Information Security and Schools

I write this after just logging a member of staff off from an open access computer, yet again…

I find it really quite frightening about the lack of any form of data security awareness in any of the schools I have worked in. Of course, I’m not going to name them, but this is five primary schools, and one secondary.

Regularly, in schools, I will find email passwords, MIS passwords, Windows logon passwords etc stuck around the monitor, staff will not usually change passwords if they can help it from the default one, and similar things.

What truly frightens me, is when I see members of staff leaving the MIS product open on screen, with data, viewable to all.

I used to work for one of the big banks – and I know for a fact that if we walked away from our computer, even just to the printer (which was about 5 steps away for me), we HAD to lock our workstation – or else face a rather strong word from our Team Leader, or worse, if the tech team got their hands on the machine first… our screen would be upside-down when we got back!

I know from experience that most people who work in a school environment are very complacent when it comes to data security – until you get to the network manager!
The problem then unfortunately arises that teachers do not want to be “inconvenienced” by automatic workstation locks, or by screensaver cut-ins, as they then have to unlock the station before they resume teaching (naturally, this is only a problem where classrooms have IWBs or data projectors!) – and this is unacceptable for them… Which in a way, I can be sympathetic about, but equally, there’s give and take – if you are going to walk away from a computer with it unlocked, there needs to be some form of protection for the system and what you leave on the screen.

What really shocks me is the apathy of people! When you tell them that “You just left all that exam data open on the screen for anyone to see” etc, people don’t really seem to care! The standard response is “Oh, no-one could have seen it, I was there the whole time” or “Oh, but I locked my door!” when you can see the screen clearly through the window…

Personally – I think that maybe we need to think of some form of compromise – maybe even use something like the NHS do, with a smartcard based logon system? I believe that all members of staff are required to wear an ID card (I know I am!), so why not have it with a chip, and require it to be stuck into the keyboard when they want to login? This also resolves the issue of students maliciously logging into accounts, etc…

Would love to hear thoughts and maybe rants about what’s happening at your schools?


Read More

Busy weeks!

Well, it’s been a long time since I posted here, but I think I should probably catch up!!

So – last week was half term, but of course working for an IT support company, this is the time when we do our larger projects… so last week, I spent replacing a server in one school, and replacing the wireless network in another!

So – I’ve learnt a fair bit, and here’s the basics:
1. Always make sure you have a backup of everything.
2. Don’t delete computers from the AD. Disable before you delete!
3. Prepare your data structure before you do anything.

It’s always best to have number 1 before you do anything at all…!

Now – I have to say, in regards to the wireless network – we implemented Aerohive – and my god it’s good! Considering my colleague and I fitted the access points (10 of them), and configured them, and by the time we went home that day, had a fully functioning, secure wireless network, with two SSIDs – one being an isolated guest network, with web access only, and no access at all to the internal network. Now, that’s rapid deployment!

Admittedly, there were a few issues with ceiling tiles… and we’re now experts in the damn things, but it’s all part of the fun!

Anyway, just a brief post for now – have fun!

Read More

Firefox on a Network

So, at work we’ve recently decided to go to a brand new virtual learning environment – which uses flash-based “apps” to give their user interface, alongside WordPress, and Google apps. Alongside this, we have been finding that users are having awful problems actually using the product in Internet Explorer. IE9 breaks everything, to the point where it is totally unusable – and IE8 is, well… IE8.

After a discussion with the VLE’s technical team, they suggested that we use Firefox as an alternative to Internet Explorer. So – it was passed onto me to roll out Firefox over the whole network.

So – I start off with FrontMotion Firefox, which sadly just doesn’t quite cut it with me for some reason, as we kept having problems with deploying it via GPO – so I set to work on the raw install file from Mozilla themselves.

As it happens, the deployment isn’t too bad at all – you’ll need a mozilla.cfg, and the various other files which point to that file, and create things in the user’s profile folder.

All you need to then do is use scripts to run the installer in silent mode, then copy across the config files to the program files folder.

If you later need to update any of the config files – these can just be copied back across and overwritten!

If you want to have a look at my Firefox package – click here and download the zip file. If you do use it, a comment to the article would be greatly appreciated to say where and how you’ve used it!

Read More