CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3



Similar documents
Best Practice Guide CLEO Remote Access Services

NETWORK AND INTERNET SECURITY POLICY STATEMENT

Infocomm Sec rity is incomplete without U Be aware,

A Guide to Information Technology Security in Trinity College Dublin

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v ONWARDS)

National Cyber Security Month 2015: Daily Security Awareness Tips

Malware & Botnets. Botnets

Information Security

Student Halls Network. Connection Guide

Payment Fraud and Risk Management

STRONGER ONLINE SECURITY

Advice about online security

Frequently Asked Questions

Secure Global Desktop (SGD)

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Business ebanking Fraud Prevention Best Practices

GETTING STARTED WITH A COMPUTER SYSTEM FACTSHEET

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS)

Working Practices for Protecting Electronic Information

HomeNet. Gateway User Guide

Acceptable Use of ICT Policy. Staff Policy

Get Started Guide - PC Tools Internet Security

UCLH VPN User Guide. January VPN User Guide v

How to Install Windows 7 software

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

How to stay safe online

ScoMIS Encryption Service

High Speed Internet - User Guide. Welcome to. your world.

Online Security Information. Tips for staying safe online

Business Internet Banking / Cash Management Fraud Prevention Best Practices

When registering on a jobsite, first ensure that the site is reputable and has a physical address and landline phone number.

Online Banking Customer Awareness and Education Program

Computer Security Maintenance Information and Self-Check Activities

Using the ScoMIS Remote Access Service (VPN Gateway) to access the ScoMIS SIMS.net Terminal Server Service.

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Version: 2.0. Effective From: 28/11/2014

Don t Fall Victim to Cybercrime:

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Corporate Account Takeover & Information Security Awareness. Customer Training

Acceptable Use of ICT Policy For Staff

FILTERING FAQ

Hang Seng HSBCnet Security. May 2016

Accessing your Staff (N and O drive) files from off campus

Connecting to Remote Desktop Windows Users

CITY OF BOULDER *** POLICIES AND PROCEDURES

Section 12 MUST BE COMPLETED BY: 4/22

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Charter Business Desktop Security Administrator's Guide

Network and Workstation Acceptable Use Policy

Spam Management Service Users Guide

Top tips for improved network security

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Net Protector Admin Console

Cyber Security Awareness

ScoMIS Encryption Service

Basic Computer Security Part 2

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

ICT Security Policy for Schools

Using a Firewall General Configuration Guide

PC Security and Maintenance

This guide will go through the common ways that a user can make their computer more secure.

Deter, Detect, Defend

Dene Community School of Technology Staff Acceptable Use Policy

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

What you can do prevent virus infections on your computer

Cyber Security Awareness

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

McAfee.com Personal Firewall

Accessing the Media General SSL VPN

Protecting your business from fraud

Verizon Remote Access User Guide

For assistance with your computer, software or router we have supplied the following information: Tech Support , press 1

Airtel PC Secure Trouble Shooting Guide

Secure Your Home Computer and Router. Windows 7 Abbreviated Version. LeRoy Luginbill, CISSP

How To Behave At A School

The Bishop s Stortford High School Internet Use and Data Security Policy

Information Security. Louis Morgan, CISSP Information Security Officer

Cyber Essentials Questionnaire

Common Cyber Threats. Common cyber threats include:

Remote Deposit Quick Start Guide

Learn to protect yourself from Identity Theft. First National Bank can help.

BT Lancashire Services

Contents Security Centre

Online Banking Security Guide Internet-based version

Yale Software Library

Transcription:

CLEO ~Remote Access Services Remote Desktop Access User guide CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 August 2007 page 1 of 16 CLEO 2007 CLEO Remote Access Services 3SGD User Guide v1.4

1. Introduction 3 2. Requirements 3 2.1.School Requirements 3 2.2.Licensing 5 2.3.Home/Remote User Requirements 5 2.3.1.Potential Security Issues of using the internet to Access Schools Systems 6 2.3.2.How to Reduce the Risks 6 2.3.3.Passwords 7 2.3.4.File Security 7 2.3.5.How Malware could present a risk to your computer 8 2.3.6.Social Engineering 9 2.3.7.Web browser 9 2.3.8.Java runtime 10 2.4.Username and password for SGD 11 2.5.Username and password for SIMS 12 3. SGD 12 4. Technical Support 16 September 2007 page 2 of 16

1. Introduction The Cumbria and Lancashire Education Online (CLEO) Regional Broadband Consortium (RBC) is made up of the two local authorities Cumbria County Council and Lancashire County Council and provides broadband connectivity to schools across the region. Through its network providers Lancaster University Network Services (LUNS), the RBC aims to provide an efficient and secure IP network for all the schools connected to it. In addition CLEO is also interconnected with all the other 9 English RBCs via the Universities JANET Network. The DfES Harnessing Technology Strategy (published March 2005) lays out key priorities for increasing the flexibility and opportunities for study and learning using ICT. CLEO s remote access services are one step in CLEO helping schools to address the personalised learning agenda over the coming years. To date there have been many reasons why schools across CLEO wish to have remote access to their school network including: Access by teachers and pupils Remotely administering the school network Access to a school hosted virtual learning environment (VLE) Access to resources and software on the school network Access to management information systems All CLEO remote access services are provided to support school staff in delivering the curriculum and for teaching and learning. They are also intended for managing and administering schools and their ICT networks. However, by using a Remote Access solution to administer your school network, schools must ensure that all users are fully aware of the Terms and Conditions. CLEO now have a range of remote access solutions that are provided free of charge to schools who are connected to the CLEO broadband service; CLEO Web Gateway CLEO Remote Management Access CLEO Remote Desktop Access CLEO WebDAV This user guide details of the CLEO Remote Desktop Access service. The service uses Sun s Secure Global Desktop (SGD) application. 2. Requirements 2.1. School Requirements September 2007 page 3 of 16

One of the strengths of the CLEO network is the protection it provides all schools connected to it, as they are part of a private network with strict security in place to protect all schools from viruses, trojans and security breaches wherever possible. The regional broadband consortium takes security of the CLEO network very seriously. Opening the network to remote users can increase the risk to individual schools and their PC networks. With this in mind CLEO has developed a number of guides and terms and conditions to help schools understand the requirements and preparation required before implementing remote access for an individual school. CLEO offers its remote access services to schools on an annual renewable basis and only after schools have recognised the risks, as well as advantages, from enabling remote access to your school network and address them from the outset. The following documents can be found on the CLEO website www.cleo.net.uk/ra Introduction to CLEO Remote Access Services A Short Guide for Headteachers and Senior Managers Introduction to CLEO Remote Access Services A Detailed Guide to the Benefits and Risks for Headteachers and Senior Managers Best Practice Guide to Preparing Your School Network and Remote Users PCs CLEO Remote Access Services Terms & Conditions, and Acceptable Use Policy Creating a School Acceptable Use Policy for Remote Access - Helpful Headings CLEO Remote Desktop Access is a centrally provided service which uses Sun s Secure Global Desktop (SGD). CLEO is centrally hosting the required SGD server and connections to schools are done through the CLEO Broadband network. To allow users to access their desktop, Sun SGD requires the school to either designate certain network PC's and to leave them switched on or to be running Terminal Services. Each user will require a separate desktop ip/terminal services ip. For more information on Terminal Services, schools should contact their Local Authority ICT Support. Each designated desktop will need to be running Microsoft Windows XP Professional or later and have Windows Remote Desktop enabled. A useful guide to setting up Remote Desktop on your school PC s can be found on the Microsoft Website at http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx September 2007 page 4 of 16

2.2. Licensing SUN SGD licenses have been purchased for all schools connected on the CLEO network. It was decided that any licenses purchased by CLEO for SGD in 2007 were to be prioritised for enabling teachers and management staff to access school MIS systems effectively. The license is based on 5000 concurrent users, so remote Desktop Access usernames and passwords will be enabled for all staff but logging on the system will be on a first come, first served basis. CLEO offer no guarantee of access, but will be evaluating the popularity of this service. These licenses are provided free of charge to the school. Expanding the number of SGD licenses for schools can only be done when the results of the infrastructure scalability testing and certain CLEO system upgrades have been completed. We hope to get back to schools in early 2008 with more information. Therefore, there is no current requirement for schools to apply for SGD licenses. CLEO is not providing any licenses other than for SGD. It is the schools responsibility to ensure that appropriate licensing is in place for their remote users to connect to the school network. Some software licenses, such as OEM licenses, do not cover the use of the product via remote access. Due to the variation in schools licensing agreements, we would advise schools to contact their license providers to check if any of the following products would be required; Microsoft Windows External Connector License Microsoft Windows Client Access Licenses Microsoft Office licenses for Remote Users This list is not exhaustive and schools should consult their licence providers for any software they wish to use. 2.3. Home/Remote User Requirements Having prepared the desktops/servers within your institution to support remote access, then remote client PC s also need to be prepared. Enforcing such requirements when the PC is not on the premises of an institution requires careful consideration. Schools should develop suitable administration and management procedures to ensure that staff, teachers and/or pupils accessing the facilities in the school using remote access are adequately supported and have sufficient information to minimise the risks involved. All September 2007 page 5 of 16

remote users must agree to follow the acceptable use policy and security guidelines. 2.3.1. Potential Security Issues of using the internet to Access Schools Systems When a computer is directly connected to the internet it can be contacted by any other computer in the world that is also on the internet. This means that there is a considerable risk of exposure to unwanted third parties and malware that could connect to and potentially compromise that computer. Computers in schools that are connected to the CLEO network are not contactable directly from the internet because there are sophisticated safe guards such as firewalls and private network address ranges in place to prevent this. On the other hand, computers in the home very often do not have such safeguards in place, so when you connect from home to your school s network via the internet you run the risk of infecting the school s systems with anything that has previously infected your home computer. For this reason, if you are using the CLEO remote access solution you MUST ensure that you have taken precautions to minimise any increased risk associated with your computer at home connecting to school computers. If you are accessing school data from outside the school environment there is a much greater risk of confidential information being disclosed to unauthorised third parties. Any disclosure of information could put children at risk and would be a breach of The Data Protection Act that could lead to disciplinary action against the members of staff involved. 2.3.2. How to Reduce the Risks Make sure that your computer has up to date Anti Virus Software. In Cumbria all school computers, teacher laptops and teachers home PC s and in Lancashire laptops for teachers and school computer systems are licensed to use Sophos Anti Virus. There are plenty of alternative anti virus software providers (some of them free) for those wishing to protect home PCs. When choosing an anti virus product for home use, make sure that you will be able to get regular updates new viruses are being created all the time. If you suspect that your PC has become infected with a virus (or other malware) don t use it to remotely access your school s system until you are certain that the virus has been deleted. If you do not know how to remove the virus yourself, seek competent help. Make sure that your computer has Windows Update turned on so that it has the latest operating system patches. September 2007 page 6 of 16

Use spam filtering services, most Internet Service Providers (ISP) offer the option of spam filtering, whilst this probably will not stop all the spam coming through it will greatly reduce it and lessen the risk of your pc being infected by a virus. Both Cumbria & Lancashire offer a spam filtering solution for users of their mail service and use of this is highly recommended Wireless network connections must be encrypted and should be set to use WPA2 encryption rather than the older WEP standard. If you are unsure what level of encryption is being used please use a cable. For more information refer to the Technical checks document. Turn on Phishing Filters on the Web browser to reduce the risk of phishing attacks. Use an anti spyware program to detect spyware, Windows Defender from Microsoft is available as a free download and is built in Windows vista. Sophos will also detect spyware. Run a weekly virus scan on your computer. 2.3.3. Passwords Use strong passwords. Passwords should be a minimum of 8 characters long and should contain a mix of letters, numbers and symbols. Try not to use words or phrases that could be easily guessed by somebody that knows you (e.g. names of family members or pets). Passwords should be changed regularly, at least once a term, ideally more often. If you have reason to suspect that somebody has obtained your password, change it immediately. Use a password protected screensaver to prevent anybody gaining access to your computer whilst you are temporarily away from it. Do not use password storing facilities found in some programs to automatically remember passwords. You should not reveal your passwords to anyone. If you have for any reason revealed your password to anyone you should change your password immediately remember you are just as liable for any misdemeanour caused by allowing somebody to logon using your credentials. 2.3.4. File Security Do not copy information from a school system onto a non school system. You may be in breach of the Data Protection Act if you do. Your internet browser should have file caching turned off. Caching is a process where your computer stores a copy of files visited on the internet on your local computer. The technical checks document that accompanies this guidance explains how to turn off caching. Regularly save your work on your school computer, you must not at any stage save work to your home computer. Some home internet connections are not as robust as you may be used to in school, and you September 2007 page 7 of 16

may lose data if your home internet connection fails whilst you are accessing your school system remotely. Do not openly work with sensitive information in public places especially where there is an opportunity for eavesdropping. Do not allow any unauthorised person, including family and friends, access to data held on your school s system. You will be breaching the Data Protection Act if you do. There is an accompanying document to this sheet that shows you how to check if you computer has up to date antivirus protection, how to use windows update and some of the other tools mentioned in this document. 2.3.5. How Malware could present a risk to your computer Malware is a general term for programs that can infect your computer in any number of ways. It can be downloaded onto your computer without you being aware, by visiting a website, through file sharing software or simply by clicking on an infected email attachment. Some malware can search the hard disks of a compromised pc and go through the email contacts and forward that information on to a third party. It could also search a system for keys or passwords. In general malware takes one of the following forms: Worms are a type of program that can infect a computer without any body doing anything. Computers that are on the internet without a firewall and up to date anti virus are particularly vulnerable to this form of attack. Once a worm has infected your computer it will try and infect others using your network connection, and it may also have other undesirable effects, such as destruction of data held on your PC. Computer viruses are another form of malware that require the user to do something such as click on an email attachment before they infect a computer. If you do not recognise the sender on an email please be very wary of clicking on unknown attachments. If you have any doubts delete the email, if it is important the sender will try and get back in touch. Key logging software logs any keystrokes that you make and records the information. If used by criminals, this software can give access to your user names and passwords, such as your school network log on information and the SIMS passwords. It may also include personal information such as online banking details if it is used on your home pc. Once a computer is infected by a virus it may be used as part of a botnet, these are networks of computers that are essentially hijacked by a third September 2007 page 8 of 16

party for their purposes. They may be used to unwittingly host unsuitable web sites or for other criminal purposes. Spam is unsolicited email that often includes viruses or inappropriate content. In addition to carrying potential viruses, spam is time consuming Phishing scams are criminal attempts to steal users personal information by masquerading as a trustworthy business, such as a bank or auction website. A user may receive a link to a bank website in an email which directs them to a bogus website in an attempt to get identity or bank details. This information is then used for criminal purposes. 2.3.6. Social Engineering The reason why many viruses can infect a computer is because they use social engineering techniques to get people to click on an attachment or web site link. They may attempt to disguise the attachment as a funny photo or something that a user will be curious enough to open, such as an electronic greeting. Other forms of social engineering include people pretending to be someone else and trying to get you to tell them your password. You may get someone pretending be technical support when you have never logged a call, trying to get you to reveal your password details to them. If you are unsure that the person you are talking to is who they say they are arrange to ring them back on a telephone number that is known to you. For more information about how to protect yourselves online please refer to any of the following websites:- http://www.getsafeonline.org/ www.computeractive.co.uk www.download.com 2.3.7. Web browser Sun Secure Global Desktop will run on a wide variety of web browsers operating under Windows XP, Windows Vista, Red Hat Linux 3, 4, Fedora Linux 5, or Mac OSX 10.4 operating systems. The browser will need to have Java tm technology enabled. Browsers and Client devices should support HTTP, HTTPS and SSH version 2 or later. September 2007 page 9 of 16

2.3.8. Java runtime The browser will need to have Java tm technology enabled. To download the latest version of Java go to; http://www.java.com/en/download/index.jsp Click on the Free Java Download icon. The website will verify your operating system and select the most appropriate version of Java for you to download. Click verify installation. September 2007 page 10 of 16

The appropriate version of Java will now be installed. 2.4. Username and password for SGD CLEO propose using your network username for your SGD login. There will, however, be a separate password. These details will be sent to the school once the headteachers authorisation has been received by CLEO and the accounts have been set up. These details should be kept private and not revealed to anyone. If you feel that your password has been compromised you should inform your Local Authority ICT Support immediately. They will be able to reset your password. September 2007 page 11 of 16

2.5. Username and password for SIMS Usernames and passwords for SIMS/MIS access will remain the responsibility of the school and/or local authority. 3. SGD In Cumbria and Lancashire all SGD users will access the same web address/url http://desktop.cleo.net.uk Type in the url into your web browser Users will see the following screen. Most users will choose the log-in option The web browser will now connect to the SGD server September 2007 page 12 of 16

Insert your SGD username and password Your system tray will show 2 new icons confirming Java Platform is running and that an SGD is running. The webtop Sun SGD provides access to the users desktop via the SGD webtop Click on the Desktop icon or text to connect to your work machine. September 2007 page 13 of 16

You will then be asked to authenticate your network log on details. NB the connection is now to your school network so you should enter your school network username and password. When your desktop session is running a triangle appears in front of the link. A session toolbar also appears below the application link. Your school desktop will now load and be shown full screen September 2007 page 14 of 16

Users can toggle between their local and school desktops by using the windows key on their keyboard. Users can also manage printing from the webtop. SGD allows users to print to network printers via their network desktop. It also allows users to print to their local home printer. You should always log out of Secure Global Desktop before closing your web browser. This lets Secure Global Desktop shut down any applications that need not run any more and makes sure nobody can use a user's applications in their name without permission. If someone closes their web browser without logging out (or if their web browser crashes), they are not logged out of Secure Global Desktop. The user can log in to Secure Global Desktop again and can resume applications configured to be Webtop session resumable or Always resumable. To log out of Secure Global Desktop, click the Logout button on your webtop and click OK when prompted for confirmation. September 2007 page 15 of 16

4. Technical Support Technical support for the CLEO remote access services is provided by each of the Local Authority ICT School Support Services. All requests for CLEO remote access services are coordinated through these services if you have any queries during the setup process and preparation of your network they will be able to provide advice. Please note that, although the CLEO remote access services are free and the LA Schools ICT Support Services will advise you on the settings required they may charge for any additional work requested to assist you in preparing your network. Cumbria Schools Jeff Haslam Tel: 07967-050356 Email: jeff@cict.org.uk Lancashire Schools The Westfield Centre Tel: 01772-623222 Fax: 01772 621209 Email: call.centre@westfield.lancsngfl.ac.uk September 2007 page 16 of 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information