Visit to a blind student's school🧑🦯🧑🦯(community medicine)
Smoothwall presentation feb open day
1. Staff and Schools
Protecting Students,
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
2. The Big Three in Education Web Security
Acceptable Usage Policy (AUP)
A clear communicable policy of ‘Who, Where, What and When’ is acceptable
Dynamic Web Content Filtering
A systems that delivers the AUP and provides control, monitoring and reporting
Malware Protection
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Constantly updated software that protects your users and your network at the web
gateway (as opposed to individually at the PC) from malware threats
3. So what can possibly go wrong?
(In approximate order of likelihood);
Malware Infection
Student / Employee / Guest Misuse
Data Loss / Damage
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Data Protection Breach
Operational Continuity Failures
Criminal / Civil Law Infringement
4. Malware Infection
Spamming, Denial of Service attacks, identity theft, email
spoofing, storage of illegal data/images, damage/erasure/theft
of data, ad serving, scareware (cryptovirology), SEO abuse, DNS
poisoning, phishing, bypassing security and authentication,
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
software licence theft …
Via >>>
Botnets (‘zombie computers’), rootkits, trojans, worms,
backdoors, droppers, keystroke loggers, spyware, adware,
dialers …
5. Student Misuse
Accessing inappropriate content
Inappropriate behaviour and bullying
Social Media abuse/misuse
Illegal file sharing / copyright theft (music, video and software)
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Identity theft
Excessive bandwidth consumption (media)
6. Employee Misuse
Time Wasting (Social Networking/Shopping/Surfing)
Harassment / bullying / inappropriate social behaviour
Accessing and distributing inappropriate content
Illegal file sharing / copyright theft (music, video and software)
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Excessive bandwidth consumption (media)
Data loss / theft
Breaches of Data Protection Act
Breaches of Confidentiality and Trust
7. Network ‘Guest’ Misuse
Responsibility for guests on-line Health & Safety lies with the
host
Inappropriate guest activity on a school’s network could become
the responsibility of the host
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Malware infection
Excessive bandwidth consumption (media)
8. Data Loss
Malware
- Data Theft / Deletion
- Cyptovirologic Extortion
Data is encrypted by a virus then a payment is extorted for the decryption codes
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Identity Theft
Breaches of Data Protection Act
Data and Information Theft by Employees/Contractors
9. Operational Continuity Failures
Loss of earnings through ‘downtime’
Time, energy and money wasted in restoring status quo
Network disinfection post malware attack
Human and emotional costs
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Restoration of damaged reputation
Servers and computers seized in criminal investigations
Potentially huge legal bills
10. Criminal / Civil Law Infringement
Health and Safety – the behaviour of your employees and students can
impact on their mental and physical health
Vicarious Liability – you can be liable for things your employees and
students do on-line even though you haven’t sanctioned them
Negligence – if you fail to take reasonable and appropriate steps to protect
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
others you could be considered negligent
Data Protection – you are required by law to conform to the DP Act
Copyright Infringement – anybody sharing music/movies on your network?
Paedophilic Material – it is a recognised fact that work place computers
are used to store illegal material
11. What can you do about it?
Remember that web security doesn’t only belong to the
IT department
Create a web security policy, implement it and constantly review it
Have a robust, well communicated and effectively policed
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Acceptable Usage Policy
Continuing education of all your users to the threats on the web
Use effective control and reporting tools
13. E-Safety Law in Independent Schools
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
14. E-Safety Law
Usage of the web should risk assessed in the same way
as any other school environment e.g. gym or science lab
The law makes clear distinctions as to who is responsible for
delivering e-safety at work (and in the school environment)
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
The Head Teacher and Board of Trustees/Governors cannot
delegate it
Using appropriate processes and technology can significantly
reduce the threshold of legal liability and most importantly
protect students and staff
15. Web Access Policies
Building Flexible Filtering and
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
16. Designing Flexible Policies
For students:
- age, year, subject and location specific
- differentiate work time and personal time
For staff:
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
- work time, personal time and role specific
- teacher control of web content in the classroom
For guests:
- what is acceptable under your ethos and culture?
17. Mobile Device Integration &
Bring Your Own Device Schemes
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
18. Mobile Device Integration
iOS (iPad) and Android devices present new challenges –
especially multi-flavoured Android
‘Locked down’ browsers are currently the most effective method
of ensuring content is controlled
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
19. BYOD Schemes
The use of personal mobile tech in schools is inevitable
Easy access to fast school filtered Wi-Fi will help reduce 3G
network use
Protecting from malware at the gateway is currently the most
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
effective strategy
Continuous education to students, staff and parents about on-
line threats is the best approach
21. Helping Teachers to Teach
Each web page should be dynamically scanned for inappropriate
content based on the policy set for the user or group
Uncategorised web content can be unblocked by teachers in the
classroom (not IT) without overriding ‘red-line’ policies
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
Resources like YouTube and Google search can be safely used in
the classroom
Full visibility of on-line activity and accountability can be
maintained without constant IT interaction
22. Managing Social Media & Content
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
23. YouTube.com/education
A hugely valuable resource of ‘safe’ educational material
Schools can add their own approved content to their ‘channel’
and restrict access to the rest of YouTube
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
24. Managing Social Media
‘Read Only’ Facebook – a policy driven ‘look but don’t touch’
approach allows Facebook to be integrated positively into the
school environment
Instant Messaging Management and Censoring – enables useful
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
communication tools to be properly managed and users fully
accountable
26. Our Crystal Ball …
Integration with social media and content platforms
Mobile device filtering to include 3G
Improved sharing of approved / whitelisted content
between teachers and schools
Copyright Smoothwall Ltd & Smoothwall Inc 2001 – 2011 | All Rights Reserved.
"Mariposa" botnet, which infected more than 12.7 million computers, including half of the companies in the Fortune 1,000 list.'Coreflood Botnet': 'Zombie' Army May Have Infected 2 Million Computers, Stolen Hundreds of Millions of Dollarshttp://abcnews.go.com/Technology/feds-crush-coreflood-botnet-infected-million-computers-stole/story?id=13369529&page=2Serious crime unit flags Virgin botnet infectionshttp://www.pcpro.co.uk/news/security/368125/serious-crime-unit-flags-virgin-botnet-infectionsMicrosoft’s Rustock botnet takedown has reduced infections by over 50%The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. http://www.winrumors.com/microsofts-rustock-botnet-takedown-has-reduced-infections-by-over-50/
Responsibility for guests on-line Health & Safety lies with the hostLaw relating to Occupiers’ Liability – network providers have a duty to protect their usersInappropriate guest activity on a school’s network could become the responsibility of the hostIP trackingAccess to inappropriate content and services