RADIUS Improvements

For effective safeguarding, it is not enough to just filter the internet. Identifying which user is responsible for each web request is extremely important, as this allows for filtering to be tuned to the individual users, and for reports to be used effectively to address abuses and concerns with the individuals involved.. The Department for Education's draft Keeping children safe in education: Statutory guidance for schools and colleges document emphasises the importance of this:

75. As schools and colleges increasingly work online it is essential that children are safeguarded from potentially harmful and inappropriate online material. As such governing bodies and proprietors should ensure appropriate filters and appropriate monitoring systems are in place. Children should not be able to access harmful or inappropriate material from the school or colleges IT system. Governing bodies and proprietors should be confident that systems are in place that will identify children accessing or trying to access harmful and inappropriate content online.

The Iceni web filter has always been designed around the principle that users must be identifiable wherever possible, and uses a multiple technologies to achieve this aim. It is also necessary to provide a transparent non-intrusive user experience, allowing the user to get on with their work. When it comes to mobile technology, these requirements are often at loggerheads, but integration with the school's WiFi system provides an excellent resolution. Last year we added a RADIUS accounting server to Iceni, which allows WiFi controllers to pass information to Iceni. The single signon system offered by this level of integration eliminates almost all of the user identification headaches when it comes to mobile, tablet and BYOD devices.

However, whilst most of the WiFi systems can use a technique known as DHCP snooping to collect the information required by Iceni, a few systems cannot do this and therefore are unable to provide Iceni with the user's IP address (Framed-IP-Address). Without the Framed-IP-Address attribute, Iceni is unable to use the information provided by the WiFi controller. We are now testing a new update to our RADIUS accounting system, which addresses this problem. With this update, it is now possible to use a WiFi controller which does not include the Framed-IP-Address so long as it has a layer 2 connection to the Iceni web proxy.

Not only do these improvements help Iceni web filters to integrate into existing networks, but they will enable schools to save money by buying lower cost WiFi systems where appropriate.

The new version is currently in the beta testing phase and being used in two schools. All being well, we expect to release this to all customers in the next week.