+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
How do you do....it? Thread, Scanning Students USB's on Login in Technical; We are thinking of scanning students USB's when they insert them, this is because a number or parents are reporting ...
  1. #1

    Join Date
    May 2007
    Posts
    47
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Scanning Students USB's on Login

    We are thinking of scanning students USB's when they insert them, this is because a number or parents are reporting that students are acquiring programs and games and bring them home.

    We know that the students are not getting the files from school and that strictly speaking the USB remain the students responsibility. - do you agree?

    If we can scan them regularly and generate a log , perhaps they will be more careful with USB contents!

    Am I being OTT or is this possible? if so, how could it be done?

    Thanks Roland.

  2. #2
    KarlGoddard's Avatar
    Join Date
    Jul 2005
    Location
    Bolton, Lancashire
    Posts
    272
    Thank Post
    37
    Thanked 18 Times in 18 Posts
    Rep Power
    26
    As long as they're not acquiring the games from school directly - i.e. they're distributing them from a share which the pupils can access, I don't really see how you could stop them doing it.

    What would happen if pupils were burning stuff onto dvd or cd and passing them out in the quad or playground? Random bag searches?

    tell the parents to bugger off and stop trying to pass the buck onto the school.

    If little johnny is upto no good on his home PC or is bringing home inappropriate stuff they should give him a bollocking and restrict his PC access - which is exactly what would happen in my school if mucked about on our PC's with games and inappropriate programs (not as though he could as we have software restrictions in place)

    mmmm a nice Wednesday morning rant!!!

  3. #3
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,305
    Thank Post
    8
    Thanked 205 Times in 155 Posts
    Rep Power
    111
    We disable USB on the workstations. If kids want work transferring, it goes through me, Steve or one of the IT Teachers..that's a pretty good screen.

  4. #4
    KarlGoddard's Avatar
    Join Date
    Jul 2005
    Location
    Bolton, Lancashire
    Posts
    272
    Thank Post
    37
    Thanked 18 Times in 18 Posts
    Rep Power
    26
    Quote Originally Posted by Sirbendy View Post
    We disable USB on the workstations. If kids want work transferring, it goes through me, Steve or one of the IT Teachers..that's a pretty good screen.
    why do you disable USB? that just creates more work for the tech's and teachers and generally is hindrance IMHO

  5. #5
    richard.thomas's Avatar
    Join Date
    Sep 2007
    Posts
    491
    Thank Post
    5
    Thanked 11 Times in 10 Posts
    Rep Power
    17
    It must be possible to have an application running in the background that can detect when a USB key is inserted and stop mapping the drive untill it's completed a quick search. Looking for common game names would be a good idea, we can't block all .swf files because we teach flash

  6. #6
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    The pen drive is the private property of the student, and I don't think you should go looking at it without good cause. Virus scan it and use GPOs to block exe files from running, yes (this is network security and therefore within your remit); but scan them for games which they didn't get off your network, no.

    If two kids want to swap a game between them by plugging in both pen drives, then that is theirs to do - it is not an IT problem. If a parent complained that a kid got lent a book or magazine they didn't like, would you ask the English Dept or Librarian to run spot checks on bags? Course not. Same applies here.

    Of course, if the kids are using the school's Internet connection to download these games, you have some responsibility to act on this, but that response must start and end with blocking the download sites.

    IMHO, of course :-)

  7. #7
    KarlGoddard's Avatar
    Join Date
    Jul 2005
    Location
    Bolton, Lancashire
    Posts
    272
    Thank Post
    37
    Thanked 18 Times in 18 Posts
    Rep Power
    26
    Quote Originally Posted by NickJones View Post
    The pen drive is the private property of the student, and I don't think you should go looking at it without good cause. Virus scan it and use GPOs to block exe files from running, yes (this is network security and therefore within your remit); but scan them for games which they didn't get off your network, no.
    As far as I see it once the pen drive gets plugged into one of our pcs that pen drive is then another drive on the PC, the PC is on our network and therefore we're responsible for it.

    If the pen drive is in his pocket or his bag and not connected to a pc it is private property and will stay that way. Don't know what the official legal bit is on all that but that's the way we deal with things and, for us at least, works exceptionally well.

    Good anti virus and GPO's stop any 'bad' things happening to the network. Distributing files from pen drive to pen drive would be almost impossible to stop unless you take the overall backward step mentioned above and disable all USB sockets.

  8. #8
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Quote Originally Posted by kgcs View Post
    As far as I see it once the pen drive gets plugged into one of our pcs that pen drive is then another drive on the PC, the PC is on our network and therefore we're responsible for it.
    I agree that you're responsible for it, but only in so far as ensuring the security of your network, i.e. viruses can't spread, hacking tools can't be run, etc - this can be done without direct access to the pen itself. I don't believe that this responsibility extends to controlling what else the student has on their pen.

    Consider bag searches - while the school has a responsibility, not to mention a legal right, to check bags for weapons and other such threats to safety, they don't have the right to check for things like PSPs or other gaming devices. Does the same not apply to pen drives?

    If you had evidence to suggest that something illegal was on the pen drive - note illegal, not just disliked by the parents - then that would be a different question, but in this instance we're talking about games.

    There is of course the separate question of the school wanting to work alongside the parents in matters such as this, but until SLT say "we want to help the parents who are worried about what the kids are doing on the computers", that's not so relevant.

    IMHO :-)

  9. #9

    flyinghaggis's Avatar
    Join Date
    Jan 2006
    Posts
    1,082
    Thank Post
    108
    Thanked 81 Times in 63 Posts
    Rep Power
    140
    Quote Originally Posted by NickJones View Post
    Consider bag searches - while the school has a responsibility, not to mention a legal right, to check bags for weapons and other such threats to safety, they don't have the right to check for things like PSPs or other gaming devices. Does the same not apply to pen drives?
    I think the issue above with memory sticks is that you have to (and need the right to) scan the drive for legitimate stuff just like you need the right to search a school bag for things like weapons/etc. Without the ability to actively monitor pupils files you've now idea whether a jpeg image on their stick is an innocent logo or a hardcore pornography image. Just like you've no idea if the lump in their bag is a knife of or a PSP until you open it!
    It's acually in our RUA to say that pupils are only allowed to bring in materials on a stick/HDD that are directly used for school and that they shouldn't contain any other files. It also explicetly states that we reserve the right to inspect (passively or actively) any files/devices connected to the network. IMO once a pupil, or staff member, connects a device to the network it has to and should comply with all of our rules regardless of whether it belongs to them our not.
    If they're not happy with that they can email in the file or print it off! At the end of the day the ability to connect their personal devices to the network is a priveledge rather than a right!

  10. #10
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,540
    Thank Post
    112
    Thanked 89 Times in 75 Posts
    Blog Entries
    47
    Rep Power
    41
    from another angle you maybe could stop them downloading installers and exe files.

  11. #11
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,305
    Thank Post
    8
    Thanked 205 Times in 155 Posts
    Rep Power
    111
    Hah..no, not really any extra work. Work to-from home gets done either "on pen" and therefore through us, or via mail, and again, that is done through our machines via OWA.

    We DID gove OWA to the kids, and outlook..so much abuse of mail going on, so many "Mass domain mails" going out (try the entire of telford for size - no fun), so many staff/kids from other schools complaining..we called it a day for that functionality. Sad, but needed.

    Staff can't supervise the kids..some of the mails and grovelling we've had to do, and other schools have had to do to us show that. If they want to be treated like idiots, then that is what I shall do. No skin off my nose.

    As to privacy of data - not once it hits my system. Same with their phones - when they get brought to us with a request to go through and download footage etc from SMT..then I have no issue with it.

    It's all in our AUP..whatever you do, we watch. There is no escape, there is no excuse, there is just us. Basically. The kids are fine with that, and those that protest get to read the AUP instead of just clicking "Agree"..and boy, do they stop complaining when that happens. Although, with some the reading of the AUP is painful.

    It's maybe 2 minutes out of my day..I have a USB extender fixed to the desk, and they just plug and go. Work is either put into their user areas (mapped drive on mine), or communal "work temp" folder that gets nuked weekly. They then have to grab and move that themselves.

    It's really not been any problem at all, compared to the issues with games, lophcrack, dubious software and files etc that were coming in. Bear in mind the LEA run our servers, not us..

    It may not be ideal, but it's good. Staff have "normal" USB access..it's only off for kids. Staff in general have no student area access though, so it still has to come through us. The policy has been in place for..2? 3? years now..

    Add to that we do frequent user area/shared area scans and nuking, and we're fairing quite well compared to some we've heard about.

    Of course, we can't police the bluetooth stuff, the PSPs and so on..but if they can't plug in and go, it's fairly irrelevant.
    Last edited by Sirbendy; 30th April 2008 at 01:41 PM.

  12. #12
    KarlGoddard's Avatar
    Join Date
    Jul 2005
    Location
    Bolton, Lancashire
    Posts
    272
    Thank Post
    37
    Thanked 18 Times in 18 Posts
    Rep Power
    26
    [QUOTE=NickJones;185483]I agree that you're responsible for it, but only in so far as ensuring the security of your network, i.e. viruses can't spread, hacking tools can't be run, etc - this can be done without direct access to the pen itself. I don't believe that this responsibility extends to controlling what else the student has on their pen.
    /QUOTE]

    I totally agree! If John Smith has a copy of a game on his pen drive - it stays there. He can't run it or play it through good network management on our part.

    I may have a casual word with him and point one or two things out - like don't copy games for people on my network or using my pc's and how we can tell who creates folders / files on any of our shares etc basically just let him know 'we're vigilant' if that makes sense

    If it was a virus / malware it would get deleted straight off.

    If it was porn or something of that nature we're now stepping into the legal side (or illegal side, as a minor can't be in possession of porn) and a child protection matter. All I would do is do a swoop and lift the pupil with a member of SLT, document my actions and leave it with them upstairs.

  13. #13
    button_ripple's Avatar
    Join Date
    Dec 2007
    Location
    Luton
    Posts
    346
    Thank Post
    93
    Thanked 20 Times in 18 Posts
    Rep Power
    18
    I read something once that said that the USB memory stick is property of the student and as such looking inside it, or using software to look inside it is breaking the DPA.

    Not sure where i read it, but i will try to find it!

    We don't bother here, if they want to waste lesson time playing games so be it! They can't install anything so we don't particularly care. It is up to the teachers themselves to stop them playing games on the memory sticks during lesson times and no one has access to a computer during lunchtimes or after school at the minute!

  14. #14
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    21
    I read something once that said that the USB memory stick is property of the student and as such looking inside it, or using software to look inside it is breaking the DPA.

    Not sure where i read it, but i will try to find it!
    I do not believe that the DPA is relevant here. The DPA is about taking the correct actions in respect of stored personal information. IMO the following bit from the computer misuse act is enlightening. This says (in the interpretation section - 17)

    (6) References to any program or data held in a computer include references to any program or data held in any removable storage medium which is for the time being in the computer; and a computer is to be regarded as containing any program or data held in any such medium.
    Because of this our AUP clearly says that once the USB pen is plugged into a school computer then the data on it is subject to the same rules as the computer it is plugged into.

    Hope this helps

    Jonathan

  15. Thanks to ArchersIT from:

    enjay (30th April 2008)

  16. #15
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,477
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    53
    Does anyone know a way you can set sophos to scan usb drives when they are inserted into the computer.

    Also I have been trying to find a way of using group policy to block .exe files.

    I have tried a path rule with *.exe and that blocks them in the root of the drive but not all the drive.

    Does anyone know how I can set up this rule to block all exes and bats etc anywhere on the drive.

    Thanks for all your help.

    Richard



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. login scripts
    By palmer_eldritch in forum Mac
    Replies: 1
    Last Post: 6th March 2008, 11:47 AM
  2. reconnect on login
    By brubakes in forum *nix
    Replies: 2
    Last Post: 17th January 2008, 09:10 AM
  3. scanning for porn
    By goodhead in forum Windows
    Replies: 4
    Last Post: 27th February 2007, 12:32 PM
  4. The gadget show +wireless scanning util.
    By Dos_Box in forum General Chat
    Replies: 4
    Last Post: 22nd February 2006, 05:02 PM
  5. Replies: 32
    Last Post: 25th July 2005, 08:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •