+ Post New Thread
Page 6 of 14 FirstFirst ... 2345678910 ... LastLast
Results 76 to 90 of 210
Internet Related/Filtering/Firewall Thread, LGfL 2.0 Problems in Technical; Originally Posted by sramdeen Soulfish, do you happen to know or have in writing what their 'security guidance' is? Otherwise ...
  1. #76

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,406
    Thank Post
    306
    Thanked 307 Times in 265 Posts
    Rep Power
    82
    Quote Originally Posted by sramdeen View Post
    Soulfish, do you happen to know or have in writing what their 'security guidance' is? Otherwise it's fairly ambiguous.
    They can all be found at About | London Grid for Learning

    The most recent security guidelines were updated in March after we had some discussions with LGfL (and one of the reasons for our deciding to leave).

  2. Thanks to Soulfish from:

    talksr (27th April 2012)

  3. #77

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    10,074
    Thank Post
    1,384
    Thanked 1,888 Times in 1,169 Posts
    Blog Entries
    19
    Rep Power
    614
    Quote Originally Posted by esucmn View Post
    Let me get this straight.... they're blocking OUTBOUND connections??!?
    Are you saying you think it is a bad idea to block outbound connections? Would you prefer that all ports were open?

  4. #78

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    8
    I'd like it under my control. I have no confidence their security policies will allow the services we run.

  5. #79

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    343
    Thank Post
    3
    Thanked 72 Times in 57 Posts
    Rep Power
    38
    may I ask out of interest how long everyone has contracted with LGFL 2.0 for?

    We've a few schools using our services in London as an alternative to LGFL

  6. #80

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    343
    Thank Post
    3
    Thanked 72 Times in 57 Posts
    Rep Power
    38
    may I ask out of interest how long everyone has contracted with LGFL 2.0 for?

    We've a few schools using our services in London as an alternative to LGFL

  7. #81

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by GrumbleDook View Post
    Are you saying you think it is a bad idea to block outbound connections? Would you prefer that all ports were open?
    Only if they have no free, easy and fast way of unblocking stuff for themselves otherwise one person/organisations views of a a service or IP end up being enforced as as inpromptue law.

  8. #82

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    8
    Quote Originally Posted by SchoolsBroadband View Post
    may I ask out of interest how long everyone has contracted with LGFL 2.0 for?
    The contract is in the public domain: http://files.lgfl.net/lgfl/policies/...0agreement.pdf

  9. #83
    hit
    hit is offline
    hit's Avatar
    Join Date
    Mar 2008
    Location
    London
    Posts
    326
    Thank Post
    49
    Thanked 50 Times in 48 Posts
    Rep Power
    51
    Quote Originally Posted by esucmn View Post
    Let me get this straight.... they're blocking OUTBOUND connections??!?
    Ahhh, this makes sense why our sftp/scp client isn't connecting from our admin network to a server in the DMZ. Will cause a problem with my other schools which send data to here for parental reporting when they change over in the next few weeks! Will let you know how I get on with having the ports opened.

  10. #84

    Join Date
    Jan 2007
    Location
    London
    Posts
    10
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    17
    ahhhh, I love consistency. After getting some ports unblocked at one of my schools and thinking things were getting better, a request for exactly the same ports at another school came back this morning:

    Unfortunately we are unable to allow any email access aside from port 25, even then that must be passed through our ECC. All email that isn't coming through the ECC will have to be accessed via webmail clients.

    With regards to the other items listed, you will need to specify an internal and external IP, for example we wouldn't allow "off site backup" or "Filemaker Client" to *any*, we would need the IP addresses they are going to.
    So if I interpret that correctly they are now saying that there is NO email access from email clients such as Outlook, Mail, Thunderbird etc and that everyone has to use webmail.

    I'm just off to a corner to simultaneously cry and laugh.

  11. #85
    maestromasada's Avatar
    Join Date
    Apr 2009
    Posts
    166
    Thank Post
    93
    Thanked 14 Times in 13 Posts
    Rep Power
    13
    rav3 does not work for students, RM Secure Net needs random ports open, MS Office Activation does nto work... buf, LGfL does bring some problems. A good thing of Webscreen 2.0 is that it tracks the users activity on the web, we may as well damp securus all together

  12. #86
    hit
    hit is offline
    hit's Avatar
    Join Date
    Mar 2008
    Location
    London
    Posts
    326
    Thank Post
    49
    Thanked 50 Times in 48 Posts
    Rep Power
    51
    Quote Originally Posted by maestromasada View Post
    rav3 does not work for students, RM Secure Net needs random ports open, MS Office Activation does nto work... buf, LGfL does bring some problems. A good thing of Webscreen 2.0 is that it tracks the users activity on the web, we may as well damp securus all together
    Interesting, how do you track individual students with webscreen 2? The only way I can see to do it is tho block the Internet completely and force users to log in with their USO to then let them into a policy.

    I was originally told that LGfL2 would use NTLMNAuth (or similar) to get the username transparently, all that would be needed was that our usernames need to be The same as the USO ones (which makes sense to only have one username / password pair). Guess what, this didn't work either! More mis-selling I guess!

  13. #87
    strawberry7's Avatar
    Join Date
    Dec 2011
    Location
    London, UK
    Posts
    47
    Thank Post
    0
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    I have been following this thread with interest and appreciate all the information that has been gathered here. I am equally annoyed about the blocking of Logmein as I am going to have to spend my time setting up RAv3. Then get a CentraStage account. Then change all my clients to CentraStage which doesn't support iOS, so I've lost that. Then I can remote in an inferior way than I have been for years as I will need to establish a VPN before remoting each time. Which is a pain.

    As for all the filtering, I am trying to gather as much information about how to turn as much of it off as possible BEFORE my schools migrate.

  14. #88

    Join Date
    Jan 2007
    Location
    London
    Posts
    10
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    17
    Quote Originally Posted by Soulfish View Post
    They can all be found at About | London Grid for Learning

    The most recent security guidelines were updated in March after we had some discussions with LGfL (and one of the reasons for our deciding to leave).
    The Security Guidance document located at http://files.lgfl.net/LGfL/Policies/...2%20v1%201.pdf makes no clear mention of blocking outbound ports. The only section regarding port blocking is:

    6. Other
    In the interests of sound security policies, requests made for the opening of firewall ports should be kept to the minimum required to permit the intended applications to function, and limit port access to the specific IP address range which is necessary.
    IMO any sysadmin reading this would interpret it to mean incoming connections not outbound.

    So with the Mac version of the CentraStage client still in beta, LGfL has left schools with Macs out in the cold. If they want to use a supported, sanctioned method of remote access Mac users are currently out of luck. If a school has Macs and they need their support company to gain remote access to troubleshoot a problem, what are they mean to do? Luckily there are workarounds available until a permanent solution is found...

    With all of this heavy handed security, one question comes to mind - Just what was wrong with the LGfL1 security policy? How many security breaches were there on the old system and how many children were harmed as a result? Seems to me this new policy involves a lot of stick and no carrot. Normal end users are going to be frustrated when things don't work and network admins are going to find ways around the security measures put in place supposedly to protect the network. I for one know this is already happening at a couple of lgfl2-connected secondary schools, so the whole security policy goes out the window.

    grump grump grump

  15. #89
    strawberry7's Avatar
    Join Date
    Dec 2011
    Location
    London, UK
    Posts
    47
    Thank Post
    0
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    Quote Originally Posted by sramdeen View Post
    Just what was wrong with the LGfL1 security policy? How many security breaches were there on the old system and how many children were harmed as a result? Seems to me this new policy involves a lot of stick and no carrot. Normal end users are going to be frustrated when things don't work and network admins are going to find ways around the security measures put in place supposedly to protect the network. I for one know this is already happening at a couple of lgfl2-connected secondary schools, so the whole security policy goes out the window.

    grump grump grump
    I totally agree with you. My schools have been using their internet with very relaxed rules for years and I have been using Logmein for years and guess what.....it was fine! No security breaches and no problems. I have just had this response from Atomwide:
    CentraStage and RAv3 are not linked, CentraStage can be used like LogMeIn. You won't need RAv3 entirely set up for this to work.

    Confused!!!

  16. Thanks to strawberry7 from:

    sramdeen (9th May 2012)

  17. #90

    Join Date
    May 2011
    Posts
    28
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    8
    Quote Originally Posted by sramdeen View Post
    The Security Guidance document located at http://files.lgfl.net/LGfL/Policies/...2%20v1%201.pdf makes no clear mention of blocking outbound ports.

    *SNIP*

    IMO any sysadmin reading this would interpret it to mean incoming connections not outbound.
    This is my biggest problem currently - we cannot get a straight answer out of Atomwide what is and is not allowed, especially with regards to email. Having worked around the recipients per email, they then blocked the Head's PA (without notice or telling anyone) by changing her password, leaving her without email for 24 hours. This did not go down well. The reason was apparently too many recipients in X period of time.

    To avoid this we want to run our own Exchange system with sensible limits for our school, However we have to use their email relay system. This leaves the following points:

    1) I don't trust them to keep their systems running. Their systems are more complicated than those required for a single school and therefore more likely to fail. We want to remove this unnecessary point of failure.
    2) When asked about what restrictions were placed on mail sent though their mail relays they said none
    3) When pushed on what the point of these filters were given they had no restrictions they said there were to stop spam.
    4) When pushed on this they refused to reveal the technical limits that would consititude "spam" or sanctions that would result from it.

    How can you aim at a goal when you can't get an answer as to where the goalposts are?

  18. Thanks to esucmn from:

    sramdeen (9th May 2012)



SHARE:
+ Post New Thread
Page 6 of 14 FirstFirst ... 2345678910 ... LastLast

Similar Threads

  1. LGFL South london problems
    By nicholab in forum London Grid for Learning (LGfL)
    Replies: 0
    Last Post: 21st May 2010, 02:51 PM
  2. Intermitent problems with logging on
    By alexknight in forum Wireless Networks
    Replies: 27
    Last Post: 22nd August 2005, 05:01 AM
  3. Problems with Google Earth
    By Dos_Box in forum Educational Software
    Replies: 8
    Last Post: 19th August 2005, 03:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •