How do you do....it? Thread, Scanning Students USB's on Login in Technical; We are thinking of scanning students USB's when they insert them, this is because a number or parents are reporting ...
30th April 2008, 05:43 AM #1
- Rep Power
Scanning Students USB's on Login
We are thinking of scanning students USB's when they insert them, this is because a number or parents are reporting that students are acquiring programs and games and bring them home.
We know that the students are not getting the files from school and that strictly speaking the USB remain the students responsibility. - do you agree?
If we can scan them regularly and generate a log , perhaps they will be more careful with USB contents!
Am I being OTT or is this possible? if so, how could it be done?
30th April 2008, 09:35 AM #2
As long as they're not acquiring the games from school directly - i.e. they're distributing them from a share which the pupils can access, I don't really see how you could stop them doing it.
What would happen if pupils were burning stuff onto dvd or cd and passing them out in the quad or playground? Random bag searches?
tell the parents to bugger off and stop trying to pass the buck onto the school.
If little johnny is upto no good on his home PC or is bringing home inappropriate stuff they should give him a bollocking and restrict his PC access - which is exactly what would happen in my school if mucked about on our PC's with games and inappropriate programs (not as though he could as we have software restrictions in place)
mmmm a nice Wednesday morning rant!!!
30th April 2008, 09:49 AM #3
We disable USB on the workstations. If kids want work transferring, it goes through me, Steve or one of the IT Teachers..that's a pretty good screen.
30th April 2008, 10:48 AM #4
why do you disable USB? that just creates more work for the tech's and teachers and generally is hindrance IMHO
Originally Posted by Sirbendy
30th April 2008, 10:54 AM #5
It must be possible to have an application running in the background that can detect when a USB key is inserted and stop mapping the drive untill it's completed a quick search. Looking for common game names would be a good idea, we can't block all .swf files because we teach flash
30th April 2008, 11:26 AM #6
The pen drive is the private property of the student, and I don't think you should go looking at it without good cause. Virus scan it and use GPOs to block exe files from running, yes (this is network security and therefore within your remit); but scan them for games which they didn't get off your network, no.
If two kids want to swap a game between them by plugging in both pen drives, then that is theirs to do - it is not an IT problem. If a parent complained that a kid got lent a book or magazine they didn't like, would you ask the English Dept or Librarian to run spot checks on bags? Course not. Same applies here.
Of course, if the kids are using the school's Internet connection to download these games, you have some responsibility to act on this, but that response must start and end with blocking the download sites.
IMHO, of course :-)
30th April 2008, 11:52 AM #7
As far as I see it once the pen drive gets plugged into one of our pcs that pen drive is then another drive on the PC, the PC is on our network and therefore we're responsible for it.
Originally Posted by NickJones
If the pen drive is in his pocket or his bag and not connected to a pc it is private property and will stay that way. Don't know what the official legal bit is on all that but that's the way we deal with things and, for us at least, works exceptionally well.
Good anti virus and GPO's stop any 'bad' things happening to the network. Distributing files from pen drive to pen drive would be almost impossible to stop unless you take the overall backward step mentioned above and disable all USB sockets.
30th April 2008, 12:39 PM #8
I agree that you're responsible for it, but only in so far as ensuring the security of your network, i.e. viruses can't spread, hacking tools can't be run, etc - this can be done without direct access to the pen itself. I don't believe that this responsibility extends to controlling what else the student has on their pen.
Originally Posted by kgcs
Consider bag searches - while the school has a responsibility, not to mention a legal right, to check bags for weapons and other such threats to safety, they don't have the right to check for things like PSPs or other gaming devices. Does the same not apply to pen drives?
If you had evidence to suggest that something illegal was on the pen drive - note illegal, not just disliked by the parents - then that would be a different question, but in this instance we're talking about games.
There is of course the separate question of the school wanting to work alongside the parents in matters such as this, but until SLT say "we want to help the parents who are worried about what the kids are doing on the computers", that's not so relevant.
30th April 2008, 01:01 PM #9
I think the issue above with memory sticks is that you have to (and need the right to) scan the drive for legitimate stuff just like you need the right to search a school bag for things like weapons/etc. Without the ability to actively monitor pupils files you've now idea whether a jpeg image on their stick is an innocent logo or a hardcore pornography image. Just like you've no idea if the lump in their bag is a knife of or a PSP until you open it!
Originally Posted by NickJones
It's acually in our RUA to say that pupils are only allowed to bring in materials on a stick/HDD that are directly used for school and that they shouldn't contain any other files. It also explicetly states that we reserve the right to inspect (passively or actively) any files/devices connected to the network. IMO once a pupil, or staff member, connects a device to the network it has to and should comply with all of our rules regardless of whether it belongs to them our not.
If they're not happy with that they can email in the file or print it off! At the end of the day the ability to connect their personal devices to the network is a priveledge rather than a right!
30th April 2008, 01:18 PM #10
from another angle you maybe could stop them downloading installers and exe files.
30th April 2008, 01:37 PM #11
Hah..no, not really any extra work. Work to-from home gets done either "on pen" and therefore through us, or via mail, and again, that is done through our machines via OWA.
We DID gove OWA to the kids, and outlook..so much abuse of mail going on, so many "Mass domain mails" going out (try the entire of telford for size - no fun), so many staff/kids from other schools complaining..we called it a day for that functionality. Sad, but needed.
Staff can't supervise the kids..some of the mails and grovelling we've had to do, and other schools have had to do to us show that. If they want to be treated like idiots, then that is what I shall do. No skin off my nose.
As to privacy of data - not once it hits my system. Same with their phones - when they get brought to us with a request to go through and download footage etc from SMT..then I have no issue with it.
It's all in our AUP..whatever you do, we watch. There is no escape, there is no excuse, there is just us. Basically. The kids are fine with that, and those that protest get to read the AUP instead of just clicking "Agree"..and boy, do they stop complaining when that happens. Although, with some the reading of the AUP is painful.
It's maybe 2 minutes out of my day..I have a USB extender fixed to the desk, and they just plug and go. Work is either put into their user areas (mapped drive on mine), or communal "work temp" folder that gets nuked weekly. They then have to grab and move that themselves.
It's really not been any problem at all, compared to the issues with games, lophcrack, dubious software and files etc that were coming in. Bear in mind the LEA run our servers, not us..
It may not be ideal, but it's good. Staff have "normal" USB access..it's only off for kids. Staff in general have no student area access though, so it still has to come through us. The policy has been in place for..2? 3? years now..
Add to that we do frequent user area/shared area scans and nuking, and we're fairing quite well compared to some we've heard about.
Of course, we can't police the bluetooth stuff, the PSPs and so on..but if they can't plug in and go, it's fairly irrelevant.
Last edited by Sirbendy; 30th April 2008 at 01:41 PM.
30th April 2008, 01:48 PM #12
[QUOTE=NickJones;185483]I agree that you're responsible for it, but only in so far as ensuring the security of your network, i.e. viruses can't spread, hacking tools can't be run, etc - this can be done without direct access to the pen itself. I don't believe that this responsibility extends to controlling what else the student has on their pen.
I totally agree! If John Smith has a copy of a game on his pen drive - it stays there. He can't run it or play it through good network management on our part.
I may have a casual word with him and point one or two things out - like don't copy games for people on my network or using my pc's and how we can tell who creates folders / files on any of our shares etc basically just let him know 'we're vigilant' if that makes sense
If it was a virus / malware it would get deleted straight off.
If it was porn or something of that nature we're now stepping into the legal side (or illegal side, as a minor can't be in possession of porn) and a child protection matter. All I would do is do a swoop and lift the pupil with a member of SLT, document my actions and leave it with them upstairs.
30th April 2008, 02:02 PM #13
I read something once that said that the USB memory stick is property of the student and as such looking inside it, or using software to look inside it is breaking the DPA.
Not sure where i read it, but i will try to find it!
We don't bother here, if they want to waste lesson time playing games so be it! They can't install anything so we don't particularly care. It is up to the teachers themselves to stop them playing games on the memory sticks during lesson times and no one has access to a computer during lunchtimes or after school at the minute!
30th April 2008, 02:41 PM #14
I do not believe that the DPA is relevant here. The DPA is about taking the correct actions in respect of stored personal information. IMO the following bit from the computer misuse act is enlightening. This says (in the interpretation section - 17)
I read something once that said that the USB memory stick is property of the student and as such looking inside it, or using software to look inside it is breaking the DPA
Not sure where i read it, but i will try to find it!
Because of this our AUP clearly says that once the USB pen is plugged into a school computer then the data on it is subject to the same rules as the computer it is plugged into.
(6) References to any program or data held in a computer include references to any program or data held in any removable storage medium which is for the time being in the computer; and a computer is to be regarded as containing any program or data held in any such medium.
Hope this helps
Thanks to ArchersIT from:
30th April 2008, 02:49 PM #15
Does anyone know a way you can set sophos to scan usb drives when they are inserted into the computer.
Also I have been trying to find a way of using group policy to block .exe files.
I have tried a path rule with *.exe and that blocks them in the root of the drive but not all the drive.
Does anyone know how I can set up this rule to block all exes and bats etc anywhere on the drive.
Thanks for all your help.
By palmer_eldritch in forum Mac
Last Post: 6th March 2008, 11:47 AM
By brubakes in forum *nix
Last Post: 17th January 2008, 09:10 AM
By goodhead in forum Windows
Last Post: 27th February 2007, 12:32 PM
By Dos_Box in forum General Chat
Last Post: 22nd February 2006, 05:02 PM
By Ric_ in forum General Chat
Last Post: 25th July 2005, 08:17 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)