+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 41 of 41
Windows Thread, Flat Networks in Technical; Originally Posted by Tiger Any comments? Yes, sadly some of us have to live in the real world with one ...
  1. #31
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110

    Re: Flat Networks

    Quote Originally Posted by Tiger
    Any comments?
    Yes, sadly some of us have to live in the real world with one or two people running hundreds of computers for more than a thousand users with no team of people to work on all the various levels of compliance with iso and other standards.

    Sad, but true. The amount of paperwork and other things I have to do is already more than I can handle, I've had to opt out of the working time regulations as it is.

    I would like to do all sorts of things, I can't due to time, money and people.

  2. #32

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593

    Re: Flat Networks

    Nice quick answer to a leading questions :-) ... and the other 2 relevant documents that get quoted or mentioned (not including ISO 27001/2)?

    Sorry ... I am having fun and sporting a little. DPA reference ... BERR says that ISO 27002 code of conduct can help you meet your security requirements as required by the DPA ... if you follow all of the 27002 then you are fine .. but that does not equate to all of 27002 being relevant to the DPA. (This is an ongoing circular arguement for the moot courts, methinks and it is not just this area that has this type of arguement. Create a standard ad then apply to a legality and you get this).

    But I take you back to a few home truths. Data in an educational institute is not centralised and where it is becoming centralised it is available for attack by methods other than those made available by a flat network.

    The costs of securing this is prohibitive in most institutes unless setup from scratch (Who has read the Data Protection sections of PFI or BSF bids? What areas are easily highlighted that means that security will be an issue when vectors for attack are not ironed out?)

    If we take the materials from JISC
    HE and FE institutions are obliged under the 1998 Act to have in place an institutional framework designed to ensure the security of all personal data during the collection to destruction cycle. A key current international benchmark for Information Security Management Systems (ISMS) is BS7799. A framework that meets this standard will provide a high level of compliance with the 1998 Act. Where complete compliance with BS7799 is infeasible or unreasonable for all, or certain types of, institutional personal data processing operations, certain minimum standards should still be met. Such standards should ensure:

    * a level of security appropriate to the risks represented by the processing and the nature of the data to be protected
    * that data security is assured no matter where or by whom data is stored or processed and throughout the whole procedure, including the transmission of data
    * that there are clear lines of responsibility and the controller's ultimate responsibility for data security is clearly understood
    we can see that there is an understanding that risks may, and will, be taken and this is both expected and should be acknowledge by institutes.

    This also applies to schools and the structure of their networks. Leadership and Management targets set by the powers that be insist that data not only be readily available but regularily used to inform school leaders and classroom practitioners. Schools that do not make regular and full use of data will be marked down in OFSTED inspections under leadership and management.

    Hmm .. do we have different parts of the Govt or their agencies saying different things? Of course we do ... but if we look at what one side say ... we need at least 2 physically separately cabled networks with no links between them at all (erm ... what happens when we get to connecting machines to the internet? Damn ... fallen down already!) or if we have links they should be secured by good practice and high standards (ACLs, 802.1x,IPSEC, etc) Some schools will need to double their network hardware and backbone (Nice conversation with the Head at budget time - "What do you mean? You want me to sign off another £40k to put a duplicate fibre installation around the whole school and then put more cabling for second wired network ... and even more switches ... and you want cabinets in different rooms to so there is no chance they can be broken into and someone put a cable across to the 2 networks!? On your bike ... !!!")

    For nearly all schools the requirement (at this time) for separate networks is gone. It limits the school more than it protects the school and, security considerations aside, we haven't even begun to talk about the skills base in schools (remembering that the active membership of this site are not the majority of technical staff in schools and have actively saught somewhere to discuss / share / learn things, and serious underfunding / undertraining of support teams in schools makes it unlikely that a good number schools have staff capable of some of the security considerations above to do everything in house)

    ps, welcome to the site. Pop over to the 'introduce yourself' thread in General Chat. Good to have people willing to take things to a serious discussion.

  3. #33

    Join Date
    Oct 2007
    Location
    UK
    Posts
    63
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Re: Flat Networks

    The original question was "SQL or Port 80 on admin servers are kept isoated from the curriculum PCs. What specifically bothers me is the fact that we even have adult evening classes in IT and I am rather concerned who may get access to the whole network. "

    So it sounds as if the answer is (I'm sorry if I 'm putting words in your mouth (but they are your own words):

    DMcCoy: " Yes, sadly some of us have to live in the real world.. "

    localzuk: " Yes, schools have a legal duty to protect data, but only upto the point where it is affordable to them. "

    rrichmond (in Austrlai): "This is exactly what we have set up [isolated networks]. Yes. I am in Australia. "

    Means one compromise security in combining two networks in a flat networks and yes - there seems to be a way doing it ...

    John Condon: "Our clients therefore run on a variety of comms - 802.11, Radio signal, even the browser based registration has a software solution in place to prevent direct connection to notorious SQL ports... "

    And as localzuk says keep "just air-gapped..."

    Thanks all.

  4. #34

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593

    Re: Flat Networks

    @Tiger

    Would you like to help start a discussion about realistic measures schools on a flat network could take to deal with this then?

  5. #35

    Join Date
    Oct 2007
    Location
    UK
    Posts
    63
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Re: Flat Networks

    GrumbleDook (Site Admin): "Would you like to help start a discussion about realistic measures schools on a flat network could take to deal with this then? "

    Actually looking at John Condon's web site www.bromcom.com gives me a great deal of food for a thought. In fact school heads motivation is driven by data collection for attendance and assessment. Therefore if what John says and I read on Bromcom web site is true then "I can have the cake it and eat it" . I do not need to open SQL or Port 80 to curriculum network to provide teachers access to be online for attendnace and assessment which all that they need from Admin servers.

  6. #36

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593

    Re: Flat Networks

    Yes, Bromcom is very good for allowing this tunneling of a client or device to a specific service on a specific box. The only problem is that it is proprietary and you end up being tied into a monopoly. This has been raised before in Education about the patent that Bromcom used.

    So .. we say that we should use industry standard design, but not open standard tools?

    Discuss.

  7. #37

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593

    Re: Flat Networks

    Oh, a similar discussion is going on over on the NAACE list at the moment, but from the angle of fingerprints in schools being too open to abuse by people connected to the network and companies with products in schools.

    I'll make comments on here about how that discussion goes too.

  8. #38
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110

    Re: Flat Networks

    It's fine apart from the fact its spent the last three years not importing its contacts from sims automatically. I don't think its ever worked since brodis was introduced. And they are still unable to tell me what their apps do that need local admin access to the machine. Not such a great example after all!

    Some parts aren't web based. For everything you would need web, file and sql access to the server still.

  9. #39
    JohnCondon's Avatar
    Join Date
    Apr 2007
    Location
    Bromcom
    Posts
    282
    Thank Post
    47
    Thanked 63 Times in 40 Posts
    Rep Power
    25

    Re: Flat Networks

    GrumbleDook: "Yes, Bromcom is very good for allowing this tunneling of a client or device to a specific service on a specific box. "

    Thank you - Its nice to get "some" credit. However we need to put the record right on a couple of points.

    1. Proprietary part of Bromcom was only RF network used in early part of the product life in the years 1992 to 2002. The RF Network is totally replaced with Wi-Fi and GPRS.

    2. The patent case has been settled in Dec 2005 ( http://schools.becta.org.uk/index.ph...rid=11027&wn=1 )
    In fact the Education Department (DCSF) liked the patent so much they wanted to have it

    3. There is nothing proprietary in the client software communications what so ever and the latest WinFolder software runs on any laptops and PCs (soon on iMac & Linux) and WinFolder-PK on any Pocket PDAs with Windows Mobile 5/6 and of course the Bromcom server software runs on the schools existing network.

    4. Latest infrastructure used is also totally industry standard Ethernet, Wi-Fi and GPRS and of course TCP/IP.

    It seems that there is still a misperception of of Bromcom (1) Technology being proprietary and (b) Patent being still an open issue.

    @DMcCoy - I am going to have to talk to the Southern Helpdesk Team about the issues you are reporting here as the current versions of BroDIS should really not be exhibiting the problems you have mentioned, out of interest which version of SIMS are you currently running? We have been working closely with Capita to improve the link and SIMS November includes code specifically designed for us to use.
    As to the requirement of web. file and SQL access, the system can be set in such a way that access from the curriculum network to the Bromcom server is largely unrestricted while not providing any capacity to tunnel across into the Admin network via the Bromcom PC, which is still by design attached to the Admin network for reporting purposes.

  10. #40

    Join Date
    Oct 2007
    Location
    UK
    Posts
    63
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Re: Flat Networks

    GrumbleDook: "Yes, Bromcom is very good for allowing this tunneling of a client or device to a specific service on a specific box. "

    Are there any other Bromcom users who had experience with "Bromcom tunneling"? Does it really run on ordinary ethernet & Wi-Fi networks? Any disadvantages experienced because of the "Bromcom tunelling" eg speed, setting up the client?

  11. #41
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20

    Re: Flat Networks

    While this doesn't directly contribute to the flow of the thread...

    We have 2 AD Domains - Staff and Students.
    They are connected via 2-way trusts - so any staff PC can logon a student and vice-versa (because it was one of the goals here that staff could use ANY PC to access SIMS, regardless of what network or domain it's in).

    Staff access SIMS via the Staff network in the normal way - via the SIMS Client.
    Staff access a cut-down version of SIMS via the Students network via Terminal Services (RDP).
    It's cut-down as they can't save anything, they can't print, they can only view and update information in SIMS.

    While they complain about not being able to print in classrooms, the possibilities if they could - are endless - confidential reports printed on a classroom printer for all to see... great.

    Students (even while on a staff PC) cannot access SIMS - all Staff PCs automatically lock themselves after 5 minutes I believe.

    We don't use firewalls or IPSec internally because we haven't had (touch wood) any serious security issues with data confidentiality.

    If it gets to the point where the security of the internal network is questioned or my line-manager or head decides we need to seriously 'up' the internal security - then I'm all for it. XP Firewalls and IPSec here we come.

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Flat networks and DPA when accessing MIS
    By Tiger in forum MIS Systems
    Replies: 4
    Last Post: 13th December 2007, 06:55 PM
  2. Routed or Flat Network?
    By towen in forum Wireless Networks
    Replies: 19
    Last Post: 9th November 2007, 05:27 PM
  3. SMART Board for Flat Panel Displays
    By markwilliamson2001 in forum Windows
    Replies: 6
    Last Post: 7th November 2007, 04:44 PM
  4. PHP flat file database script
    By ajbritton in forum Web Development
    Replies: 3
    Last Post: 26th October 2006, 08:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •