Technical and Infrastructure - operational considerations


Today’s IT support teams are faced with a difficult balancing act. On one side safe, fast, reliable and flexible services are required to support innovative practice whilst on the other side they are expected to maintain a secure, fast and reliable network.

 

As attractive as it might seem in order to avoid risk to the reputation of the organisation, locking down the network cannot be the answer. Technology has a lot to offer learners, eLearning; its flexibility, availability, portability contributes to the personalisation of their learning and support their engagement and acheivement. It also has a lot to offer the organisation in terms of meeting their obligations to deliver learning equitably and to exacting standards within ever more challenging financial constraints. 

 

Infrastructure- maintaining the network and beyond

From an infrastructure standpoint e-safety is closely related to aspects of network security, such as:

The following sections will discuss these aspects in more detail and describe some of the hardware and software tools available.

 

Protecting the Network

Unauthorised communication with the Internet is a potential threat to security and eSafety. To protect the network from such threats, a firewall and/or a proxy server is placed between the internal network and the Internet. Although firewalls and proxy servers can be separate devices, their functions are usually incorporated into a single hardware or software firewall. A firewall protects the network in the following ways:

A firewall can permit or deny communication with the Internet based on certain criteria. Generally, a firewall is used to block all but very specific access from the Internet to the internal network, but can also be used to restrict access by internal users to external sites either globally or on a per-user basis by requiring users to provide network credentials in order to gain Internet access.
Every computer on a network has an address, and knowing the address is necessary to establish communication. Network address translation makes all communication from the internal network appear to come from the firewall address.

Another potential threat is the introduction of malware, such as viruses, from portable USB disks or laptop computers. The first line of defence is the maintenance of up-to-date anti-virus software on every computer, including servers, connected to the internal network. Firewalls can also be configured to scan incoming Internet communications for viruses.

It is also important to apply operating system security patches when they are made available by the manufacturer. If feasible, it is also possible to block access to USB disks connected to computers on the internal network.

In some environments, users are allowed to connect their personal laptops, smartphones etc. to the internal wired or wireless network. These portable devices can introduce viruses into the network if they do not have up-to-date anti-virus software or operating system security patches. A Network Access Control device or NAC will inspect any foreign device connected to the internal network and block its communications if the anti-virus and operating system security do not meet certain criteria.

 

Blocking Inappropriate Content

A web filter inspects Internet communication and permits or blocks it based on a set of customisable rules. In addition to content, the rules can be based on such criteria as time of day; whether the user is a student; age of user etc. A web filter can:

Web filtering can be performed by a firewall, by a standalone hardware device, or by software running on a server.

It may be necessary to allow access to sites that are usually blocked, for instance if needed for coursework. Blocking and unblocking site access can be controlled by teachers, rather than the IT department, if the web filter supports that capability. However clear and transparent procedures need to be implemented to ensure the consistent, responsible and accountable use of such a function.

Even when it is necessary for students to access the Internet during a class, the teacher may need to monitor what the student is doing or prevent the student from using the Internet until he/she is told to do so. Classroom management software allows teachers to view students' computer screens on their computer and, if necessary, take control of their computers to stop students using social networking sites, running chat programs, playing games etc.

 

Securing Data

The educational institution is responsible for ensuring that students' personal data which it holds is protected from unauthorised access. It is important therefore to ensure that:

 

There is also a risk that sensitive data is intercepted while being transmitted over the network. This can be avoided if data is encrypted, however encryption and decryption of data can have an impact on network and computer performance, so its implementation should be carefully considered. As the risk of interception is particularly high on wireless networks, all wireless communication should be protected by enabling WEP or WAP encryption on wireless routers.

 

Putting together the policy

As well as considering how your E-Safety Policy or Procedure will effect the use of hardware, desktop PC, servers, or

firewalls, consider how it will affect the delivery of services to the learning community. Ask teahers and learners what they need/want to do. 

 

Filtering

Of course you will need to filter content. Is the ISP accredited and the system differentiated. Do you have

a clear policy and process for logging, monitoring and responding to changes/breaches in filtering that can be explained to non-technical staff?

 

Network Security

Are there regular internal and external reviews of requirements for infrastructure technical security and clear

personal data policy for all equipment used and activities  that cover removable media, encryption, authentication

process, passwords, privacy notice. Do you have a procedure and responsible officer for labelling,

monitoring, reporting risks and incidents, managing and recovering data, how do others know this?

 

Other Rescources

http://www.excellencegateway.org.uk/page.aspx?o=ferl.aclearn.page.id615

EG article on the importance of the Acceptable User Policy (AUP) and the role is plays. The article also points to other AUP related resources from Becta and JANET UK.

(Need to be aware that the Becta resources will still be available, but archived).

 

JANET UK AUP

http://www.ja.net/company/policies/janet-aup.html

This page outlines the JANET UK AUP in detail. This is a key operational document for any JANET connected learning provider   

 

JISC Legal eSaftey policy template.

http://www.jisclegal.ac.uk/LinkClick.aspx?fileticket=P6saJb9XpVk%3d&tabid=243