Web Filtering and BYOD

Recreational Web Filtering: Safer Surfing Outside of School Hours

Allowing students to connect their own smartphones, tablets, and laptops to the school wireless network is becoming a standard in today’s schools.

This is also relevant to boarding schools that have a need to provide recreational internet access out of school hours. Students’ own devices still need to be authenticated and filtered so that school IT administrators know who is using which device and in order for the appropriate filtering to be applied.

A combination of two key technologies within Smoothwall Filter make this possible – Transparent Filtering and 802.1x BYOD Authentication.

How Transparent Filtering Works

Transparent filtering only has a small configuration requirement on each device so that it “speaks” to the filter – all network traffic that passes across the Smoothwall Filter is automatically filtered, and after installation of the HTTPS filtering certificate, the secure traffic can be inspected.

How 802.1x BYOD Authentication Works

802.1x BYOD authentication is an advanced form of network-level authentication. It is possible with Smoothwall Filter to implement authentication – similar to connecting to a hotel or conference Wi-Fi – where the user’s details are input to a web page in order to authorize and allow them to connect to Wi-Fi.

However, having to frequently re-enter credentials can be frustrating for users who connect daily to the network.

802.1x on Smoothwall Filter works in combination with an enterprise wireless network to authenticate the user when they connect (often using WPA2-Enterprise security) and stores these credentials on the device.

The device will then automatically reconnect to the wireless when in range and provide the credentials without any action needed by the user.

Authentication and Filtering on Student’s Own Devices

Step 1 – Student connects to the school’s wireless network.

Web Filtering + BYOD - Diagram showing students connecting a laptop to school's wireless network

Step 2 – The wireless network sends back an authentication request and the client provides username and password credentials.

School Web Filtering + BYOD - Wireless network sends back authentication request

Step 3 – The wireless network validates credentials with a directory service (i.e., Active Directory) using the RADIUS protocol and receives an acceptance message from the directory server indicating the credentials are correct.

Step 4 – The wireless access point allows the device to connect to the network, an IP address is assigned to the device, and Smoothwall is informed of this new connection.

Step 5 – As the user browses the internet, traffic traverses the Smoothwall Filter. The filter knows which filtering policies to apply and with whom to associate the traffic based on the IP address equaling a specific username.

Step 6 – Periodically, the wireless network automatically sends an update to the filter to let it know that the user is still connected.

Step 7 – When the user disconnects, the wireless network sends a stop message to the filter, so that it knows to no longer associates that IP address with the student.

Interested in discussing how to implement BYOD web filtering for your school or district?
Click here to contact us with any questions you have or here to schedule a demonstration of the only content-aware web filter solution for schools.

Web Filtering and BYOD

Recreational Web Filtering: Safer Surfing Outside of School Hours

How Transparent Filtering Works

How 802.1x BYOD Authentication Works

Authentication and Filtering on Student’s Own Devices

Further reading

We think you’re visiting us from the US. Would you like to visit Smoothwall's US site instead?