Posted on 12-22-2014 10:33 AM
I am having security issues with students. We had a student scan our network with an android device and basically hacked the password for our Staff network it only took three days using this program. We currently have a hundred students on our staff network in the matter of days. I am inquiring if there is a way to make it so our student iPads cannot connect to our staff network. Are there some sort of certificates I can send out? Any ideas greatly appreciated!
Posted on 12-22-2014 10:55 AM
Your should have completely separate networks for public versus internal. This will shield you from attempts such as this. Higher end routers and access points can allow access to separate networks at the same time and for additional security you can add certificate based authentication for internal networks. If you want to be completely protected, don't allow any wifi for internal networks and have MAC address filtering for all ethernet ports. Hope this helps!
Posted on 12-22-2014 10:57 AM
A quick solution will be MAC address filtering. Assuming you have all the staff iPads in the JSS it will be easy to export a list.
The longer term solution may be WPA2 enterprise authentication which can use certificate based authentication.
Posted on 12-22-2014 11:11 AM
You need to find out why they were able to get the staff network password. Are you using WEP, which is easy to crack?
I don't believe there's a way to stop an iPad from trying to connect to a particular network if the user wants to.
MAC address filtering won't protect you. You can't change an iPad's MAC address but if they are bringing in outside devices then they could change it on that device, a laptop or Android device.
Unless you find out how they got your password, or an educated guess to how, you're not going to protect yourself.
Posted on 12-23-2014 07:31 AM
Use a different authentication scheme for the staff network than the student/public network. e.g. 802.1x for Staff, WPA2-PSK for students/public.