Might be worth looking at truecrypt.
According to the FAQ it doesn't mind networks TrueCrypt - Free Open-Source Disk Encryption - Documentation - Sharing Over Network
We have 3 child protection officers in school who would like to use electronic forms of sharing/storage/communicating.
Obviously this is a hugely sensitive area that needs to be very secure.
I am thinking of a folder on the network, which only the staff members involved can access (NTFS permissions) which then contains a folder/file which can be encrypted by them using software installed on specific PCs. Only they would know the passphrase.
Also, is there an existing software solution for this kind of scenario (very secure record history) that could be used as well as or instead of?
Bear in mind that they may need to access the data at the same time.
what MIS system do you have in place? I would have thought this should be used as it would provide you with your audit needs?
There are a few other things to consider as well.
The computer should not be in an area where the screen is readily viewable by unauthorised people. This can be sorted by the simple use of blinds on windows, screen filters to restrict viewing, placing the desk so the user backs onto a wall with no windows. It may sound like common sense but is an important factor and with the ContactPoint coming to schools there will be the same recommendations there. Prevention of use of USB keys might also be an important item on these machines or for these users.
Also consider things like password protection on the screen saver, getting the staff into the habit of locking the desktop even when they get up to go into the next room (Windows+L) and printing to a printer they can see or a printer that has a 'locked print' function (ie most network print stations . copiers).
EFS / TrueCrypt / BitLocker are all pretty good ... but the Becta guidelines really point to requiring an audit trail so you can see who accessed what and when. This can get a tad expensive so you might need to get the Head and Chair of Governors to accept this as a managed risk.
Have already done this using truecrypt and it works flawlessly and have made it so only 3 people can log in to it from anywhere in the school as long as it is with their login credentials for digital fingerprinting.
webman (20th October 2009)
We use Facility CMIS as the MIS, I have asked the Systems Manager, but they are not sure. Bear in mind that ideally, even the systems manager wouldn't be able to access this information.
Each of the users has their own lockable office.
bossman, care to share a little more info, I had already looked at the Truecrypt documentation linked to here by Tom, but didn't quite understand the options. Do you use method 1 or method 2? Method 2 led me to believe that the data would be read-only, and how do you restrict access using method 1?
I would not worry about the System Manager not being able to access the information. There are certain positions of trust within the school and this should be reflected in the job description. The same way that the site supervisor / caretaker has keys that can open the head's office the SysAdmin can have complete control over anything IT related. The fact that there is not enough hours in teh day to go into each individual file and see what is in there is beside the point ... trust and respect.
This is why I mentioned about software which will perform audit trails too ... it means you can show who has accessed what and when. If they are that bothered then cough up the cash for an ultra-secure system.
There are currently 1 users browsing this thread. (0 members and 1 guests)