E-Safety Wiki e-Responsibility / Technical and Infrastructure - operational considerations
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Finally, you can manage your Google Docs, uploads, and email attachments (plus Dropbox and Slack files) in one convenient place. Claim a free account, and in less than 2 minutes, Dokkio (from the makers of PBworks) can automatically organize your content for you.


Technical and Infrastructure - operational considerations

Page history last edited by Julia Taylor 9 years, 10 months ago

Today’s IT support teams are faced with a difficult balancing act. On one side safe, fast, reliable and flexible services are required to support innovative practice whilst on the other side they are expected to maintain a secure, fast and reliable network.


As attractive as it might seem in order to avoid risk to the reputation of the organisation, locking down the network cannot be the answer. Technology has a lot to offer learners, eLearning; its flexibility, availability, portability contributes to the personalisation of their learning and support their engagement and acheivement. It also has a lot to offer the organisation in terms of meeting their obligations to deliver learning equitably and to exacting standards within ever more challenging financial constraints. 


Infrastructure- maintaining the network and beyond

From an infrastructure standpoint e-safety is closely related to aspects of network security, such as:

  • protecting the network from external threats and malware
  • preventing access to inappropriate content
  • ensuring integrity and confidentiality of data
  • monitoring activity to detect inappropriate behaviour

The following sections will discuss these aspects in more detail and describe some of the hardware and software tools available.


Protecting the Network

Unauthorised communication with the Internet is a potential threat to security and eSafety. To protect the network from such threats, a firewall and/or a proxy server is placed between the internal network and the Internet. Although firewalls and proxy servers can be separate devices, their functions are usually incorporated into a single hardware or software firewall. A firewall protects the network in the following ways:

  • Blocking Internet Communication
A firewall can permit or deny communication with the Internet based on certain criteria. Generally, a firewall is used to block all but very specific access from the Internet to the internal network, but can also be used to restrict access by internal users to external sites either globally or on a per-user basis by requiring users to provide network credentials in order to gain Internet access.
  • Network Address Translation
Every computer on a network has an address, and knowing the address is necessary to establish communication. Network address translation makes all communication from the internal network appear to come from the firewall address.

Another potential threat is the introduction of malware, such as viruses, from portable USB disks or laptop computers. The first line of defence is the maintenance of up-to-date anti-virus software on every computer, including servers, connected to the internal network. Firewalls can also be configured to scan incoming Internet communications for viruses.

It is also important to apply operating system security patches when they are made available by the manufacturer. If feasible, it is also possible to block access to USB disks connected to computers on the internal network.

In some environments, users are allowed to connect their personal laptops, smartphones etc. to the internal wired or wireless network. These portable devices can introduce viruses into the network if they do not have up-to-date anti-virus software or operating system security patches. A Network Access Control device or NAC will inspect any foreign device connected to the internal network and block its communications if the anti-virus and operating system security do not meet certain criteria.


Blocking Inappropriate Content

A web filter inspects Internet communication and permits or blocks it based on a set of customisable rules. In addition to content, the rules can be based on such criteria as time of day; whether the user is a student; age of user etc. A web filter can:

  • block access to particular Internet sites;
  • prevent downloads of specific file types;
  • prevent certain applications, for example peer-to-peer file sharing software, from connecting to the Internet from within the internal network.

Web filtering can be performed by a firewall, by a standalone hardware device, or by software running on a server.

It may be necessary to allow access to sites that are usually blocked, for instance if needed for coursework. Blocking and unblocking site access can be controlled by teachers, rather than the IT department, if the web filter supports that capability. However clear and transparent procedures need to be implemented to ensure the consistent, responsible and accountable use of such a function.

Even when it is necessary for students to access the Internet during a class, the teacher may need to monitor what the student is doing or prevent the student from using the Internet until he/she is told to do so. Classroom management software allows teachers to view students' computer screens on their computer and, if necessary, take control of their computers to stop students using social networking sites, running chat programs, playing games etc.


Securing Data

The educational institution is responsible for ensuring that students' personal data which it holds is protected from unauthorised access. It is important therefore to ensure that:

  • Computers storing student data are in a physically secured area;
  • Proper access management is in place so that only authorised persons can view or change student data;
  • Access to student data is logged so that unauthorised activity can be detected;
  • Any student data that is stored on portable devices, such as laptops or USB disks, is encrypted;
  • Hard disks are erased before disposal of computers. 


There is also a risk that sensitive data is intercepted while being transmitted over the network. This can be avoided if data is encrypted, however encryption and decryption of data can have an impact on network and computer performance, so its implementation should be carefully considered. As the risk of interception is particularly high on wireless networks, all wireless communication should be protected by enabling WEP or WAP encryption on wireless routers.


Putting together the policy

As well as considering how your E-Safety Policy or Procedure will effect the use of hardware, desktop PC, servers, or

firewalls, consider how it will affect the delivery of services to the learning community. Ask teahers and learners what they need/want to do. 



Of course you will need to filter content. Is the ISP accredited and the system differentiated. Do you have

a clear policy and process for logging, monitoring and responding to changes/breaches in filtering that can be explained to non-technical staff?


Network Security

Are there regular internal and external reviews of requirements for infrastructure technical security and clear

personal data policy for all equipment used and activities  that cover removable media, encryption, authentication

process, passwords, privacy notice. Do you have a procedure and responsible officer for labelling,

monitoring, reporting risks and incidents, managing and recovering data, how do others know this?


Other Rescources


EG article on the importance of the Acceptable User Policy (AUP) and the role is plays. The article also points to other AUP related resources from Becta and JANET UK.

(Need to be aware that the Becta resources will still be available, but archived).




This page outlines the JANET UK AUP in detail. This is a key operational document for any JANET connected learning provider   


JISC Legal eSaftey policy template.