Northern Grid has signed a 5 year contract with BT and will be providing new, fast, affordable and robust broadband connections to schools across the North East of England. The update reports are intended to keep you informed about what to expect during the installation process and the services that will be included.

Northern Grid has signed a 5 year contract with BT and will be providing new, fast, affordable and robust broadband connections to schools across the North East of England. The update reports are intended to keep you informed about what to expect during the installation process and the services that will be included.

A guide for ICT Team Leaders

Cloud Storage - is it safe to use?

Cloud based storage and online synchronisation offers individuals many benefits, one of which is removing the need to carry flash pens and portable disks around. The question that needs to be asked is what issues are raised by this increasingly popular and free service.

Google Apps and Live@Edu have storage space available as part of their email offering. An increasingly popular trend is synchronising online storage. Dropbox and SugarSync are currently two of the more popular. The services mentioned are all available at no charge but with limits be it limited storage, non-existent Service level agreements or limited control over the functionality or how it changes.

The main concern with Dropbox is the significant risk of breaching the Data Protection Act. Staff wishing to store personal information should not use a service that does not comply with the EU Safe Harbor agreement. The EU Safe Harbor agreement requires that personal data is stored in the EU or in other countries where we have set agreements. Dropbox is hosted in the US is non-compliant!

There are also security issues with free services, in June 2011 Dropbox confirmed that a programmer’s error caused a temporary security breach that allowed any password to be used to access any user account. If you decide to use this service it’s highly recommended you encrypt your files prior to synchronisation.

Web Browsers – Upgrade to Internet Explorer 9

IE9 is the most secure and best performing Microsoft browser it therefore is recommended that schools upgrade. Websites designed for earlier versions may not display correctly to resolve use a feature called Compatibility View.

To ensure IE9 can view all webpages correctly an icon titled compatibility view has been added. The icon normally looks like  and can be found to the right of the URL address bar. When selected, the icon changes to a solid colour , and from now on this website will be displayed in compatibility mode.

IE9 has simplified its design, most command bar functions, like print and zoom can be found by selecting the Tools button . Favourites and feeds appear in the Favourite Centre by selecting Favourites button . IE9 has added improved security and privacy options these include; ActiveX Filtering, Smartscreen Filtering, 128 bit Secure Socket Layer (SSL), Tracking Protection and Private Browsing.

Use ICT to improve efficiently and save money

ICT can be the catalyst for change, developing new working practices, automating existing procedures and facilitating innovation and creativity. Used correctly it can also save your school money. How can ICT reduce costs for the school?

Virtualisation

The concept of running multiple operating systems off the same hardware platform is not new but it is now mature and low cost. The virtualisation software allows the operating system and installed applications to share physical resources. On average one virtualised server can do the work of four conventional servers. Substantial savings can be accrued in reducing energy costs, hardware maintenance and software licensing. It is estimated a secondary school can save £10,000 - £20,000 a year.

Print Management

Schools are generally poor at managing print services. Vanilla Microsoft Server 2003 and 2008 deployments have limited print management capabilities, additional services are often required. Schools may not be aware of how many sheets of paper they use annually but it may well be over a million. Paper costs are only a small proportion of the actual cost, you need to consider energy charges, hardware purchase and toner replacement. Most large secondary schools can save £50K per year if they deploy effective print management. The Learning Platform is an ideal vehicle to reduce paper, improve communications, store documents and resources and has the additional benefit that document review can be audited.

Desktop Computers

Older desktop PC’s are very inefficient, replacing hardware can actually save the school money as well as improve user experience and system reliability. Whether you use old or new hardware configuration of the power settings makes a considerable difference to daily running costs. Windows 7 and OSX Lion have improved power saving features that allow you to switch off the display after period of inactivity or switch the desktop into sleep or hibernation mode after a set time has elapsed. All of the power configurations can be centrally managed from the domain controller using Group Policies.

Remote Access to School Network

Staff should not have copies of sensitive data on their own laptop on or off-site. Secure remote access provides on demand access to centrally managed services. The most suitable type of remote access solution is a SSL-VPN with two factor authentication. An alternative solution is Direct Access using Windows 7 and Server 2008 R2. A word of caution, many portal gateways deployed by schools have limited security and should not be used to allow staff access to the MIS system or any confidential data.

Securing Wireless – distinguishing myth from fact

A lot of expert advice on wireless security provides limited practical improvements in security and some cases the advice is simply dumb. Some prime examples of where general advice and good practice diverge are shown below.

Hiding the SSID

The SSID beacon is only one of five broadcasts sent by the wireless access point so disabling one of five makes the solution less user friendly and has no significant impact on security. Rather than hide the SSID make sure you change the default name as default SSID otherwise you are broadcasting to the world with a poorly configured device which makes it an easy target.

Disable DHCP

An attacker can find the IP range of a wireless access point in 10-15 seconds if DHCP is disabled. Using static IP addresses has negligible security impact and complicates wireless use. Leave DHCP switched on and use the security mechanisms that are available.

Antenna Placement & Signal Strength

It is often suggested that the wireless access point should be positioned to improve security and that signal strength should be lowered to ensure the signal is weakened and cannot be detected externally. This technique is the road to ruin for wireless solutions, antenna placement and signal strength adjustment changes need to be set for maximum coverage and minimum interference, never for improving security.

Use 802.11a instead of 802.11bg

The 802.11a protocol is not any more secure than 802.11bg; the protocol is simply a transport mechanism for wireless that works in the 5GHz band. Changing the frequency and transport protocol is equivalent to changing the colour of your front door to improve security

Enable MAC Filtering on the Wireless Access Point

MAC addresses are 12 digit HEX numbers which can be viewed by others in clear text with a sniffer application. An attacker simply reads the MAC address of connected device and replicates the MAC on their wireless card. Restricting access based on MAC addresses is management intensive and has limited ROI in terms of security gain.

Allow staff and students to bring their own ICT devices into school

The problem is that non domain devices cannot be checked to ensure they are virus free, have adequate security patches installed and have suitable software. The use of Network Access Protection and/or Network Access Control solutions can resolve this issue. Some schools deploy a thin client architecture which allows guest devices to securely connect but with limited functionality.

On 1st March 2011 Microsoft introduced a new licensing scheme for schools called Enrolment for Education or EES for short. This agreement is a low cost alternative to School Agreement Subscription service and ideal for a school that are looking at a technology refresh i.e. upgrading their workstation and server operating systems and Microsoft applications.

• EES single annual payment based on FTE staff count and the products you select.
• Choice of software include MS Office, Windows Upgrade and Client Access License (CAL) suites
• License additional software on all or selected computers e.g. MS Visio

A school that is not planning to upgrade their software in the next two years is better off retaining the Schools Agreement Subscription Service. The MS Select Agreement is a perpetual license that offers schools low cost prices for Microsoft software. The EES annual subscription model allows decisions on upgrading the operating system and applications to be made on the basis of Teaching and Learning need rather than on cost grounds.

Green Technology & Cutting ICT Spend

Saving energy, conserving resources and looking after the environment are everyone’s responsibility. Schools can contribute by considering many of the measures previously discussed; saving money and going green are usually one and the same. Some schools address many of the green issues by using technology efficiently and effectively some of the ways they delivered include:

• Replacing desktop computers with thin client PC’s and/or laptops
• Reducing the use of data projectors and high power equipment
• Liaising with the Network Manager as they have operational responsibility for ICT
• Increasing staff and pupil awareness using practical example of energy use and power consumption
• Moving selected ICT services, when appropriate, to the cloud
• Maintaining server room temperature at a steady 20°c

If schools require further technical advice or assistance with ICT contact Mark Vinnicombe on 01914611844 or email mark.vinnicombe@northerngrid.org

3 October 2011

Yesterday I delivered an after school esafety session for the staff at Southridge First School in North Tyneside. Their thoughtful and perceptive contributions showed that they understand the importance of this area of safeguarding and are ready to work together to develop policies to support all elements of teaching and learning in a safe and supportive environment.

Much of what I talk about during these sessions centres on how sharing of personal information and opinions is ‘normal’, and we shouldn’t be surprised if our learners and colleagues, on occasions, behave in ways that we would consider inappropriate. I have long maintained that the only way we will see a decline in inappropriate and bullying behaviour in the (social) media is by modelling positive behaviour for our very young children to learn and adopt.

If we can instil in our young children an understanding and ownership of privacy, personal information and appropriate communication of opinions, then we stand a much better chance of them growing up to be more responsible and empathetic participants in online (and offline) interactions. It is perhaps only then that we will see some secondary schools demonstrate the confidence to adopt more open polices relating to filtering and the use of personal and handheld devices for learning and recreation during the school day.

There is much work still to be done, and we need patience and commitment if we are to help our young people become responsible and considerate members of our increasingly sophisticated social networking opportunities.

Simon 

If you would like further information about Northern Grid's support for schools email support@northerngrid.org

Please carry out the following checks.  If any of the tests fail then your Cachepilot configuration is not providing adequate protection.  Contact Easynet Support on 08453334568 for further advice and assistance.

Google Safe Search

Open your browser and type the URL www.google.com a search windows will open click on the search settings link top right.  If you can view and change the SafeSearch Filtering options SafeSearch in not enforced.

YouTube

If you have decided to allow access to YouTube for a CachePilot user group, login as a member of this group and access the URL www.youtube.com a green banner titled "Enabled Safety mode" should appear directly below the YouTube search bar.  After any video is selected check to ensure that viewer’s comments are disabled.  They would normally appear directly below the video.

Blocked Categories

From your workstation’s browser access the following URLs.  All of the following URLs should be blocked if they are not your browser will be automatically redirected to the Smoothwall home page.  If any sites are not blocked check you’re filtering for configuration errors!

The above categories are blocked by default on all Northern Grid Cachepilots.

Social networking sites are now the most common method of spreading malware and viruses due to their popularity and poor design.  If the school allows access to these sites a rigorous security policy needs to be enforced to protect the network.

Cachepilot FAQ

What can a CP do for your school?

A CachePilot can speed up the delivery of web resources to your school through transparent and advanced caching techniques.  The device can also be used as a local content store.  The Smoothwall web filtering solution protects web users from offensive and malicious websites and offers URL category blacklists and dynamic content control. 

How does the Smoothwall filtering work?

Smoothwall uses two separate techniques to block inappropriate websites.  A URL category blacklist database is stored and updated on the unit of well-known websites.  To enhance the URL blacklist a dynamic content filter is deployed.  This heuristic filter is able to identify and categorize websites in real time, and block or allow them according to the policy deployed.

The dynamic content control uses a weighted phrase limit.  The WPL is a sensitivity bar and defaults to 50 suitable for a primary school.  Secondary Schools may wish to increase the limit (desensitize) to 120.   The CachePilot has the ability to blacklist (block) or whitelist (allow) any website, webpage or file type download.

Can I use Site Lists with the new Smoothwall filtering solution?

We recommend you do not use site lists but they can be added to the site list permission if required.  The new filtering configuration is now simpler to use and more efficient due to the separation of filtering components.  To modify the filtering select User Accounts / Groups  and select the group you wish to modify. The Global group policy applies to everybody and should be populated with your school blacklist. The new filtering configuration allows exceptions to be added in a group thereby eliminating the need to reduce the number of blacklisted categories for the Global group.

The Cachepilot slows down web access?

A correctly configured and maintained CachePilot does not generate any significant delay. Slow Internet performance may result from a problem on your network or on the remote web server. The new web filtering solution is more reliable and provides faster performance than a CachePilot running Smartfilter.

Websites on the Internet are hosted on a range of equipment resulting in performance differences to add to this geographic location and server loading can impact on the speed of your web access. If a website is generally slow to access it is a prime candidate for using the CachePilot’s advanced caching functionality.  If the Internet connection is slow contact mark.vinnicombe@northerngrid.org to run a remote diagnostic check.

Download As Document

We often hear from partner schools the question; ‘Why are some websites I want to use filtered?’ and here’s a simple explanation of how and why some websites appear to be filtered and what you can do if this effects you.

First of all let’s look at the filtering process.

Easynet is the ISP (internet service provider) who manage and deliver internet access to Northern Grid schools.

Sites that are identified as illegal are filtered before the internet connection reaches your school. This is non negotiable and Easynet, Northern Grid and your governing body could not condone such sites reaching your learners or teachers. Although this filtering process is very effective it is always possible that a new or unknown site could inadvertently be allowed through the connection and in these cases it is very important that Northern Grid are alerted immediately so the filtering can be adjusted accordingly.

In the majority of Northern Grid schools there is also a second filtering mechanism located within the school building. This is called a CachePilot and the filtering rules on this device can be adjusted to meet the needs of the school. The CachePilot performs two key functions:

1)    Acts as a cache and stores popular websites visited by teachers and learners so that the internet experience of users is much faster. Instead of getting the website information from the internet servers it can display pages previously visited by members of that school’s community from its own cache or memory.

2)    Acts as a dynamic local internet filter to provide customised web experiences for individuals and groups.

It is usually the case that the local web filter (the CachePilot) handles those sites that have been broadly identified by the school as ‘appropriate’ and ‘inappropriate’. Examples of the categories include, but not exclusively, social network sites (Facebook etc.) and online shopping (ebay, Amazon etc.)

If we take the category ‘social networking’ as an example then some schools may find that providing access to YouTube for learners a disruption and distraction. Although there are some excellent resources on YouTube – there is also some inappropriate content and comments that many schools would prefer their learners did not have access to.

The CachePilot can be customised to provide access to Youtube for specific groups eg ‘teachers’ and at specific times. For the school that wants their Year10 students to have access to Youtube or a social media service such as a blog then this can be administered via the CachePilot. The specific group of learners can have access while the rest of the school community do not.

The person who manages the CachePilot is usually an onsite technician or network manager however in some LAs this task is performed remotely by a member of the LA team.

It is very important that any changes to the CachePilot rules are logged to ensure, that in the event of an incident occurring, members of the senior team have the correct information available to them. We want to avoid a situation where a Headteacher believes no member of his school can access YouTube when a network manager had provided access for a teacher at their request.

So we can see that for most teachers it is possible to access websites and services they feel will enhance their teaching and the students’ learning simply by making a request within their school.

What are the reasons for filtering?

Safeguarding Learners

A governing body and Headteacher is responsible for the safety of its learners and its adult employees. This legal responsibility means that it is understandable that they will err on the side of caution when it comes to any website that offers direct access for people in the wider world to the children and colleagues in their care.

Enable Effective Teaching and Learning

Where a school has unfiltered access to web services and sites there is a temptation and opportunity for learners to waste time and stray off task. Effective filtering can help to focus learners and ensure that their time in school is productive and meaningful. Having said this, it should be the aim of every school to instil in its students the discipline and will to make use of the resources available to them and reduce filtering to ensure they have a purposeful and enjoyable learning experience.

Protect Infrastructure

Managing a school IT infrastructure is both challenging and demanding. Viruses and malware can rapidly reduce computers and networks to a  crippled and inoperative disaster. With the advent of Web 2.0 and more interactive web services and social media the opportunity for these destructive programs to be downloaded and installed has grown significantly. Technology is now essential for schools as they increasingly rely on it for management, assessment, data, teaching and learning.  Anything that can result in a loss of access to the technology will have significant consequences and cause major inconvenience.  This means that systems need to be in place to ensure access to the wider online world is controlled.  However, systems need to be set in the context of supporting teaching and learning and can’t be driven by technical considerations alone.

It is important therefore, that students, teachers, IT support and school managers work in partnership to ensure that their internet access is appropriate and fit for purpose. The Northern Grid team is happy to help provide advice, guidance and support at all levels to help ensure that all our learning communities make the most of the online opportunities available to them – and we look forward to hearing from you soon.

Further information on filtering can be found here:

Filtering Through, an article from Simon Finch

Northern Grid Filtering Policy

Technical Information

Improved Filtering System

As part of Northern Grid’s fully, accredited manage service, the Email provision delivered to users should provide the following as a minimum set of requirements to meet Accreditation standards.

• At least one mailbox per person within the end user organisation
• Mailbox size has to be a minimum of 20 MB
• Attachment size has to be a minimum of 5 MB
• Address Anonymity has to be available [e.g., full names and year details should NOT be used. Example: j.bloggs@school.org.uk is fine but joe.bloggs@year1.school.org.uk is unacceptable
• Incoming and Outgoing emails messages with inappropriate words in either the subject and the message body must be filtered
• Email Messages sent internally with inappropriate words in either the subject and the message body must be filtered
• The Inappropriate words list must have the capability of being updated as and when its required either centrally or locally
• Emails infected with a Virus or virus infected attachment must either have the infected file removed or the entire email blocked.

These standards identify only the minimum requirements for an appropriate accredited email system for schools and Northern Grid recommend that you do not accept less than these standards. Using an email provision which does not meet these minimum standards infringes and negates the approved managed service standards of Northern Grid for Learning.

If you are having difficulty achieving these standards with a chosen email supplier please contact Northern Grid on 0191 4611844 for advice on suppliers that easily meet these standards.

Download this Document

Northern Grid has produced this document to assist you in checking that your CachePilot is configured correctly. It contains a list of sites with instructions on how to test your configuration settings correctly and any actions that should be taken from performing these tests; in addition to these test instructions it also contains a list of FAQs to help answer any questions you may have about the CachePilot system.

Further information available in the document below.

For those that weren't at the Easynet, Northern Grid Technical Seminar on the 6th of July 2010, here are the presentations and documents from the event.

That may sound a rather strange question. After all, the internet is there, and young people use it every day.

But what we (the National Education Network and Lancaster University) want to know is, “How do young people and schools use the internet?” “Have they had any bad experiences?” “Do they understand about filtering and e Safety?” “And how do their views of digital technology relate to the views of their teachers?”.

We also want to know about their attitudes to social networking sites. Are they worried about what can happen through the use of these sites, or do they see them as an unremittingly good thing?

Going further, there’s also the question of their mobile phones - how do they use them? When do they use them, and again, do they have any concerns? And indeed should we, as educators, be concerned with how these devices are being used.

At the moment no one is quite sure what young people feel about these digital devices, and how their feelings accord with those of their teachers? Because of this we can’t be sure if current approaches to such issues as filtering and e-safety are the best approaches, or whether we should be working in different ways to ensure that pupils and teachers remain safe when using digital technology.

This new research, (to be conducted across the UK), is being undertaken by the National Education Network (the UK collaborative network for on line education funded by government), and Lancaster University. It consists of simple surveys, one group directed at teachers and personnel in schools (head teachers, safeguarding officers, teachers, nonteaching staff, and governors), and one at pupils – obviously with different questions for each different age group (14-19, 12-14, 10-11, 8-9, and 5-7 years of age).

Find out more, and access the surveys

If you have any questions regarding the survey please contact Mick Young at Northern Grid for Learning by emailing mick.young@northerngrid.org.uk or phoning at 0191 4611844

Yours

M.G Young

E Learning Officer

All schools that arrange for pupils to take the survey can receive an analysis of the findings for their specific school.

Northern Grid, Easynet and Equiinet have been working with partner Local Authoritiess to enable all CachePilots to be upgraded to 5.2.5 software code. Amongst other enhancements this code version enables easier integration with Active Directory and simplified Google Safe Search enablement.

Northern Grid, Easynet and Equiinet have visited each partner LA to run through the code version and offer advice on the GUI changes users will experience.

Northern Grid, Easynet, Equiinet and McAfee are also working on the deployment of the Next Generation filtering platform that will replace the current SmartFilter system. We are currently planning to start migration to this service during the summer term. In order to enable the migration of CachePilots from SmartFilter to McAfee WebWasher we need to ensure that all CachePilots are on the most upto date software code version.

We are therefore planning to release code updates to upgrade all Northern Grid CachePilots overnight on Friday the 30th April 2010.

The CachePilot units will automatically download the update out of hours Friday evening. Users will see the new GUI when logging in following the upgrade. No bespoke site lists or configuration will be lost, although some lists may merge as part of the simplification of the Active Directory integration- please see attached document for further information.

Sites are not required to do anything to enable this upgrade, the CachePilot simply needs to be powered up and online!

An interesting article looking at the recent BBC article that stated that giving your students more freedom can help improve E-Safety. The article gives some first hand feedback of what happened in a school when the students were given more freedom within the area of E-Safety.

View full article

What are your thoughts on this issue? Is your school involving your students in shaping E-Safety policy? Post a comment below!