NFV will be moving to 802.1x TLS based network authentication. What does this mean for you? Not much!
The Changes
When the changes take place there will be one WiFi network in all of the buildings with an SSID (the network name you see) of NFV. Instead of using a password to connect, your device will use a certificate to authenticate. This keeps district-owned devices on the internal network, and personal devices off of the internal network. This increases security and limits the potential spread of malware and viruses if they were to occur.
Keeping staff devices off of the internal network.
When we started putting personal staff devices on the guest network, the most common thing we heard was, “…but I’m not a guest!”. While you might not be a guest, your device is. District-owned devices have a level of visibility that we can’t obtain with personally owned devices. We can see what is on district-owned devices and continuously look for any malicious activity. They are limited in what they can do, and, for a lack of better terms, they have been locked down to help prevent and malicious activity. Because of this visibility, we are able to automatically remediate or alert on any problems we may run into. Something we cannot do with personally owned devices.
Connecting personal devices with the new system.
With the new system, we have a way to incorporate adding BYOD (Bring your own device) devices to the network securely. Simple visit the portal with your device, authenticate with your email and follow the instructions provided. A certificate will be installed on your device that will give you access to the network. We’re creating a separate network for staff devices and a separate network for student devices. This will help keep your devices secure and separate them from any guest devices. To start, BYOD devices will only have access to the internet. As time goes on we may allow access to other services, like printing and airplay to Apple TVs.
Behind the Scenes
With all the talk about security, you’re probably thinking, “Why would they put everyone on one network, isn’t that less secure?”. You’d be correct. While from your perspective it looks like there is only one network, behind the scenes there is still a student network, still a teacher network, still a valley network, and many others. When your device connects it will automatically be placed on the correct network behind the scenes, even though it looks like everyone is on the same network. This segmentation is important because we can control what kind of network traffic, if any, is allowed to communicate between the different networks. That’s why printing doesn’t work if you’re on the guest network. We don’t want anybody on our guest network to have access to any of our internal systems, so we only allow devices on the guest network internet access.
In the roadmap above the blue represents when we will start pushing out the NFV network for each district. Yellow is when the guest network changes will be made. Red is when the old wifi networks will be removed from each building.