+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
How do you do....it? Thread, Admin & Curric networks -a different spin on the old problem in Technical; Originally Posted by mark Teachers have access to the MIS here to take registers every lesson. <snip> MIS Systems have ...
  1. #16

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,793
    Thank Post
    1,290
    Thanked 1,656 Times in 1,110 Posts
    Blog Entries
    22
    Rep Power
    507

    Re: Admin & Curric networks -a different spin on the old pro

    Quote Originally Posted by mark
    Teachers have access to the MIS here to take registers every lesson.

    <snip>

    MIS Systems have permission systems, so only assigned individuals have access to change details.
    Really? That's interesting. What MIS do you use and what phase do you work in?

    Quote Originally Posted by mark
    If staff are logged into a VLE - the exact same problem exists.
    Well as you pointed out above, they will not be assigned to do that.

  2. #17
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Admin & Curric networks -a different spin on the old pro

    Quote Originally Posted by sparkeh
    Really? That's interesting. What MIS do you use and what phase do you work in?
    SIMS .net > Capita
    11-18

    Quote Originally Posted by sparkeh
    Well as you pointed out above, they will not be assigned to do that.
    They can view sensitive documents needed to carry out their job. Just because it's on a VLE rather than a network share offers no more security when PCs are left logged in and unattended.

  3. #18

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,793
    Thank Post
    1,290
    Thanked 1,656 Times in 1,110 Posts
    Blog Entries
    22
    Rep Power
    507

    Re: Admin & Curric networks -a different spin on the old pro

    Quote Originally Posted by mark
    They can view sensitive documents needed to carry out their job. Just because it's on a VLE rather than a network share offers no more security when PCs are left logged in and unattended.

    Sure, but was I more talking about the altering of data. My point was that if a teacher left a machine logged into the MIS then a pupil could potentially cause havoc. The way I want to set things up is that there is a one way link from MIS -> VLE meaning that yes, if the teacher leaves a VLE session running, the pupil can get at the data but not alter it. Still not good, granted.

    Of course now I know that permissions can be set on the MIS this does alter things.

    Obviously there is a great difference in the way that primary and secondary schools work. In my experience, with primary schools being much smaller, if a teacher needs some info, it is an easy job to pop to the office and request it. The risk of opening up the admin network does not bring sufficient benefit. In a secondary school, perhaps this is not the case.

  4. #19
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Admin & Curric networks -a different spin on the old problem

    Wreaking havoc isn't such a problem, that's what backups are for! :P

    No - it's the laws regarding data protection that concern me, and that huge policeman that stands in the shadows with those shiny handcuffs.

    Yes Secondary teachers are a lazy bunch, walking to the office breaches the workload agreement dontchaknow

  5. #20

    Join Date
    Mar 2007
    Location
    The North of England
    Posts
    208
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Re: Admin & Curric networks -a different spin on the old pro

    From Sparkeh

    First off let me put my hands up and say I’m dead against joining the admin and curriculum networks. Having some responsibility for Data Protection in my role makes me very cautious; if I have to pick up pupils reports and performance management reports that are left lying around the printers who knows what teachers leave on their laptops for anyone to see!
    Why. The reason schools had two networks in the "old" days was because of the security vulnerabiliites inherent in the NT4 platform. Server operating systems are far more robust and security enhanced than ever before. I think you hit the nail on the head when you say "if you have to pick up pupils reports ..." and "who knows what teachers leave on their laptops"

    This will happen whether networks are split or united, this is not a network issue it is more an educating the educator issue. Providing all the appropriate security measures have been taken by a responsible network administrator in terms of permissions and password complexity/policy there should be no reason why a school cannot operate on a single domain. The overriding problem in any school will be the neglect by teaching staff and indeed admin staff of their responsiblity towards confidentiality. This might be because of disruptive students causing them to forget to secure their pc but it is not an excuse. We have to do this on a daily basis when responding to calls (I am assuming you all Ctr-Alt-Del k) each time you leave your workstation?!!) and it is no different for staff. The discipline for this needs to be initiated and followed through by SMT.

    Sure, but was I more talking about the altering of data. My point was that if a teacher left a machine logged into the MIS then a pupil could potentially cause havoc.
    We also use SIMS and have created our own permissions for teaching staff that are read only and therefore, even if data is left open it cannot be changed.

    I can understand those that are concerned with unauthorised access to data with the potential to change and delete items however, if, as mentioned above you are a responisble network administrator these things are part and parcel of your every day work and we should not be afraid to exercise our skills.

  6. #21

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,793
    Thank Post
    1,290
    Thanked 1,656 Times in 1,110 Posts
    Blog Entries
    22
    Rep Power
    507

    Re: Admin & Curric networks -a different spin on the old pro

    Quote Originally Posted by ctbjs
    however, if, as mentioned above you are a responisble network administrator these things are part and parcel of your every day work and we should not be afraid to exercise our skills.
    I'm not sure if you are calling my sense of responsibility into question here, I sincerely hope not, but think I am acting in rather a responsible way.

    Depends on how you operate doesn't it. I maintain a solution that works and people are happy with. It might be more convenient to have a single network, but knowing how the users operate it will introduce problems, and where data protection is concerned quite serious problems. As I said, if I encourage staff to develop a more responsible attitude, as I am doing, and they demonstrate they can work in the correct manner then I will consider it. But I won't now.

    I think an irresponsible manager would open it up knowing that there are potential problems but do it anyway.

  7. #22
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30

    Re: Admin & Curric networks -a different spin on the old problem

    I just think some people are scared of change

  8. #23
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: Admin & Curric networks -a different spin on the old pro

    Taking all the opinions and examples of working practice into account... I'm wondering if one possible approach might be something like this:

    - Limit access to a number of specific workstations (eg: staff room, PPA room) and accounts.
    - Usual complexity, length password requirements for these accounts.
    - Accounts with high level access have password screensaver setup to activate after short periods of time and autologoff after 30 minus
    - Differentiation of accounts for classroom teaching vs' SIMS and other sensitive access
    - SIMS access from other workstations is read only for staff accounts - unsure if this is possible but it might help with the "accidental editing".
    - Forget about laptop access as a rule and provide it only as an exception when the staff member has proven they can handle the responsibility

    Beyond that all the SMT backup, training and the like... ?

  9. #24

    Join Date
    Mar 2007
    Location
    The North of England
    Posts
    208
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    16

    Re: Admin & Curric networks -a different spin on the old pro

    @sparkeh

    I'm not sure if you are calling my sense of responsibility into question here, I sincerely hope not, but think I am acting in rather a responsible way.
    Not at all, your sense of responsibility was not the topic of my discussion. It was merely to state the point that "Any" responsible network administrator should not be afraid to exercise their skills.

    I am in agreement with you in that it depends upon how you operate and I for one am extremely mindful of Data Protection, hence teachers only are provided with read only versions of SIMS.net and are reminded of the need to ensure that their workstations are secure from access by students. I would reiterate that this is the underlying problem we face with regards to information being available to unauthorised personnel and that, like many other things in life, it is not going to be until someone is found with information they shouldn't have before it is taken seriously. In the meantime we must keep educating the educators.

    @contink

    I think the idea of having a SIMS logon account for a workstation in a classroom is a good idea as the teacher would only log on to that workstation to access sims and then have to log off and log on with their teacher account in order to carry out their lesson. It may cause them some frustration at having to do so but perhaps with some education and guidance they may realise the reason for doing so is in their interests.

  10. #25
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: Admin & Curric networks -a different spin on the old problem

    Further to that idea I figure setting the desktop wallpaper for the staff/SIMS account so it has something like "RESTRICTED ACCESS" or something obvious displayed that staff can recognise so they don't make any mistakes.

  11. #26
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    565
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    29

    Re: Admin & Curric networks -a different spin on the old pro

    Thanks for all your comments so far.
    I think Contink's idea is sort of what I was getting at in my original post - basically to give teachers a curric (day to day) password and an admin (secure data) password.
    However, what I'm thinking is to log on as a curric user then map a drive to to the admin network (requiring the user to enter their ADMIN password because the curriculum user won't have access) when, and only when, they need enhanced access. I could probably make a script that will introduce a screensaver time out etc...
    So: what's the best way to achieve this?
    - Simply, have 2 domains, same IP range.
    or
    - VPN? - probably a bit overkill?
    Are there any other problems you can think of with this model?

  12. #27
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    565
    Thank Post
    68
    Thanked 54 Times in 38 Posts
    Rep Power
    29

    Re: Admin & Curric networks -a different spin on the old pro

    Thanks for all your comments so far.
    I think Contink's idea is sort of what I was getting at in my original post - basically to give teachers a curric (day to day) password and an admin (secure data) password.
    However, what I'm thinking is to log on as a curric user then map a drive to to the admin network (requiring the user to enter their ADMIN password because the curriculum user won't have access) when, and only when, they need enhanced access. I could probably make a script that will introduce a screensaver time out etc...
    So: what's the best way to achieve this?
    - Simply, have 2 domains, same IP range.
    or
    - VPN? - probably a bit overkill?
    Are there any other problems you can think of with this model?

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Complience with the Data Protection Act on admin networks.
    By Dos_Box in forum School ICT Policies
    Replies: 9
    Last Post: 27th November 2007, 08:29 AM
  2. Laptop, 2 nics, 2 networks - internet connection problem
    By WithoutMotive in forum Wireless Networks
    Replies: 3
    Last Post: 27th July 2006, 12:14 PM
  3. Admin staff to 'admin' AD phonebook
    By ITWombat in forum MIS Systems
    Replies: 2
    Last Post: 31st May 2006, 10:08 PM
  4. keeping office and curric separate
    By adamyoung in forum Wireless Networks
    Replies: 22
    Last Post: 22nd March 2006, 12:37 PM
  5. Admin and Curriculum networks seperate?
    By woody in forum Wireless Networks
    Replies: 49
    Last Post: 2nd December 2005, 10:43 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •