Northern Grid has signed a 5 year contract with BT and will be providing new, fast, affordable and robust broadband connections to schools across the North East of England. The update reports are intended to keep you informed about what to expect during the installation process and the services that will be included.

To Our Customers:

Please note that there will be a change freeze activated on the 1st June 2012. No further firewall changes will be accepted after the 31st May 2012. This change freeze will stay in place until the end of the current contract with Easynet which is the 31st July. On the 1st August firewall rule changes will be managed by BT and the new process will be sent out to you before that date.

Thank you

Northern Grid has signed a 5 year contract with BT and will be providing new, fast, affordable and robust broadband connections to schools across the North East of England. The update reports are intended to keep you informed about what to expect during the installation process and the services that will be included.

A guide for ICT Team Leaders

Cloud Storage - is it safe to use?

Cloud based storage and online synchronisation offers individuals many benefits, one of which is removing the need to carry flash pens and portable disks around. The question that needs to be asked is what issues are raised by this increasingly popular and free service.

Google Apps and Live@Edu have storage space available as part of their email offering. An increasingly popular trend is synchronising online storage. Dropbox and SugarSync are currently two of the more popular. The services mentioned are all available at no charge but with limits be it limited storage, non-existent Service level agreements or limited control over the functionality or how it changes.

The main concern with Dropbox is the significant risk of breaching the Data Protection Act. Staff wishing to store personal information should not use a service that does not comply with the EU Safe Harbor agreement. The EU Safe Harbor agreement requires that personal data is stored in the EU or in other countries where we have set agreements. Dropbox is hosted in the US is non-compliant!

There are also security issues with free services, in June 2011 Dropbox confirmed that a programmer’s error caused a temporary security breach that allowed any password to be used to access any user account. If you decide to use this service it’s highly recommended you encrypt your files prior to synchronisation.

Web Browsers – Upgrade to Internet Explorer 9

IE9 is the most secure and best performing Microsoft browser it therefore is recommended that schools upgrade. Websites designed for earlier versions may not display correctly to resolve use a feature called Compatibility View.

To ensure IE9 can view all webpages correctly an icon titled compatibility view has been added. The icon normally looks like  and can be found to the right of the URL address bar. When selected, the icon changes to a solid colour , and from now on this website will be displayed in compatibility mode.

IE9 has simplified its design, most command bar functions, like print and zoom can be found by selecting the Tools button . Favourites and feeds appear in the Favourite Centre by selecting Favourites button . IE9 has added improved security and privacy options these include; ActiveX Filtering, Smartscreen Filtering, 128 bit Secure Socket Layer (SSL), Tracking Protection and Private Browsing.

Use ICT to improve efficiently and save money

ICT can be the catalyst for change, developing new working practices, automating existing procedures and facilitating innovation and creativity. Used correctly it can also save your school money. How can ICT reduce costs for the school?

Virtualisation

The concept of running multiple operating systems off the same hardware platform is not new but it is now mature and low cost. The virtualisation software allows the operating system and installed applications to share physical resources. On average one virtualised server can do the work of four conventional servers. Substantial savings can be accrued in reducing energy costs, hardware maintenance and software licensing. It is estimated a secondary school can save £10,000 - £20,000 a year.

Print Management

Schools are generally poor at managing print services. Vanilla Microsoft Server 2003 and 2008 deployments have limited print management capabilities, additional services are often required. Schools may not be aware of how many sheets of paper they use annually but it may well be over a million. Paper costs are only a small proportion of the actual cost, you need to consider energy charges, hardware purchase and toner replacement. Most large secondary schools can save £50K per year if they deploy effective print management. The Learning Platform is an ideal vehicle to reduce paper, improve communications, store documents and resources and has the additional benefit that document review can be audited.

Desktop Computers

Older desktop PC’s are very inefficient, replacing hardware can actually save the school money as well as improve user experience and system reliability. Whether you use old or new hardware configuration of the power settings makes a considerable difference to daily running costs. Windows 7 and OSX Lion have improved power saving features that allow you to switch off the display after period of inactivity or switch the desktop into sleep or hibernation mode after a set time has elapsed. All of the power configurations can be centrally managed from the domain controller using Group Policies.

Remote Access to School Network

Staff should not have copies of sensitive data on their own laptop on or off-site. Secure remote access provides on demand access to centrally managed services. The most suitable type of remote access solution is a SSL-VPN with two factor authentication. An alternative solution is Direct Access using Windows 7 and Server 2008 R2. A word of caution, many portal gateways deployed by schools have limited security and should not be used to allow staff access to the MIS system or any confidential data.

Securing Wireless – distinguishing myth from fact

A lot of expert advice on wireless security provides limited practical improvements in security and some cases the advice is simply dumb. Some prime examples of where general advice and good practice diverge are shown below.

Hiding the SSID

The SSID beacon is only one of five broadcasts sent by the wireless access point so disabling one of five makes the solution less user friendly and has no significant impact on security. Rather than hide the SSID make sure you change the default name as default SSID otherwise you are broadcasting to the world with a poorly configured device which makes it an easy target.

Disable DHCP

An attacker can find the IP range of a wireless access point in 10-15 seconds if DHCP is disabled. Using static IP addresses has negligible security impact and complicates wireless use. Leave DHCP switched on and use the security mechanisms that are available.

Antenna Placement & Signal Strength

It is often suggested that the wireless access point should be positioned to improve security and that signal strength should be lowered to ensure the signal is weakened and cannot be detected externally. This technique is the road to ruin for wireless solutions, antenna placement and signal strength adjustment changes need to be set for maximum coverage and minimum interference, never for improving security.

Use 802.11a instead of 802.11bg

The 802.11a protocol is not any more secure than 802.11bg; the protocol is simply a transport mechanism for wireless that works in the 5GHz band. Changing the frequency and transport protocol is equivalent to changing the colour of your front door to improve security

Enable MAC Filtering on the Wireless Access Point

MAC addresses are 12 digit HEX numbers which can be viewed by others in clear text with a sniffer application. An attacker simply reads the MAC address of connected device and replicates the MAC on their wireless card. Restricting access based on MAC addresses is management intensive and has limited ROI in terms of security gain.

Allow staff and students to bring their own ICT devices into school

The problem is that non domain devices cannot be checked to ensure they are virus free, have adequate security patches installed and have suitable software. The use of Network Access Protection and/or Network Access Control solutions can resolve this issue. Some schools deploy a thin client architecture which allows guest devices to securely connect but with limited functionality.

On 1st March 2011 Microsoft introduced a new licensing scheme for schools called Enrolment for Education or EES for short. This agreement is a low cost alternative to School Agreement Subscription service and ideal for a school that are looking at a technology refresh i.e. upgrading their workstation and server operating systems and Microsoft applications.

• EES single annual payment based on FTE staff count and the products you select.
• Choice of software include MS Office, Windows Upgrade and Client Access License (CAL) suites
• License additional software on all or selected computers e.g. MS Visio

A school that is not planning to upgrade their software in the next two years is better off retaining the Schools Agreement Subscription Service. The MS Select Agreement is a perpetual license that offers schools low cost prices for Microsoft software. The EES annual subscription model allows decisions on upgrading the operating system and applications to be made on the basis of Teaching and Learning need rather than on cost grounds.

Green Technology & Cutting ICT Spend

Saving energy, conserving resources and looking after the environment are everyone’s responsibility. Schools can contribute by considering many of the measures previously discussed; saving money and going green are usually one and the same. Some schools address many of the green issues by using technology efficiently and effectively some of the ways they delivered include:

• Replacing desktop computers with thin client PC’s and/or laptops
• Reducing the use of data projectors and high power equipment
• Liaising with the Network Manager as they have operational responsibility for ICT
• Increasing staff and pupil awareness using practical example of energy use and power consumption
• Moving selected ICT services, when appropriate, to the cloud
• Maintaining server room temperature at a steady 20°c

If schools require further technical advice or assistance with ICT contact Mark Vinnicombe on 01914611844 or email mark.vinnicombe@northerngrid.org

On the rare occasions that there are problems with the Northern Grid network we want to ensure that we are able to keep users informed. We have just launched a notification system that will be used when we have important announcements about service affecting issues. Examples of this would be a disruption of service or notification of an upgrade. It will not be used for day to day announcements about content or events; these will continue to be circulated through our mailing list.

The alert system is able to send SMS messages to mobile phones, send emails and call land lines. In order to benefit from this system you will need to send us contact details for all relevant members of staff. Please complete and return the attached spread sheet.

This information will not be shared with any other organisation and you will be able to unsubscribe to the service by emailing admin@northerngrid.org

Please carry out the following checks.  If any of the tests fail then your Cachepilot configuration is not providing adequate protection.  Contact Easynet Support on 08453334568 for further advice and assistance.

Google Safe Search

Open your browser and type the URL www.google.com a search windows will open click on the search settings link top right.  If you can view and change the SafeSearch Filtering options SafeSearch in not enforced.

YouTube

If you have decided to allow access to YouTube for a CachePilot user group, login as a member of this group and access the URL www.youtube.com a green banner titled "Enabled Safety mode" should appear directly below the YouTube search bar.  After any video is selected check to ensure that viewer’s comments are disabled.  They would normally appear directly below the video.

Blocked Categories

From your workstation’s browser access the following URLs.  All of the following URLs should be blocked if they are not your browser will be automatically redirected to the Smoothwall home page.  If any sites are not blocked check you’re filtering for configuration errors!

The above categories are blocked by default on all Northern Grid Cachepilots.

Social networking sites are now the most common method of spreading malware and viruses due to their popularity and poor design.  If the school allows access to these sites a rigorous security policy needs to be enforced to protect the network.

Cachepilot FAQ

What can a CP do for your school?

A CachePilot can speed up the delivery of web resources to your school through transparent and advanced caching techniques.  The device can also be used as a local content store.  The Smoothwall web filtering solution protects web users from offensive and malicious websites and offers URL category blacklists and dynamic content control. 

How does the Smoothwall filtering work?

Smoothwall uses two separate techniques to block inappropriate websites.  A URL category blacklist database is stored and updated on the unit of well-known websites.  To enhance the URL blacklist a dynamic content filter is deployed.  This heuristic filter is able to identify and categorize websites in real time, and block or allow them according to the policy deployed.

The dynamic content control uses a weighted phrase limit.  The WPL is a sensitivity bar and defaults to 50 suitable for a primary school.  Secondary Schools may wish to increase the limit (desensitize) to 120.   The CachePilot has the ability to blacklist (block) or whitelist (allow) any website, webpage or file type download.

Can I use Site Lists with the new Smoothwall filtering solution?

We recommend you do not use site lists but they can be added to the site list permission if required.  The new filtering configuration is now simpler to use and more efficient due to the separation of filtering components.  To modify the filtering select User Accounts / Groups  and select the group you wish to modify. The Global group policy applies to everybody and should be populated with your school blacklist. The new filtering configuration allows exceptions to be added in a group thereby eliminating the need to reduce the number of blacklisted categories for the Global group.

The Cachepilot slows down web access?

A correctly configured and maintained CachePilot does not generate any significant delay. Slow Internet performance may result from a problem on your network or on the remote web server. The new web filtering solution is more reliable and provides faster performance than a CachePilot running Smartfilter.

Websites on the Internet are hosted on a range of equipment resulting in performance differences to add to this geographic location and server loading can impact on the speed of your web access. If a website is generally slow to access it is a prime candidate for using the CachePilot’s advanced caching functionality.  If the Internet connection is slow contact mark.vinnicombe@northerngrid.org to run a remote diagnostic check.

Download As Document

Why use the E-Security practitioner’s toolkit?

The security toolkit provides clear and relevant practical advice to schools to ensure the safety of network users and protection for the network itself.  The toolkit addresses those topics that are key to any sound security and risk management strategy. The content will be maintained and updated to ensure that it remains current and reflects the needs of the school sector.

Target Audience

• Network Manager & Technicians responsible for deploying school network solutions
• IT Managers and Coordinators, who manage, administrate and maintain IT solutions
• School SMT responsible for the schools IT strategy, policies and procedures.

If you require any further information or advice contact mark.vinnicombe@northerngrid.org

Northern Grid's accreditation from Becta has been renewed.

The Becta Accreditation of Internet Services enables schools and other establishments to make an informed choice of a managed internet service provider or web content filtering solution. Accredited products and services must meet and maintain specific standards in web content filtering and service performance.

The standards of assessment have been developed in consultation with partners in education and industry to ensure the provision of reliable and relevant information. The scheme re-launched during Safer Internet Week in February 2009, following a review. The scope of the accreditation has been extended to include a wider range of standalone products designed to protect internet users not just in the school environment, but which can also be employed in other environments where children and young people have access to the internet.

A managed internet service provider is a provider to education that can supply a range of internet safety services. An individual web content filtering product or service supplies specific solutions to internet services providers.

For the full list of accredited service providers visit the Becta site

As part of Northern Grid’s fully, accredited manage service, the Email provision delivered to users should provide the following as a minimum set of requirements to meet Accreditation standards.

• At least one mailbox per person within the end user organisation
• Mailbox size has to be a minimum of 20 MB
• Attachment size has to be a minimum of 5 MB
• Address Anonymity has to be available [e.g., full names and year details should NOT be used. Example: j.bloggs@school.org.uk is fine but joe.bloggs@year1.school.org.uk is unacceptable
• Incoming and Outgoing emails messages with inappropriate words in either the subject and the message body must be filtered
• Email Messages sent internally with inappropriate words in either the subject and the message body must be filtered
• The Inappropriate words list must have the capability of being updated as and when its required either centrally or locally
• Emails infected with a Virus or virus infected attachment must either have the infected file removed or the entire email blocked.

These standards identify only the minimum requirements for an appropriate accredited email system for schools and Northern Grid recommend that you do not accept less than these standards. Using an email provision which does not meet these minimum standards infringes and negates the approved managed service standards of Northern Grid for Learning.

If you are having difficulty achieving these standards with a chosen email supplier please contact Northern Grid on 0191 4611844 for advice on suppliers that easily meet these standards.

Download this Document

Northern Grid can offer a range of e safety services to its partner and non-partner schools as well as the independent sector.

Northern Grid for Learning has a national reputation for its range of support and materials. Resources are available for organisations with a responsibility to care for and protect children and young people.

Northern Grid has worked extensively with national bodies including Becta and DfE to develop policies and documentation to support schools. Northern Grid officers regularly speak at regional and national conferences held by the National Education Network, LSCBs and Becta.

Download our portfolio of E-Safety services below.

Not a Northern Grid member? Have a look at our Non-Member E-Safety portfolio and Join Us if you're interested.

Northern Grid has produced this document to assist you in checking that your CachePilot is configured correctly. It contains a list of sites with instructions on how to test your configuration settings correctly and any actions that should be taken from performing these tests; in addition to these test instructions it also contains a list of FAQs to help answer any questions you may have about the CachePilot system.

Further information available in the document below.

What features do schools require of a broadband supplier?

A local or regional authority may be considering a public service network serving schools as well as other partners. A school may ask if a commercial provider could provide appropriate educational broadband services. This paper provides an overview of areas that need to be considered when designing broadband networks.

This paper is intentionally short. For further information, please contact admin@northerngrid.org

The Technical Service Review is a combination of a remote diagnostic network assessment, the completion of a five minute electronic questionnaire followed by an onsite visit to carry out network audit. The onsite visit also allows discussion on any support related issues or technical questions the school may have. The audit and discussion is designed to ensure that the school is maximizing their existing broadband connection and the additional services delivered by Northern Grid.

The onsite visit is expected to take approximately two hours but this is negotiable and dependent on the results of the remote diagnostic assessment. Prior to the visit a two page questionnaire will be emailed to the technical contact to identify key information this will speed up onsite testing and any subsequent problem diagnosis. The focus for discussion will be on the network’s health, performance and security so that we ensure that we align out services and support to offer the best quality service at the lowest possible cost.

Network Performance is often misunderstood leading to unsustainable expectations. An example of this is the use of a popular web speed test tools i.e. speedtest.net The results from these tools are inaccurate on a true broadband network comprised of fibre point to point circuits with no last mile contention. These tools are designed for measuring low bandwidth copper adsl circuits to the home. If schools wish to have a network assessment arrange a TSR.

The following list of topic areas will be the basis of the technical service review meeting. It’s important that the meeting is relevant and useful to the school so it is envisaged that the scope of discussion will be led by the school themselves.

The specific topic areas to cover

• Firewall Audit
• Web filtering
• CP Audit/Migration/Support
• Security issues (policies,/practice)
• Network Performance Statistics and diagnosis
• Online service/support questionnaire
• Network Monitoring and SMS notification of problems
• Service Provision
• New Services – DNS hosting, remote access, Backup & D/R
• Training and future developments
• Learning Platforms

Book Your Technical Service Review

To arrange your Technical Service Review contact mark.vinnicombe@northerngrid.org or telephone: 0191 4611 844

Northern Grid wishes to engage consultants to support the next procurement of their regional broadband network.

Documents below detail the consultancies for the required technical and legal services.