One of the most important aspects of a schools internet service is it’s security. Advanced threat protection and customisable web filtering should be a given with any security solution, but unless your able to deploy that security in the school across any device, and with a minimal amount of effort, it quickly becomes ineffective, leading to breaches in security.
At Virtue, simplicity is our mantra – you have complete control over all the security features you need in one place, with none of the complexity. To strengthen and simplify the security of our internet solutions we’ll be delivering the following enhancements to the Unified Threat Management (UTM) Appliances installed as part of our internet solution.
Transparent Single Sign-on
All the possibilities the internet provides makes it difficult to ensure end users exercise great judgement about where they are browsing, hence we deploy filtering in our schools – this can be as simple as blocking the seedier side of the internet, or limiting browsing to education-related content. However, the Sophos UTM makes it simple to enforce a range of different policies for different users. For example, you can manage what students can access whilst still enabling teachers and staff some leeway to make use of important sites.
These user-based web policies aren’t new, however, they have been known to come with headaches. During the planning stages, we discussed with customers their experiences and how they can be improved. The main issue that rang out was having to install a User Agent on all endpoints to enable enforced user-based policies. Therefore, Sophos engineers have come up with a truly simple solution: transparent single sign-on.
The transparent single sign-on works by transparently communicating with the browser to authenticate with the UTM in the background, without impacting the user. The browser sends the user’s AD credentials with the UTM recording the traffic and applying the right policy on a per user basis , with no extra software agents.
Another challenge we’re seeing in our schools is enabling the safe use of mobile devices. Staff and students want to bring and use their own smartphones and tablets at school.
Whilst the Sophos UTM recognizes iOS, Mac, Blackberry, Android and a range of other device types unfortunately these devices can’t always make use of the same authentication protocols as PCs. Within a school, you may wish to ensure users go through a log in page before browsing to ensure security is maintained. Previously, the only option for this would be segregating various devices into different subnets, or even different Wi-Fi networks. However with BYOD rapidly becoming the norm, this approach was becoming outdated.
Upcoming changes to the UTM will analyse network streams and quickly tell what device it’s originating from. By recognising different fingerprints in the network stream, it can differentiate a Windows PC from an iPad or an Android device from a Mac. This can then be used to specify different authentication options for each device, without having to re-structure the network.
Transparent single sign-on and device-specific authentication are just two of the many features that help ensure the protection of your staff and students with our internet service. We’re currently testing the new functionality in our lab and as soon as that’s complete the service department will be in contact with all our customers to schedule the upgrades.