NETWORK AND INTERNET SECURITY POLICY STATEMENT

Transcription

1 TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004 Discussed with Leadership Group February 2004 Revised by ICT Strategy Group February 2004 Confirmed by Leadership Group April 2004 Confirmed by Governors June 2004 Reviewed September 2008 Reviewed February 2010 Reviewed October 2010 Next Review As Required (Not Exceeding 3 Yrs)

2 Network and Internet ICT Security Overview The purpose of this policy is to provide a framework to protect the computer systems, network servers and all data stored on the Tadcaster Grammar School network and to provide a safe and secure working environment for the users of the network. This policy will provide guidelines to ensure that no important data, user files or sensitive information is viewed, deleted either accidentally or otherwise or compromised in any way by unauthorised persons. It is the policy of the school to ensure that: All central computer systems and information contained within them will be protected against unauthorised access or misuse. All staff and students of the school are aware that it is their responsibility to adhere to this policy. The integrity of all central computer systems, the confidentiality of any information contained within or accessible on or via these systems is the responsibility of the Network Team. All breaches of security will be reported to and investigated by the Network Manager or suitably authorised persons within the Network Team. Statement of Authority and Scope This policy is intended to detail the accepted good practice policies in the use of networked computer systems. All staff and students of the school who abide by these policy guidelines are entitled to use the computing facilities at Tadcaster Grammar School. The Network Manager administers this policy with the full support of the Leadership Team and the Governing body. Responsibilities of Network Users Individual users are responsible for their own actions. The use of networked computer systems by individuals at Tadcaster Grammar School assumes and implies compliance with these policies without exception. All users should keep their passwords safe; never write passwords down our let anyone see them entering their password. They are advised to change their network password regularly and to keep it as complex as possible, they should never use their name or a word that people could easily guess. 1

3 All network computer users should ensure that - They comply with all relevant laws and acts specifically the Computer Misuse Act, Data Protection Act and Copyright Act. Network accounts and passwords are not shared. At the end of a computing session a user should ensure that they correctly log off any computer they are logged onto. Any network security breaches are promptly reported to the Network Team. No personal data is stored on the local hard disks of computers that multiple users have access to. If a workstation is to be left unattended for any reason, the logged in user should ensure that the workstation is locked using the built in security feature of the operating system (Windows NT, 2000 and XP allow this). If this is not possible then the user should log off. The use of staff personal laptops or PC s on the school network is not permitted without the authorisation of the Network Manager. The use of student personal laptops or PC s on the school network is not permitted without the authorisation of the Network Manager. The use and installation of file sharing and bit-torrenting programs on Laptops or Desktop PCs is not permitted. The use of Anonymous Proxy websites or software which bypasses the North Yorkshire County Council content filtering is not permitted. No Password cracking, Keylogging, IP Scanning, BIOS cracking, Port Scanners, Network packet sniffers or any other hacking or cracking software of any description should be installed, stored or run on the network computer systems. Logging and Monitoring All Internet and VLE access is logged, the school reserves to right to monitor, view, collect and analyse these logs. The school reserves the right to access any material stored on the network file servers. Any monitoring, logging or viewing shall be for the purpose of performance analysing, fault diagnosis or security reasons. 2

4 Usernames and Passwords All network users must have a valid user account to use computer systems (Network, VLE, School Management System, eportal and ) at Tadcaster Grammar School. Valid user accounts are only issued by the Network Team for individual use. Account details should not be shared, given away or offered for use to anybody else. User accounts and passwords issued by the Network Team are for the sole use of the individual to which they were issued. All users will be provided with a home directory space on one of the network file servers. Accounts will be deleted when the user leaves the school. Due to the plethora of password cracking programs freely available on the Internet, it is the schools policy that all passwords shall have a minimum of eight characters. The school reserves the right to disable any users account in the event of misuse of the network computer system. The security rights assigned to an individual user shall be those necessary for that user to fulfil their role within school. This includes, but is not necessarily limited to accessing their own files, accessing shared files, running permitted software and accessing the Internet and . This will not include rights to access another users files, access school management software (unless their role in school permits them to do so), tamper with and alter network, desktop, Internet and system files on the Network Servers and Desktop PC s, install software on the networked PC s unless permitted to do so and any other activity which alters or affects the performance, integrity and reliability of computer systems attached to the Tadcaster Grammar School network. Anti Virus Security The school maintains a system where Anti-virus software is installed on the network servers and on desktop PC s and laptops. The Anti-virus software is maintained and updated regularly to ensure that the latest viruses are detected and deleted. Any user who suspects that their machine has been infected with a Virus should contact the Network Team immediately. The Network Team will provide free of charge a range of virus software, scanners and virus removal tools for use on a member of staffs home PC on request. The scanning of users private documents is for one purpose only the prevention of the spread of harmful computer viruses. The virus scanning 3

5 software does not log or read the content, title or ownership of any files scanned. Wireless Technology Wireless technology greatly enhances the use of mobile computing and has benefits for learning and teaching within school. By their very nature though, a wireless LAN has the potential to be very open to hacking. Anyone within the range of a wireless access point has the capability, with the right equipment to listen to data packets being transmitted across the network which could contain users passwords and other sensitive information. The free availability and ease of use of hacking tools on the Internet makes this threat very real. The ease with which wireless laptops can be attached to an existing wireless network infrastructure raises serious issues of security. Without proper management wireless networking can affect the stability, reliability and security of the network. It is the schools policy that unmanaged access to the network through the use of wireless technology is not acceptable. The Network Manager and authorised persons within the Network Team will provide the framework, design and implementation of all wireless technology and devices connected to the network. This will include allocation of IP addresses, location and range of wireless access points, implementation of encryption standards, allocation of public keys and connection to the network of all wireless devices. Use of Administrator Accounts For the purposes of installing Operating Systems and software, configuring computers, setting up usernames and passwords, creating directory structures on the servers and any other administration duties required on the network only the Network Manager and authorised persons within the Network Team shall have access to the administration username and password on the network servers and any PC s or laptops connected to the network. This does not in any way imply that a member of staff would knowingly corrupt or change server or desktop setting. This is more an acceptance and understanding of the fact that PC configurations and other important settings can be changed by accident, and that the possibility of this happening should be alleviated as much as possible. This will be done without unduly restricting a users access to a PC and the work-related programs they can run. The proliferation of more destructive viruses, malware and spyware necessitates the need to tighten up security in this area. If a user is logged on with administrator rights and that machine is infected with a virus, the risks to the integrity of the network are dramatically increased. Microsoft issues clear warning about the security risks you expose yourself to when you run Windows 2000 and XP as an administrator. 4

6 By implementing these procedures the school is following accepted good practice that only administrators of the network should have administration rights to the Network Servers and any PC s or Laptops connected to the network. School Management System (Facility and eportal) Staff are required to change their eportal password every 30 days. Staff should not share their username and password with any other person. Physical Security Desktop PC s, network cabling or leads should not be moved, tampered with or adjusted in any without the express permission of the Network Team. Students should not be left unsupervised in IT Rooms; a member of staff should be present at all times. Storage and Processing of Sensitive School Information Laptops: No sensitive data should be stored on School Laptops unless the laptop has had its hard disk encrypted. ICT Support will install the necessary software on your machine and setup the encryption. USB Sticks (or any USB External Storage): No sensitive data should be stored on USB storage unless the USB storage device has been fully encrypted. ICT Support will install the necessary software on your USB storage device and setup the encryption. It is the individual member of staff who has responsibility to inform ICT Support that their laptop or USB storage device requires encrypting. Office Computers: No sensitive data should be stored on the local drives of any office computers. All data should be stored on the School Network. attachments containing sensitive data should not be sent internally (to other staff in school). If any sensitive data needs to be shared with other members of staff, this should be done via shared folders on the school network. ICT Support can help with this to ensure that sensitive data is stored in the correct place on the network. attachments containing sensitive data sent to external agencies should be encrypted School Management System (Facility and eportal): Any sensitive data printed out from either eportal or Facility should be marked with the word PROTECT in the footer of each page. 5

7 Computer Generated Documents: Any documents created electronically (in Word or Excel for example) that contain sensitive data should be marked with the word PROTECT in the footer of each page. Paper Records: Any paper records that contain sensitive data should be stored securely. If the paper records are no longer required they should be shredded. 6