Upload
sacha-van-straten
View
869
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Presentation made by Smoothwall about content filtering. Presented at the Berkhamsted School Open to IT day on February 28th, 2012.
Citation preview
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Protecting Students, Staff and Schools
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
The Big Three in Education Web Security Acceptable Usage Policy (AUP)
A clear communicable policy of ‘Who, Where, What and When’ is acceptable
Dynamic Web Content FilteringA systems that delivers the AUP and provides control, monitoring and reporting
Malware ProtectionConstantly updated software that protects your users and your network at the web gateway (as opposed to individually at the PC) from malware threats
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
So what can possibly go wrong?(In approximate order of likelihood); Malware Infection Student / Employee / Guest Misuse Data Loss / Damage Data Protection Breach Operational Continuity Failures Criminal / Civil Law Infringement
?
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Malware Infection Spamming, Denial of Service attacks, identity theft, email
spoofing, storage of illegal data/images, damage/erasure/theft of data, ad serving, scareware (cryptovirology), SEO abuse, DNS poisoning, phishing, bypassing security and authentication, software licence theft …
Via >>> Botnets (‘zombie computers’), rootkits, trojans, worms,
backdoors, droppers, keystroke loggers, spyware, adware, dialers …
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Student Misuse Accessing inappropriate content Inappropriate behaviour and bullying Social Media abuse/misuse Illegal file sharing / copyright theft (music, video and software) Identity theft Excessive bandwidth consumption (media)
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Employee Misuse Time Wasting (Social Networking/Shopping/Surfing) Harassment / bullying / inappropriate social behaviour Accessing and distributing inappropriate content Illegal file sharing / copyright theft (music, video and software) Excessive bandwidth consumption (media) Data loss / theft Breaches of Data Protection Act Breaches of Confidentiality and Trust
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Network ‘Guest’ Misuse Responsibility for guests on-line Health & Safety lies with the
host Inappropriate guest activity on a school’s network could become
the responsibility of the host Malware infection Excessive bandwidth consumption (media)
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Data Loss Malware
- Data Theft / Deletion- Cyptovirologic Extortion
Data is encrypted by a virus then a payment is extorted for the decryption codes
Identity Theft Breaches of Data Protection Act Data and Information Theft by Employees/Contractors
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Operational Continuity Failures Loss of earnings through ‘downtime’ Time, energy and money wasted in restoring status quo Network disinfection post malware attack Human and emotional costs Restoration of damaged reputation Servers and computers seized in criminal investigations Potentially huge legal bills
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Criminal / Civil Law Infringement Health and Safety – the behaviour of your employees and students can
impact on their mental and physical health Vicarious Liability – you can be liable for things your employees and
students do on-line even though you haven’t sanctioned them Negligence – if you fail to take reasonable and appropriate steps to protect
others you could be considered negligent Data Protection – you are required by law to conform to the DP Act Copyright Infringement – anybody sharing music/movies on your
network? Paedophilic Material – it is a recognised fact that work place computers
are used to store illegal material
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
What can you do about it? Remember that web security doesn’t only belong to the
IT department Create a web security policy, implement it and constantly review it Have a robust, well communicated and effectively policed
Acceptable Usage Policy Continuing education of all your users to the threats on the web Use effective control and reporting tools
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Hot Topics
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
E-Safety Law in Independent Schools
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
E-Safety Law Usage of the web should risk assessed in the same way
as any other school environment e.g. gym or science lab The law makes clear distinctions as to who is responsible for
delivering e-safety at work (and in the school environment)The Head Teacher and Board of Trustees/Governors cannot delegate it
Using appropriate processes and technology can significantly reduce the threshold of legal liability and most importantly protect students and staff
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Building Flexible Filtering and Web Access Policies
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Designing Flexible Policies For students:
- age, year, subject and location specific- differentiate work time and personal time
For staff:- work time, personal time and role specific- teacher control of web content in the classroom
For guests:- what is acceptable under your ethos and culture?
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Mobile Device Integration &Bring Your Own Device Schemes
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Mobile Device Integration iOS (iPad) and Android devices present new challenges –
especially multi-flavoured Android ‘Locked down’ browsers are currently the most effective method
of ensuring content is controlled
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
BYOD Schemes The use of personal mobile tech in schools is inevitable Easy access to fast school filtered Wi-Fi will help reduce 3G
network use Protecting from malware at the gateway is currently the most
effective strategy Continuous education to students, staff and parents about on-
line threats is the best approach
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Devolved Content Management
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Helping Teachers to Teach Each web page should be dynamically scanned for inappropriate
content based on the policy set for the user or group Uncategorised web content can be unblocked by teachers in the
classroom (not IT) without overriding ‘red-line’ policies Resources like YouTube and Google search can be safely used in
the classroom Full visibility of on-line activity and accountability can be
maintained without constant IT interaction
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Managing Social Media & Content
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
YouTube.com/education A hugely valuable resource of ‘safe’ educational material Schools can add their own approved content to their ‘channel’
and restrict access to the rest of YouTube
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Managing Social Media ‘Read Only’ Facebook – a policy driven ‘look but don’t touch’
approach allows Facebook to be integrated positively into the school environment
Instant Messaging Management and Censoring – enables useful communication tools to be properly managed and users fully accountable
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
What’s Next?
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
Our Crystal Ball … Integration with social media and content platforms Mobile device filtering to include 3G Improved sharing of approved / whitelisted content
between teachers and schools
Copy
right
Sm
ooth
wal
l Ltd
& S
moo
thw
all I
nc 2
001
– 20
11 |
All
Righ
ts R
eser
ved.
ContactsCarly Lynsdale – Independent Education [email protected] 3874178
Sean Lazenby – Education Sales [email protected] 3874183