/or data. Allowing personal devices to be used in this manner offers flexibility to the employees and can provide real cost savings to the business. - To ensure that this data is not lost and to ensure employees are using resources appropriately BYOD policies often include the use of Endpoint and Mobile Device Management solutions. This presentation focuses on parts of BYOD that are often of the most concern to educational organizations.
Part of the reason many schools are implementing BYOD programs is that it was suggested by the U.S. Dept of Education in their 2010 National Technology Plan. “The goal is to ensure that every student and educator has at least one Internet access device and appropriate software and resources for research, communication, multimedia content creation, and collaboration for use in and out of school. These devices may be owned by the student or family, owned by the school, or some combination of the two. The use of devices owned by students will require advances in network filtering and improved support systems.”http://www.ed.gov/technology/netp-2010/executive-summary
- In preparing for a BYOD program the infrastructure must be confirmed. Questions concerning roles, responsibilities, acceptable devices, funding, training, and parents’ opinions need to be answered. - Other considerations include goals for the policy, degree of control, and purchasing/supporting of devices.- Lastly, but equally important are, technical, privacy, and security considerations, administrative considerations, and legal considerations.
Some infrastructure questions: Do we need to add new equipment and how much will it cost? How will it connect to my existing systems? If I can use existing equipment does it have the proper features to ensure success? What effect will this new project have on existing network traffic and overall security? Many schools not only have tight IT budgets, but also limited IT staff who are reluctant to open the floodgates and welcome many unknown devices onto their network.
Staff acceptance is another important consideration. Some teachers may be intimidated by new technology, and reluctant to BYOD. A possible solution is to hold an event prior to rolling out BYOD for staff so they could see and touch various devices, (phones, tablets, etc..) and discuss ideas on how they could be used in the classroom.
The Sophos UTM Wireless solution is designed to provide simple, secure wireless connectivity to users. The solution consists of plug and play access points and the Sophos UTM controller.
- This slide shows our Access Points (the AP 10 on the left and AP 30 on the right).- The AP 10 is for up to 10 users with a maximum throughput of 150 Mbit/s. This WLAN solution is directed towards smaller office environments.- The AP 30 is for up to 30 users with a maximum throughput of 300 Mbit/s. This PoE aligned Access Point is available in the design of a smoke detector for a ceiling mount and is directed towards larger office environments.This appliance covers higher requirements for amount of users, signal reach and performance.
3 operating-modes:- Disclaimer-page- Password of the day-WiFi-ticket management
Summary
-Cover small networks and remote locations with up to 10 users to large networks with up to 5000 users.- Software can be also installed on your own servers.- The same set of security applications, including features such as Active/Active Clustering, WAN Uplink Balancing or Active Directory Integration, is available on all Sophos UTM models.- Everyhardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information.- The UTM525 and 625 models offer the highest availability through a redundant hard drive and power supply.