macmon Network Access Control in education
Online learning platforms, video conferencing applications, virtual classrooms and digital libraries are tools, that are in daily use since the COVID-19 pandemic, making secure remote access particularly important in the education sector. Пri largenumber of learners and diverse (unmanaged) devices, educational institutions should think aboutprotecting their internal networks and the flow of information. Specific buildings and areas need to be able to provide direct and secure access to schools’ internal networks and online resources. Secure and controlled access to the”Guest” network (for smartphones, tablets, laptops, and PCs ) is also necessary.
As the number of network users increases, so do the opportunities for cyber attacks. Data in the education sector is extremely sensitive. Networks of educational institutions should be secure spaces for collaboration. macmon secure, part of Belden, provides the basis for innovative, future-oriented security concepts. Endpoint and user compliance requirements can can be met with the network access control solution – macmon NAC.
What are the benefits for your educational institution?
- A comprehensive overview of all managed devices and connections.
- User-based licences, on attractive terms, especially for the research and education sectors.
- User and device-based network access control covering the entire educational institution.
- Flexible Guest portals and convenient learner device management (BYOD).
- Each user can use multiple end devices.
The solution NAC, of the German company macmon, using the existing network infrastructure, with which communicates mainly via SNMP, but also through the via HTTPS, RADIUS и API protocols. The solution is software-basedbasedThe system offers a virtual appliance and provides the following functions:
- User-friendly graphical environment based on web technology.
- Network switch communication and management - allows mapping of network elements, configured VLANs, and connected devices, including their MAC addresses.
- Map and display MAC - IP and DNS names by reading ARP tables from active L3 elements (routers, FW), and from DNS and DHCP servers.
- Authentication of consumers and devices by communicating with AD or LDAP directories.
- Check the data of the connected devices via WMI, SNMP, or by scanning them.
- Custom access control (authentication and authorization) based on configured rules, by sending commands to the switch, via SNMP protocol, or by providing services to the RADIUS server under 802.1.
- Log all events.
- Isolation of connected devices based on information from integrated AV systems, network behavior analysis systems, DLP and SIEM systems, or vulnerability detection systems.
- A "self-service" portal that allows users to register their devices, and connect to the network according to predefined rules.
- Guest web portal (Captive portal) - allows controlled connection of guests to a "Guest" network by recording and logging these events.
The decision to control the network access of macmon foreducational institutions offers a high degree of automation and ease of use. It includes the following components (inthe educationаlinstitution diction ary):
- Pupils’ attendance in the class book - records the exact time and location of each device that connects or disconnects from the network, and archives these events.
- Strict janitor (standing at the entrance of the school and checking that only students who have classes at that time and current professors enter) - controlling access to the network based on written rules.
- Hallway (for visitors before being picked up by the person in charge) – a web portal for visitors who the school wants to allow, for example, to connect to the Internet, but at the same time securely isolate them from the school’s actual network. For after-school hobby clubs, parents, etc.
- Self-study – the possibility for students (all students or a selected group) to authorize their own devices (tablets, smartphones), which the school will allow them to use for educational purposes or hobby clubs according to predefined rules (time, space, etc.). Here, unlike in the “hallway”, the identity of the user is well known and verified, which allows to extend the parts of the network which the student may connect to (e.g., computer lab).
- School layout (division of the building into floors, individual classrooms, cabinets, staff room...) – the solution will allow to divide the school network similarly so that it is possible to give “keys” to individual rooms only to authorized users without requiring a skilled administrator. In networking terms, this is called “network segmentation”, which is an important means of achieving overall cybersecurity.
- Class teacher (who, based on information from colleagues, ensures the isolation of the student with a temperature, and calls his/her parents) – the Compliance module communicates with the surrounding network systems and at their prompt isolates the devices in the network, e.g., when an infection is detected by the antivirus system, and informs the responsible person. After this threat is resolved, the device connects to the network.
macmon Guest Portal (BYOD)
Learners can register and manage their personal devices through macmon‘s Captive Portal using a single username and password, or even an existing Active Directory user. In this way, educational institutions can monitor managed device and user connections without requiring administrator intervention. Access can be assigned to each user or group depending on location. Access rights are active as long as the user account is valid. The solution adapts graphically to the respective institution, regardless of the LAN and WLAN structure or the hardware used. Outstanding flexibility is ensured thanks to the fully developed role concept. With a simple interface, macmon NAC with Guest Service and BYOD portal is suitable for any institution.
Due to the complexity of devices and the diversity of users, macmon offers a licensing model, . While the number of devices is important for administrative institutions, a flexible user-based licensing model is proposed for educational institutions. Each user can work with multiple devices, using a registration portal with a simple interface.
Technology Partners
