Persuade SMT, Govenors to build a server room

[AlexPilot]

Hi there,

Currently I am at a school where access to the servers is just a case of walking into a room. They are so insecure they often have their power leads pulled out, or their mice nicked. This is the case for all the servers, including the Sims.net one with all the information that Sims holds.

I am trying in vain to persuade everyone that the servers and backups need to be put into a secure location. However with the school layout it would mean kicking someone else out of somewhere.

Does anyone have an written official documentation links that I could read and show those higher up the chain that would persuade them that this needs to be done.

Thank you

[Shane]

Surely something in the data protection act must have something protecting something like a SIMs server?
Have a read though it and wave it under SMT noses (at least this clears you if anything should happen as you did warn people)

[GrumbleDook]

Invite me down for a day ... I will demonstrate how much information I can grab from physical access to your servers.

And this is before I disrupt a whole day of lessons by plugging a timer switch in where you mains lead is so it drops power to the server every hour.

And then I will nick the hard drives so it won't even boot up.

Hmm ...

[AlexPilot]

Invite me down for a day ... I will demonstrate how much information I can grab from physical access to your servers.

And this is before I disrupt a whole day of lessons by plugging a timer switch in where you mains lead is so it drops power to the server every hour.

And then I will nick the hard drives so it won't even boot up.

Hmm ...

Yes I have tried to explain how easy it would be for me to just lift the whole thing up and walk out of school with it. The most success is telling the Teachers about how much information on them would be available if say the server was stolen.

[Edu-IT]

The DPA will almost certainly contain something which states that personal information must be kept securely.

http://www.ico.gov.uk/upload/documen...l_guidance.pdf

I have had a quick read through and I think the part you want to look at starts at about page 40 (3.7).

I would assume that each school has a data controller? Or is that not the case?

[box_l]

I always find that the best way is explain how many more 1000s of hours they would have to work to replace the lost data.


no summer holidays for them! just re-writing lesson plans reports etc.

BoX

[j17sparky]

Inform them nicely about the DPA, how they are already breaking laws and how they would be liable if the data were to go missing. If they still dont do anything put it all in writting and get it recorded so that if anything did happen it would be their responsibility. Hopefully the thought of being liable will change their minds, but you could always make the servers disapear

If your lea/RBC IT dept are anything like ours a quick call to them should see someone coming down for words with the HT

[pete]

If finding space is an issue, there are alternatives: Acoustic Server Cabinets | Portable Server Environments | Air-cooled acoustic server rack enclosures | from Kell Systems

As others have said, point out the security / stability / uptime / ease of cooling benefits. You need to make a business case for it - "if we have a server room, the benefits will be $bar, measurable by $foo".

The other (slightly more nuclear option) is to discover whether governers are aware what responsibility they're taking on in not securing the systems: i.e Jail time.

If they still refuse, ask the governers to sign a document stating:

1) that they are aware of the implications of not securing them
2) that they have decided not to secure them
3) that you have explained all of this to them clearly in a manner they can understand

Place the document in a safe place, and tidy up your cv.

[coquet636]

Hi there,

Currently I am at a school where access to the servers is just a case of walking into a room. They are so insecure they often have their power leads pulled out, or their mice nicked. This is the case for all the servers, including the Sims.net one with all the information that Sims holds.

I am trying in vain to persuade everyone that the servers and backups need to be put into a secure location. However with the school layout it would mean kicking someone else out of somewhere.

Does anyone have an written official documentation links that I could read and show those higher up the chain that would persuade them that this needs to be done.

Thank you

Wait till about 5 minutes after last school bell. Go and unplug it and put it in your car. Then get them to try and find if they can work out where its gone.

Then they will realise its pretty crucial to lock it away...... especially if you can avoid cctv cameras.....

[sparkeh]

Again DPA. Perhaps inform them that the nominated person in change of data protection (usually the head) is liable to prosecution if someone waltzes away with the names and address of pupils at your school.

[mossj]

Hi there,

Currently I am at a school where access to the servers is just a case of walking into a room. They are so insecure ..... SOMETEXT.....

Thank you

Erm buy a door and then invest in a lock or two?

P.S i've considered this room might be used for something else but op doesn't say this....

[Edu-IT]

Erm buy a door and then invest in a lock or two?

P.S i've considered this room might be used for something else but op doesn't say this....

Usually requires permission though from the person responsible for managing the building.

[Dos_Box]

I would simply bandy about terms such as 'data protection act', 'duty of care' and 'court apperences'.

[dhicks]

I am trying in vain to persuade everyone that the servers and backups need to be put into a secure location.

Passing through the head's office with sever with a smoking power supply, muttering "on fire, on fire, on fire..." generally works. Heck, it worked for my A-level physics project...

--
David Hicks

[alan-d]

Have a look at this

http://www.bcrc-uk.org/filelib/physi...equiptment.pdf

Get Safe Online :: Strengthen physical security

http://schools.becta.org.uk/upload-d...on_d_final.pdf Chapter 3.2 is what you are after

Also the LEA should be able to offer advice too.