Network Security

The school network is a valuable resource that is freely available to all students and staff from most computers situated throughout the school. Due to the wide variety of uses by well over a thousand users, a number of precautions have to be taken to help ensure that the system is kept available and in full working order:

Supervision

• The use of the network should be supervised as closely as is reasonably possible during timetabled lessons. It should be realized however, that all users do have access to the network at other times and with very little supervision beyond the restrictions outlined below.
• ICT staff can view a computer screen at any time from anywhere on the school network without the user knowing about it.
• Normal classroom rules apply, and prohibitions such as eating, drinking, grooming and spraying aerosols are strictly reinforced due to the serious damage that may be caused to the equipment.

Network User Access

• Access to the school network is available from any network station during the normal school day. Staff are responsible to ensure that the stations in their classrooms and work areas are turned off at the end of the day. Prior arrangements must be made for access during school vacations.
• All users are required to log on with their own personal username, which will remain with them throughout their time at this school.
• All users have their own password to allow them to log on, which should not be made available to anyone else.
• Passwords are restricted to at least five characters.
• The repeatedly incorrect entry of a password will result in the user being locked out until reset by an administrator.
• Accounts not used within a full academic year will be deleted, including all work saved.
• All network system and administration passwords are recorded and kept in a secure place.
• Time spent on the network is continually audited for each user.

File Security

• All users have their own area for storing their work on the network server hard disk (the "my work" folder). This means that they can access their work from any network station.
• To reduce the chances of the server hard disk filling up and crashing the whole network, the amount of disk space for each user is limited to normally 5 MB. Overflowing this limit will cause the user to be locked out until sufficient files have been deleted or moved to a floppy disk.
• Users do not have access to station and network drives nor are they able to alter or save files outside their own area (except in the authorized shared topic areas).
• Precautions are taken to reduce the chances of infection by computer viruses via the Internet, email, or floppy disk.
• The antivirus software, which is installed on all school network stations and servers, is updated daily.
• An automatic daily search is made for any executable program and zip files stored in user areas. These are automatically logged against the user then deleted.
• The system performs an automatic backup of each server hard disk to tape every night. A different tape is used for each night and then reused the following week. Occasional backup tapes taken at key points (end-of-term, pre-upgrades, etc) are kept in the school safe for longer periods of time before reuse.
• students should also be encouraged to perform backups of their own files on their own floppy disks.
• Station backups are not required. A faulty station can be quickly rebuilt with all the necessary software via files stored centrally on the server.
• The network servers are located within an office within a computer room. This office is kept locked when not under direct supervision.
  

Software Inventory

• An inventory should be maintained containing a record for each item of software that is available for use on the network and the number of licences held.
• Licences and invoices must be sent to the ICT department for filing in case proof of ownership is required.
  

Access to Software

• All users receive desktop icons and start-menu-shortcuts to all the main application programs and common utilities.
• Users are guided onto the network via "topics" set up for each of the curriculum subjects and chosen at log on. This provides shortcuts/icons to programs that are relevant to the study of that subject as well as any shared documents provided by the subject teachers. students have read-only access to these shared documents but may copy them for their own use.
• Users can only access software and other resources as made available to them through these "topics". For example, students do not have access to the Staff topic. Access to certain resources such as Internet software may also be removed for certain network users, where found to be necessary.
• Use of the main software packages is continually audited for each user.
• Sites visited on the Internet are also audited, and filtered - see our Internet Security Policy.
  

Access to Printers

• To encourage good management and reduce wastage of ink and paper, the number of pages for each user is currently limited to 6-10 sheets and is reinstated each week.
• Attempts to print beyond this credit limit are automatically denied by the system.
• students may ask for more credits on production of the evidence or wait until the following week.
• Use of printer credits is continually audited for each user and for each printer on the network.
• Each main ICT suite has access to one laser printer.
• Most ICT suites contain one workstation that has a colour printer connected to it. This is for special printouts only, and users should ask for permission before using it.
• Laser printed pages are worth one printer credit, colour pages are worth 10 printer credits.
  

Hardware Security

• An inventory must be maintained of all equipment together with make, model, serial number, date of purchase and location.
• Items between 1 and approximately 5 years old and having significant value are registered on a service contract to insure against major repairs.
• Rooms with computers must be locked overnight. Computers in the more vulnerable areas are permanently bolted to the desks.
• Keys to computer rooms must be recorded and monitored.
• All external visitors are required to report to the office and wear identification at all times.
• All computer rooms and corridors are monitored by the school alarm system after school hours.
• All major items are security marked to identify them as the property of the school.
• Mouse balls may be sealed permanently to prevent tampering. Mice and headphones are security tagged to the computer in order to discourage their removal.
  

Electrical Safety

• All equipment attached to the main electrical supply is safety tested annually.
• A fully isolated mains switch is provided in all main computer rooms and staff should ensure that they know where it is.
• The servers operate from an Uninterruptable Power Supply (UPS) to protect against power surges and blackouts.
  

Fire Protection Measures

• Waste material should be frequently removed from the computer areas.
• A carbon dioxide (CO2) fire extinguisher is required in all main computer rooms and staff should ensure that they know where it is and how to use it.
  

Adapted from IT Security & Privacy Guidelines for Users, Oxfordshire County Council © 1997