Keeping students safer with Cisco Meraki’s end-to-end security

Education IT teams are tasked with not only keeping the network secure, but also with protecting end user devices and ensuring physical safety.

Today’s students are used to seamless connections on campus and in the classroom and are always connected. And while they are preoccupied with completing online school assignments or video chatting with friends, there’s an entire network on the backend making this all possible, which they’re probably not aware of. Schools and colleges are tasked with not only keeping the network secure, which is challenging enough on its own, but also with protecting end user devices and ensuring physical safety of students. All of these serious responsibilities, paired with limited resources, create a challenge for education IT teams.

So how do you protect endpoints, networks, and students, all at the same time?

Cisco Meraki is uniquely positioned to help education IT teams do just that. With solutions that span all three areas, you can ensure student and staff devices are secure, the network is safeguarded from vulnerabilities, student data is protected, and everyone is safe walking around campus — all from one, easy-to-manage location. Below are a few examples that illustrate what Meraki endpoint, network, and physical security can do for your school:

Endpoint Security

As 1:1 programs continue to grow and students bring more devices to campus endpoint security has become increasingly important. With an endpoint management solution, you can protect students of all ages from seeing inappropriate content, accessing blacklisted sites, and downloading unknown applications by using content filtering, group policies, and advanced malware protection. If a device is lost or stolen, especially one holding sensitive information, you can easily identify its location and retrieve it or remote wipe its contents. Most importantly, by protecting all of the devices that students and teachers use every day, the network can remain secure from common endpoint security vulnerabilities.

Network Security

Nearly 80% of headteachers believe their school faces and increased risk of a cyber incident and schools are becoming regular targets for cyber attacks. Cyber criminals often gain access to private student data or important research, and threaten to share this sensitive information. The first line of defence comes by creating group or user-based policies for students, teachers, and staff, and restricting who can access various parts of the network. With integrated intrusion protection and malware scanning, users can easily stop malicious threats and files before they enter the network while prioritizing trusted educational applications with Layer 7 firewall and traffic shaping rules. With increased network visibility, you can track and shut down rogue access points, set up email alerts when rogues are detected, and contain rogue SSIDs, AP spoofs, and packet floods. Most importantly, with Meraki’s cloud-managed MX solution, you can ensure the latest firmware updates are pushed to the network automatically to guard against the latest security threats and vulnerabilities.

Physical Security

Schools are tasked with providing safe learning environments for all students and teachers, without fear of trespassers, poor behaviour, or unforeseen incidents. With smarter security cameras, you can quickly identify when a person is where they shouldn’t be and view video analytics of school activity to identify high-risk areas. You can also help deter threats and incidents with the ability to quickly search recorded video and easily share with parents and law enforcement. With granular access controls and visibility from any Internet browser, teachers, principals, chancellors, and even the fire department can view groupings of cameras, or a single camera, and act accordingly. Plus, with video data encrypted at rest and during transport, you get even more protection against cyber threats.

With the perfect blend of endpoint, network, and physical security, we partner with Cisco Meraki to help provide the safest environment for schools and colleges. We can help you manage all of your security solutions from a single, web-based dashboard so you can simplify device, network, and security camera management through remote configurations, video monitoring, and application deployments.

In addition to wireless and switching, we can provide complete Meraki security solutions including smart cameras and IoT sensors so for your first line of defence, contact us today.

Apple’s newly released operating system, iOS 11, has some impressive features which are likely to prove popular with Apple customers – one of the most notable is WiFi sharing. This feature works in conjunction with the WPA2-PSK authentication system and depends on the NFC (Near Field Communication) technology that is built into all of Apple’s devices.

What is WiFi sharing? 

Using WiFi sharing is straightforward. All that is required is to hold your Apple device close to the device of the person you want to share with and ask them to connect with the wireless network that you are currently connected to. At this point, the other device will give its user the option of sharing their WiFi password. If this option is taken, then in future this device will automatically connect to that network and no further configuration will be required.

What problems could this create? 

It sounds great for private users, but it isn’t too hard to see how WiFi sharing could be a major problem for IT supervisors working in organisations or enterprises, as it opens up the risk of someone in your organisation sharing their PSK with outsiders. Fortunately, there is a solution known as Private Pre-Shared Key or PPSK.

How will PPSK help?

The PPSK technology in Aerohive products is built on WPA2-PSK. It gives your IT administrator the power to create and to revoke thousands of unique Pre-Shared Keys (PSKs) to individuals within your organisation using the same SSID.

PPSK is extremely secure and straightforward to run and gives you two methods of controlling exactly who is using your organisation’s WiFi network:

1. Control access by limiting PPSK associations to one client per PPSK. If a new or additional device attempts to gain access by using the WiFi password or through WiFi sharing, it will not be authenticated and access will be denied.

2. Mac Address Binding links a PPSK to a specific individual’s MAC address. If another device attempts to gain access using the PPSK password, access will be denied if that device does not have a matching MAC address.

Apple products are much-loved and there is no doubt that the WiFi sharing capability in iOS 11 will be well-received. By setting up a secure Aerohive WiFi system, you can ensure that your enterprise enjoys the benefits of WiFi sharing without taking undue risks with security.

Find out more by speaking to us at Redway Networks today or watch this short video on Aerohive’s PPSK.

Ever since wireless connections became an everyday way to access information, those connections have been at risk from piggy backers. The term describes users who, intentionally or not, connect to another user’s network without their permission or knowledge.

Wireless internet connections can be secured to prevent unauthorised access; however, careless or inexperienced network operators may still leave their wireless internet unsecured and open to intruders.

In the UK, a recent report by Santander found that increasing numbers of UK users were accessing their neighbours’ wireless connections to avoid the cost of paying for their own. Meanwhile, in the US, there have been occasional instances of arrests and fines for piggy backers, although most occurred several years ago during the infancy of widespread WiFi usage.

Free internet hotspots are available in many locations and are not technically open to piggy backers, as free access is deliberately granted. However, instances of misuse involving such hotspots have served to demonstrate the risks associated with the unsecured internet access gained by piggy backers. Liberal usage of public WiFi can result in the accidental sharing of sensitive information, particularly if the website has an unsecured protocol such as HTTP rather than HTTPS.

The term piggybacking can sound relatively innocent and childlike although it may shock some users to hear that such behaviour is technically classed as unauthorised access to a computer network, which is even considered a felony in some American states. While not all instances and regions share the same rules around piggybacking, many have similar charges that can be brought against users who accidentally or deliberately connect in this way.

Depending on the network accessed and the information exchanged, piggybacking can be either completely inconsequential or a punishable offence. However, it remains relatively easy to commit by accident. Many laptops will connect to access points without their users being aware. This is especially likely if the access point has a strong signal. For reasons such as this, there are regions that have opted to place blame on the network owners, rather than those who gain access, when piggybacking occurs. Changes in the law have been made in some areas but it has done little to curb instances of unauthorised access. Despite the risks and the penalties, piggybacking remains an issue, which means it’s best to use a secure access code. Contact Redway Networks to see how an Aerohive solution can manage access to your WiFi.

There’s no doubt that a WiFi network can have huge advantages for educational facilities and business enterprises alike. However, with an increasing number of cyber attacks on networks across all sectors and industries, making your WiFi network secure is a priority.

Here are some simple tips on how to make your wireless network unbreakable.

Use WPA2 encryption

Even without sophisticated hacking techniques, older security options like WEP can be very easily accessed. Be sure to select WPA2 from your wireless system configuration screen; it’s the latest security algorithm and is much more secure than old-style WEP.

Choose a robust password

Even the best encryption schemes can be compromised by hackers using automated bots that try billions of possible passwords.

The computing power required to break a password that is longer than 10 characters cannot generally be realised, so choosing a long, complex password is essential. A random mixture of numbers, letters, and characters should make it virtually uncrackable.

Avoid using standard SSIDs

Many wireless routers have a default wireless network name (SSID). This is used as part of the password by the WPA2 encryption. You should change this password to prevent hackers from using look-up lists for common SSIDs, which speeds up the hacking process. A custom SSID dramatically reduces the chances of your WiFi network being hacked.

Alter the range of the transmitter

Most modern access points have multiple antennas and transmission power, allowing the signal to reach far beyond the perimeter of the building they provide WiFi access to. Adjust the range of the signal by changing the transmission power to limit the signal’s range. This will make it much harder for hackers to pick up the wireless signal and work on hacking into the network.

These tips will provide you with a good starting point when it comes to making your enterprise or educational facility WiFi secure. It’s also important to bear in mind that consumer security products are generally much less effective than enterprise solutions.

For more advice and information on Aerohive and on ways to keep your WiFi network secure and unbreakable, Contact our WI-FI experts or visit our site for more details:

If you are bringing wireless technology into your business premises or educational facility, make sure you take steps to protect all users and devices on that network. Prevent security breaches, reduce network faults, avoid downtime and cut the cost of network monitoring: managed IT services are just one of the ways you can do this. Take a look at the tips below and improve your open network safety.

Managing open networks safely

Open networks are necessary for businesses and in schools. Many people need access to internet services at any given time, and having individual wired ports for everyone would be impractical. Wireless signals can be picked up all around the building, are perfect for tablet work and for using other mobile devices, and they allow internet services to be used away from computer rooms and desks.

However, open networks are also a security risk, unless they are properly monitored and protected. Managed services and round the clock tech support are just some of the ways you can outsource your security. Moving data to a secure cloud is a good way to prevent data breaches, along with encrypting log-ins and maintaining password protected areas on your network. Take a proactive approach against attacks with monitoring software.

Security awareness and network education

Schools and education facilities which use Aerohive will be able to benefit from its mapping and RTLS services, which can locate any linked device on the network with a good degree of accuracy. With youngsters prone to misplacing things (or hiding them from others) this locate tool can save a lot of time and tears. It also plays a vital security role. As well as being able to highlight theft, often identifying the culprit and having the device returned in the process, it can be used to track unauthorised devices which access the network without permission.

It is also crucial that your staff and/or students are taught about device access and safe use of the internet. Open Wi-fi systems allow for the connection of personal devices, especially if you operate a Bring Your Own Device policy. Make sure the risks are outweighed by the benefits: take advantage of our security and BYOD management services, designed to keep your network safe even when personal devices are used to access it. Contact us today if you need more information or watch the video about PPSK on:



Join our WiFi security roundup and see how to avoid the top 5 deployment mistakes that leave managers and their networks open to compromise.

Qualified attendees will also receive a free .11ac Access Point and switch, to see a different solution for themselves.

As employees at all levels default to WiFi to access the corporate network, controlling who can join – and what they can do – has become business critical. The rise of low sophistication ‘things’ also rapidly increases the attack surface – with rising popularity of IoT hacks.

So how do different security models stand up to this new reality, and how secure is your connection? Bring your questions and join our Systems Engineers to cover:


Register For Webinar