Today IT support teams are faced with a difficult balancing act. On one side fast, reliable and flexible services are required to support innovative practice whilst on the other side they are expected to maintain a secure, safe and reliable network.

As attractive as it might seem in order to avoid risk to the reputation of the organisation, locking down the network cannot be the answer. Technology has a lot to offer learners. E-learning - its flexibility, availability and portability contributes to the personalisation of students' learning and supports their engagement and achievement. It also has a lot to offer the organisation in terms of meeting their obligations to deliver learning equitably and to exacting standards within ever more challenging financial constraints.

From an infrastructure standpoint e-safety is closely related to aspects of network security, such as:

• protecting the network from external threats and malware

• preventing access to inappropriate content

• ensuring integrity and confidentiality of data

• monitoring activity to detect inappropriate behaviour

The following sections will discuss these aspects in more detail and describe some of the hardware and software tools available.

Procedures and policies
Do you have a clear policy and process for logging, monitoring and responding to changes/breaches in filtering? Are there regular internal and external reviews of requirements for infrastructure technical security and clear personal data policy for all equipment used and activities: removable media, encryption, authentication process, passwords, privacy notice. Do you have a procedure and responsible officer for labelling, monitoring, reporting risks and incidents, managing and recovering data.

It is important to mention at this point that the monitoring and interception of communications is a very delicate area and needs careful management. JISC Legal have produced an essentials guide on aspects of Interception and Monitoring Law which is intended to provide the reader with a direct, point by point guide on interception and monitoring law and its application to Further and Higher Education. JISC Legal have guidance on the legal aspects of providing and operating IT facilities, you will also find relevant links on the Legal Aspects page and the JISC initiative to combat cybercrime.

Protecting the network
Unauthorised communication with the Internet is a potential threat to security and e-safety. To protect the network from such threats, a firewall and/or a proxy server is placed between the internal network and the internet. Although firewalls and proxy servers can be separate devices, their functions are usually incorporated into a single hardware or software firewall. A firewall protects the network in the following ways:

• Blocking Internet Communication - A firewall can permit or deny communication with the Internet based on certain criteria. Generally, a firewall is used to block all but very specific access from the Internet to the internal network, but can also be used to restrict access by internal users to external sites either globally or on a per-user basis by requiring users to provide network credentials in order to gain Internet access.

• Network Address Translation - Every computer on a network has an address, and knowing the address is necessary to establish communication. Network address translation makes all communication from the internal network appear to come from the firewall address.  Another potential threat is the introduction of malware, such as viruses, from portable USB disks or laptop computers. The first line of defence is the maintenance of up-to-date anti-virus software on every computer, including servers, connected to the internal network. Firewalls can also be configured to scan incoming Internet communications for viruses.

It is also important to apply operating system security patches when they are made available by the manufacturer. If feasible, it is also possible to block access to USB disks connected to computers on the internal network.

In some environments, users are allowed to connect their personal laptops, smartphones etc. to the internal wired or wireless network. These portable devices can introduce viruses into the network if they do not have up-to-date anti-virus software or operating system security patches. A Network Access Control device or NAC will inspect any foreign device connected to the internal network and block its communications if the anti-virus and operating system security do not meet certain criteria.

Blocking inappropriate content
A web filter inspects internet communication and permits or blocks it based on a set of customisable rules. In addition to content, the rules can be based on such criteria as time of day; whether the user is a student; age of user etc. A web filter can:

• block access to particular internet sites;

• prevent downloads of specific file types;

• prevent certain applications, for example peer-to-peer file sharing software, from connecting to the Internet from within the internal network.

Web filtering can be performed by a firewall, by a standalone hardware device, or by software running on a server.

It may be necessary to allow access to sites that are usually blocked, for instance if needed for coursework. Blocking and unblocking site access can be controlled by teachers, rather than the IT department, if the web filter supports that capability. However clear and transparent procedures need to be implemented to ensure the consistent, responsible and accountable use of such a function.

Even when it is necessary for students to access the internet during a class, the teacher may need to monitor what the student is doing or prevent the student from using the Internet until he/she is told to do so. Classroom management software allows teachers to view students' computer screens on their computer and, if necessary, take control of their computers to stop students using social networking sites, running chat programs, playing games etc.

Securing data
The educational institution is responsible for ensuring that students' personal data which it holds is protected from unauthorised access. It is important therefore to ensure that:

• Computers storing student data are in a physically secured area;

• Proper access management is in place so that only authorised persons can view or change student data;

• Access to student data is logged so that unauthorised activity can be detected;

• Any student data that is stored on portable devices, such as laptops or USB disks, is encrypted;

• Hard disks are erased before disposal of computers.

There is also a risk that sensitive data is intercepted while being transmitted over the network. This can be avoided if data is encrypted, however encryption and decryption of data can have an impact on network and computer performance, so its implementation should be carefully considered. As the risk of interception is particularly high on wireless networks, all wireless communication should be protected by enabling WEP or WAP encryption on wireless routers. The NGfL audit tool provides a template for assessing of the risks.  

Password security
Password security should be a requirement. Learners and staff should be aware of their responsibility to keep the information safe and of the implications of revealing passwords to others. An ideal tool for checking the strength of your password http://www.passwordmeter.com/

Related Links

Sample Policies and procedures from JISC Legal information - e.g. Institutional Access to Staff and student IT accounts and IT equipment - it may sometimes be neccessary to access accounts to monitor information so understanding what is legally permissable with regard to monitoring of internet use is critical.

Standards and CPDFITS Practioners Courses

JANET Publications cover a wide range of e-safety and security issues including Managing Safety for Children and vulnerable guests, JANET and Internet Filtering Policy

ICO Guide to protecting your personal information part of a Government persoanl information tool-kit