Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy

Transcription

1 Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar Network Security Policy Updated: September 2010 Next update: September 2013

2 Table of Contents: Supervised Use page 1 Privacy...page 1 User Access..page 1-2 File Security..page 2 Software Inventory...page 2 Access to Software..page 2-3 Access to Printers page 3 Hardware Security...page 3 Electrical Safety...page 3 Fire Precautions...page 4 Internet Security...page 4-5 1

3 The school network is a valuable resource that is freely available to all pupils and staff from all computers situated throughout the school. Due to the wide variety of uses by well over a thousand users, a number of precautions have to be taken to help ensure that the system is kept available and in full working order: Supervised Use The use of the network should be supervised as closely as is reasonably possible during timetabled lessons. It should be realized however, that all users do have access to the network at other times and with very little supervision beyond the restrictions outlined below. Network Administrator can view a computer screen at any time from anywhere on the school network without the user knowing about it. Normal classroom rules apply, and prohibitions such as eating, drinking, grooming and spraying aerosols are strictly reinforced due to the serious damage that may be caused to the equipment. Pupils may drink water in the computer room, but away from the computer. Privacy Computer (file) storage areas will be treated as school property. Network Administrator may look at files and communications to insure that the system is being used responsibly. Users should not expect that their work and s will always be private. User Access All users are required to log on with their own personal username, which will remain with them throughout their time at this school. All users have their own password to allow them to log on, which should not be made available to anyone else. Student Passwords are set by the Network Administrator for pupils in Year 7, 8 and 9. These are only changed, with the consent of the Administrator, when problems are identified. Year 10, 11, 12 and 13 pupils may change their passwords as required. Staff Passwords are set to expire and changes are automatically enforced as follows: o Teaching staff Termly o Support staff with access to SIMS Monthly Passwords are restricted to at least six characters and may not be reused for some time. The repeatedly incorrect entry of a password will result in the user being locked out until reset by an administrator. Staff User areas left logged-on and unattended are protected by a screen-saver password. This is set to a default of 5 minutes. Accounts not used within a full academic year may be deleted, including all work saved. All network system and administration passwords are recorded and kept in a secure place. 2

4 File Security All users have their own area for storing their work on the network server hard disk (the "my document" folder). This means that they can access their work from any network station. To reduce the chances of the server hard disk filling up and crashing the whole network, the amount of disk space for each user is limited. Overflowing this limit will cause the user to be unable to save the files until the Network Administrator increases disk space or sufficient files have been deleted or mixed to alternative storage media. Users do not have access to station and network drives nor are they able to alter or save files outside their own area (except in the authorized shared topic areas). Precautions are taken to reduce the chances of infection by computer viruses via the Internet, , or other storage media. The antivirus software, which is installed on all school network stations and servers, is updated every day. Network stations cannot be booted up from a floppy disk left in the disk drive. The Network Administrator has a comprehensive procedure for ensuring back-up of the system both on and off site (see Administrator Notes) Staff and pupils should also be encouraged to perform backups of the files they take home, on suitable storage media. Station backups are not required. A faulty station can be quickly rebuilt with all the necessary software via files stored centrally on the server. The network servers are located within a separate server room. This room is kept locked when not under direct supervision. Software Inventory An inventory is maintained containing a record for each item of software that is available for use on the network and the number of licences held. Licences and invoices must be sent to the IT department for filing in case proof of ownership is required. Access to Software All users receive desktop icons and start-menu-shortcuts to all the main application programs and common utilities. Users are guided onto the network via program sets for each of the curriculum subjects. Shortcuts/icons are provided to programs that are relevant to the study of each subject as well as any shared documents provided by the subject teachers. Pupils have read-only access to these shared documents but may copy them for their own use. Users can only access software and other resources as made available to them by the administrator. For example, pupils do not have access to staff programs and shared documents. Access to certain resources such as Internet software may also be removed for certain network users, where found to be necessary. 3

5 Sites visited on the Internet are filtered, logged and audited - see our Internet Security Policy below. Access to Printers To encourage good management and reduce wastage of ink and paper, the number of pages for each user is currently limited and is reinstated each week. Attempts to print beyond this credit limit are automatically denied by the system. Users may ask for more credits on production of the evidence or wait until the following week. Hardware Security An inventory is maintained of all equipment together with make, model, serial number, date of purchase and location. Rooms with computers should be locked overnight. Keys to computer rooms are recorded and monitored. All external visitors are required to report to the office and wear identification at all times. All computer rooms and corridors are monitored by the school alarm system after school hours. All major items are security marked to identify them as the property of the school. Mouse balls are sealed permanently to prevent tampering. Electrical Safety All equipment attached to the main electrical supply is safety tested regularly. The servers operate from an Uninterruptible Power Supply (UPS) to protect against power surges and blackouts. Fire Precautions Waste material should be frequently removed from the computer areas. A carbon dioxide (CO2) fire extinguisher is required in all main computer rooms and staff should ensure that they know where it is and how to use it. Internet Security The Internet is a valuable resource that is freely available to all pupils and staff on all our school network stations. Due to the "unsuitable" nature of some material on the Internet and the possible misuse of , a number of precautions have to be taken to help ensure that the system is used responsibly: The use of the Internet will be supervised as closely as is reasonably possible during timetabled lessons. It should be realized however, that users do have access to the Internet at other times and with very little supervision beyond the restrictions outlined below. Classroom staff can view a computer screen in 4

6 the room they are supervising at any time from within that room without the user knowing about it. The Internet may be accessed on all network stations at all times. Individual department websites contain links to sites that are relevant to the study of that subject and which have been selected by the teachers of that subject. The school cannot be held responsible for the contents of any external websites including those visited via links on sites recommended by school staff. The search engines that are provided as links on our web pages are only those that make an effort to prevent the inclusion of links to "unsuitable" sites in the listed results of any searches made. Access to many, if not most sites considered to contain "unsuitable" material, is prevented by a filtering system provided by Research Machines. As new sites of this nature come online and come to the attention of staff they can be filtered immediately. Chatlines are not considered to be a suitable use of a busy school network system nor of anyone s time in school. All staff and pupils have their own personal address, which will not be made available to anyone outside of the school except by the individual themselves. s are also restricted by size to reduce the possibility of "unsuitable" material being received or sent by attachment. Precautions are taken to reduce the chances of infection by computer viruses via the Internet or , which may then be inadvertently taken or sent home. The antivirus software, which is installed on all school network stations, is continuously updated. Users found searching for "unsuitable" material or sending offensive messages will have their access denied and further action taken depending on the nature of the offence. Repeated abuse of the facilities will result in further and more serious action being taken. 5

7 N:\C E Saunders (Dep Head)\MISC\MACS Network Security Policy doc 6