+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 46
General EduGeek News/Announcements Thread, Updated Data handling Guidance from Becta in EduGeek Stuff; Thanks GrumbleDook I really must get my head round this folder permission thing. I guess it is possible to set ...
  1. #16
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Thanks GrumbleDook I really must get my head round this folder permission thing. I guess it is possible to set permissions on certain folders on the file server, so that only certain individuals have access?

    Only two teacher laptops have local user access, all of the others have network only. However the rest do have offline file and folder access, so do I still need to have disc encryption for the laptops? Also disc encryption for the USB pen drives that they all use? How do I prevent the teachers, for instance, from transferring the files from the laptop, via the USB, to their home computers?

    Minefield, can of worms, ease of use, slow machines..... it's all getting a bit heavy, when all the teachers want to do is write the end of year reports. I do understand the issues just not sure how to explain it all to my users not to mention implement it all.

  2. #17

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    The Advice sets that within the network is secure once outside the school network is not secure.
    Yes. But. The real-world isn't binary, you need to engage brains and adjust to fit (and I'm sure the Becta authors would agree). For instance machines can end up outside the school without consent.

    This guidance applies to Primaries too and I can think of a couple of local cases where after breaking into the office and presumably not finding the petty cash box or anything else especially interesting they've settled for office computers, some of which have contained personal data.. and of course that's data on the little ones which typically generates about 100 times the public concern/panic compared to teenagers.

    Thus in my corner of the world, the LEA who tend to implement and look after most of the SIMS boxes for Primaries are starting to use full system encryption on them. That makes perfect sense to me.

    So are you saying that I should encrypt full discs on all staff laptops, figuring that they will be off the network at some point or other?
    Yes or at least make that a starting point and see if you can find any credible reasons why you shouldn't do that for any particular staff laptops. Realistically this isn't that hard to do and it's not hard for the users either, so my view is that it's worth doing even when the risk in any given case is relatively small.
    Last edited by PiqueABoo; 8th May 2009 at 12:27 AM.

  3. Thanks to PiqueABoo from:

    leco (8th May 2009)

  4. #18

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,652
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by leco View Post
    Thanks GrumbleDook I really must get my head round this folder permission thing. I guess it is possible to set permissions on certain folders on the file server, so that only certain individuals have access?

    Only two teacher laptops have local user access, all of the others have network only. However the rest do have offline file and folder access, so do I still need to have disc encryption for the laptops? Also disc encryption for the USB pen drives that they all use? How do I prevent the teachers, for instance, from transferring the files from the laptop, via the USB, to their home computers?
    The answer is simple - do the laptops go off site? Is there a possibility of them containing data that needs to be secured? If yes to both then disk level encryption is needed.

    USB keys - some of the software available allows you to control USB access if I recall correctly - ie. only allow disks which are encrypted to be used, and if one that isn't encrypted, it disallows access until it is encrypted. I'm sure I didn't dream that (but might have done!).

    Minefield, can of worms, ease of use, slow machines..... it's all getting a bit heavy, when all the teachers want to do is write the end of year reports. I do understand the issues just not sure how to explain it all to my users not to mention implement it all.
    This is the crux of the problem, the explanation for staff. In schools, there is a culture of insecurity as far as I can see. People don't take it seriously. Offices with filing cabinets full of data are left unlocked, laptops are left with MIS systems on screen and unlocked etc... There needs to be a major shift in the way staff think, and I think this is an issue which needs addressing. How to get teachers to listen?

  5. Thanks to localzuk from:

    leco (8th May 2009)

  6. #19
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Not just how to get teachers to listen though - they do listen (in my school anyway) but do not understand what is meant. Plus if something slows down their machines or their access, thus slowing the lesson, then it's the network at fault and I must do something about it. Speed is such a relative thing.

  7. #20

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Miles has sent over the instructions for TrueCrypt and I have attached them. They will also be put onto the Open Source Shools site shortly and I will put a notice up in this thread when that is done. Eventually that will be the place to look (especially for updates to the instructions).
    Attached Thumbnails Attached Thumbnails Updated Data handling Guidance from Becta-how_to_install_and_setup_truecrypt.pdf  

  8. Thanks to GrumbleDook from:

    leco (8th May 2009)

  9. #21
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    178
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    I wonder why Becta have chosen to use version 5.1 when the current version is 6.1?

  10. #22

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,919
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204
    RE : Version

    Would be when it was written as this was in the first incarnation of the documents.

    Over my comment to do with in the network what I was referring to was comment of encrypting servers which said wasn't need for due to being in the network.

    Anything that might go out side the network should be encrypted.

    Russ

  11. #23

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    what I was referring to was comment of encrypting servers which said wasn't need for due to being in the network.
    Some of those Primary SIMS boxes the local LEA are encrypting are perfectly real servers and the proportion of those can only get bigger (SIMS memory footprint almost doubled with the SQL 2K5 upgrade, if a school wants attendance etc. in classrooms you've got to run it on a server OS because of TCP/IP connection limits, they've got to add software for the same parental access to info as Secondaries albeit with a couple more years grace).

    The main difference is that they're likely to be smaller pedestal servers not bolted into racks, and the average physical security of that stationary cupboard or stuffed under a desk in a school office or whatever probably won't be as good as the typical Secondary equivalent. Relative budgets, space and so on..

    Ultimately I think it would be unwise to exclude anything containing personal data from being a *potential* candidate for full encryption unless it has credible physical security.

    To be honest my starting position for server encryption was A Cold Day In Hell[tm], but I struggled to think of any really convincing objections besides this one: You can't restart it unless someone will be present to type in a password (or whatever).

  12. #24

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Miles has sent over the instructions for TrueCrypt and I have attached them.
    Mmmm... looking at the 981MB example, when it comes to USB I *completely* fail to see any mileage in faffing about with TrueCrypt for pensticks now when you can readily get ones with on-board encryption for reasonable prices e.g. 15 for 4GB, 25 for an 8GB.

  13. Thanks to PiqueABoo from:

    GrumbleDook (8th May 2009)

  14. #25

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Yep, saw a good number of providers of secure USB sticks at InfoSec and they are good if you are picking up new USB sticks ... but remember that there are plenty USB sticks around already that teachers use ... you can't just throw them away so make the most of them.

  15. #26
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Quote Originally Posted by GrumbleDook View Post
    Yep, saw a good number of providers of secure USB sticks at InfoSec and they are good if you are picking up new USB sticks ... but remember that there are plenty USB sticks around already that teachers use ... you can't just throw them away so make the most of them.
    Another but, you almost have to "throw them away" as, if I've understood it correctly, the drive has to be empty to install Truecrypt. Which in operational terms means moving the data off and then back on after encryption.

    Certainly requires a carefully thought out forward plan for execution, and one that will cause minimal disruption to users.

  16. #27

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Which in operational terms means moving the data off and then back on after encryption.
    Yes and that has a cost too. [Although I now expect to be told that everyone's school management simply isn't good enough at that role to ever seriously consider factoring in the cost of your time into anything, and in particular whether that time might be more profitably used elsewhere.]

  17. #28

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,919
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204
    I have been thinking about memory sticks and I have two options

    Encrypt every memory stick a teacher owns or

    Buy one large (say 4gb) encrypted memory stick and that becomes one that they must save personnel data to and the rest of there memory sticks they save resources etc to..

    On that note anyway found a hardware based encrypted memory stick that works on macs.

    Russ

  18. #29

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Buy one large (say 4gb) encrypted memory stick and that becomes one that they must save personnel data to and the rest of there memory sticks they save resources etc to..
    Wins by a long shot. Pragmatically, and although this pains me, this is possibly more about liability than anything else. If an organisation provides crypto-sticks and makes their use for confidential data subject to an intelligible policy (that people sign) they've almost certainly covered their backsides.

    Yes, this is yet another area where you probably should consult a lawyer.

  19. #30
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Quote Originally Posted by russdev View Post
    Buy one large (say 4gb) encrypted memory stick and that becomes one that they must save personnel data to and the rest of there memory sticks they save resources etc to..

    Russ
    Have been thinking along the same lines. As PiqueABoo says, factoring in the time and cost of recalling all sticks to encrypt then reissue, would take too long, especially at this time of year (annual reports etc.) However, budgets have already been set and I don't think that encrypted sticks will have been considered. On the other hand it is a Government directive so must be implemented - will make the suggestion of buying encrypted sticks along with directions as to exactly what data must be kept on them. I'll stil have to encrypt the laptop drives though

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Replies: 8
    Last Post: 12th December 2008, 12:19 PM
  2. Data Protection Guidance goes live
    By GrumbleDook in forum General Chat
    Replies: 8
    Last Post: 1st October 2008, 05:03 PM
  3. Becta Information security guidance for schools published
    By SYSMAN_MK in forum School ICT Policies
    Replies: 23
    Last Post: 8th February 2008, 11:29 AM
  4. Handling Different Resolutions (17" TFT's, Data Projectors,)
    By flyinghaggis in forum How do you do....it?
    Replies: 13
    Last Post: 31st May 2006, 09:33 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •