SlideShare ist ein Scribd-Unternehmen logo

Best practices to shape and secure your 1:1 program

Als DOCX, PDF herunterladen
Securly
Securly

A key requirement of a 1:1 program is security and achievement – ensuring students are using the device safely and productively. This document provides several best practices that together make for a successful 1:1 experience.

BildungTechnologie
1 von 11
best practices to shape & secure your 1:1 program tech brief – summer2014 – v1.2 securly://
Contents Dr. Jekyll.................................................................................................................................... 3 Mr. Hyde .................................................................................................................................... 4 Security & Productivity Best Practices........................................................................................ 6 Best Practice #1: Secure Search............................................................................................ 6 Best Practice #2: Secure YouTube......................................................................................... 7 Best Practice #3: Secure Gmail.............................................................................................. 8 Best Practice #4: Delegate Web-Filtering to Teachers............................................................ 9 Best Practice #5: Don’t Just Block. Audit................................................................................ 9 Best Practice #6: Take-home needs Filtering or Digital Citizenship .......................................10 Best Practice #7: Layered Defense with Base Firewall Policy................................................10 Best Practice #8: Lock-Down Windows Devices with Active Directory...................................11 Best Practice #9: Lock-Down 1:1 Rollout with MDM ..............................................................11 Conclusion................................................................................................................................11 About Securly ...........................................................................................................................11
Dr. Jekyll Schools are adopting 1:1 programs by the masses. Every week, a number of districts make the news for deploying chromebooks, iPads, and other devices. One of the better known deployments occurred in Los Angeles Unified School District (LAUSD), where 640,000 students would each receive their own school-issued iPad. Maine, one of the early adopters of a 1:1 initiative, distributed an Apple MacBook to every seventh- and eighth-grader in the state back in 2002. More than a decade later, its program has won qualified praise for making access to technology equitable across students of all socioeconomic backgrounds. The 1:1 phenomenon is not just confined to U.S. borders. On the contrary, it is a global sensation. Take the country of Malaysia, for example, who recently gave Chromebooks for over 10 million students in the country. “As part of their 1:1 initiative, Malaysia is deploying Chromebooks to primary and secondary schools nationwide. These efforts to integrate the web are a central part of a national plan to reform its educational system.” – Felix Lin, Director of Product Management, Google The perceived benefits of a 1:1 program are plentiful, including:
 Given the constantly falling costs of devices, these have become cheaper than paper textbooks. This being the case, it makes financial sense for schools to re-allocate resources towards buying devices and have students benefit from free 21st century online learning tools such as Khan Academy and CK-12.  Online information is constantly evolving as contrasted with static textbooks, where information is often outdated.  Allowing students and teachers to remotely collaborate on projects via free online tools such as Google Docs. Mr. Hyde “Even the noblest of efforts — such as, say, the Los Angeles Unified School District's program to give each of its 600,000-plus students Apple iPads — can suffer under the weight of bungled management. Since the district rolled out its $1 billion program — funded by construction bond money … reaction has ranged from skepticism at the beginning to downright hostility as more problems were reported.” – Los Angeles Times Several years and billions of dollars later, one question remains: are these devices actually being used for the reasons they were intended? There is no question that technology opens up a world of wondrous possibilities to students, but it also exposes them to distractions and risks that were previously less probable in a traditional classroom model. Among these perils is the growing threat posed by cyber-bullying and online predators, along with unprecedented access to adult content through social media and other channels. This problem is further compounded when students are taking these devices home, where there is just a fraction of the supervision available at school.
Securly works with hundreds of schools across the United States to provide both in-school and take-home filtering. This enables us to see DNS, HTTP and HTTPS traffic from these schools “funneled” through a central location. Upending the traditional model (which asks for a on premise appliance for reporting) allows us to have a centralized, high-performance repository for all of our customers’ audit data. This in turn helps us find needles in any give haystack (Example: Which students are being most productive or being blocked the most often) or infer macro-trends among all of our haystacks put together (Example: Which websites are most popular amongst high school take-home users across 100,000 students?) The following graph shows the in-school browsing pattern (top blocked sites) of a district that is one of our customers. The browsing behavior of the same cohort of users differs quite a bit as they go home:
Facebook is by a long shot the most blocked domain at home. This shows that student behavior can vary considerably when they’re unsupervised. Security & Productivity Best Practices We now proceed to talk about several best practices we have learnt from our customers in the field. We have seen these being used time and again to create a safe learning environment while creating “buy-in” from all stake-holders (Administrators, Teachers and Parents) who are involved in signing off on a 1:1 rollout. Best Practice #1: Secure Search Turn on safe-search: Google, Bing and Yahoo support safe search on their respective search engines. A web-filter will need to pro-actively enable these safety modes. We recommend enabling safety modes on these three search engines while keeping all other search engines (Ask, Duckduckgo, etc) blocked. The top three search engines give students more than enough freedom to research on their class assignments. Safety mode can be enabled by simply appending a string at the end of the URL, as shown here:  Google: ?&safe=active  Bing: ?& adlt=strict  Yahoo: ?&vm=r Systems such as Dan’s Guardian and Safe Squid can be used to accomplish the above. Chromebooks can have the safety mode turned on for Google on the Apps for Education Admin Control panel. Redirecting encrypted search: In 2010, Google launched an encrypted version of its search engine that made SSL the default transport for all Google traffic. This was problematic for schools, as the Children’s Internet Protection Act (CIPA) requires that students be blocked and audited when trying to access inappropriate content. Blocking encrypted search was not really a viable option, since Google has become a de-facto tool in the 21st century classroom. Google has instead provided schools with a nosslsearch.google.com option. All SSL traffic bound for google.com can be intercepted by the web-filter and re-directed to nosslsearch.google.com. This ensures a seamless re-direct from HTTPS to HTTP. Additionally, encrypted.google.com needs to be blocked by the web-filter because the nosslsearch trick does not work for this domain by design. Keyword blocking: Even with safe search turned on, keywords that would normally be inappropriate (ex: those related to drugs or violence) for a K-12 setting are allowed by Google, Bing and Yahoo. To address this issue, we recommend URL based keyword blocking. Securly
uses a keyword list of over 1000 keywords that has been carefully culled to avoid False Positives. This list can be built from publically available sources. We also recommend accounting for permutations of those keywords to address evasive behavior. For example, a student could type “h4(k1ng” instead of “hacking” or “a$$” instead of “ass”. Safe Image Search: Several of our customers have reported the following issue: Image Search is not safe enough with Safe Search turned on. Blocking image search is not an option since there are legitimate uses for this functionality. Our recommendation in this case is to turn on the “Creative Commons” filter that is supported by all major search engines. The idea here is to filter out all images except those tagged as being distributed under the “Creative Commons” license. We have found based on extensive empirical evidence that images with this license are for the most part appropriate for classroom use. Further, the filter can be turned on for students only while leaving staff unfiltered on image search. The following strings will need to be appended to image search URLs to turn on the creative commons filter:  Google: &tbs=sur:fmc  Bing: &qft=+filterui:license-L2_L3  Yahoo: &imgl=ccr Best Practice #2: Secure YouTube “So by enabling YouTube for Schools, you're limiting everyone's ability to see videos that aren't tagged as EDU or added to your own allow list. Then the list of people that are allowed to whitelist videos is something that you have to maintain manually” - I.T. Admin on Forum There is often a debate in schools about the use of YouTube, with common implementations falling into one of three categories: completely open access, YouTube for EDU, or altogether blocked. Allowing students to access a completely open YouTube can expose them to potentially inappropriate or distracting content. On the other hand, YouTube for EDU tends to be limiting, as teachers and admins are required to add one video at a time to their playlist. With the undeniable importance of YouTube as an educational tool, blocking YouTube altogether is not really a feasible option. The solution we recommend: YouTube Safety Mode.
YouTube Safety Mode is a setting that, similar to Google’s safe search, hides inappropriate content when enabled. Videos that have been flagged as being inappropriate by users for a host of reasons will not be accessible in this mode. The following string will need to be injected into the Cookie header of a YouTube traffic flow in order to enable Safety Mode:  PREF=f2=8000000 What follows is a description of how two of our customers are using YouTube Safety Mode to achieve a conducive learning environment.  Webb City R-VII School District, MO: Have turned on YouTube Safety mode for in- school filtering. Since the district believes that home is actually a less supervised environment, they turn on YouTube for Schools for their 1200 Chromebooks when they go home.  Romeo Community Schools, MI: YouTube Safety mode has been turned on for both school and home for 3300 Chromebooks. The Safety Mode is used in conjunction with URL based keyword blocking to achieve a learning environment that is in line with community standards. Keywords that lead to inappropriate content showing up are blacklisted on an as needed basis. Best Practice #3: Secure Gmail “Monitor the safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications.” – Wording of the CIPA law (Source: fcc.gov) The CIPA law is clear in its intent. E-mail sent by students needs to be policed. Since most web- filters lack the ability to do this, schools normally end up blocking e-mail and chat. However, this is no longer an option with many schools turning to Google’s free Apps for Education (GAfE) suite as the foundation on which they base their 1:1 initiatives. Part of GAfE is of course – GMail – which students will need to use for a truly collaborative experience. The challenge here is – allowing students to use GMail allows them to log in with their consumer (as opposed to Google
Apps) accounts. Consumer accounts cannot be policed and this opens the school up to liability. The problem is complicated by the fact that all GMail traffic is over SSL. Very few web-filters support the ability to decrypt SSL traffic. Securly recommends the following steps to secure GMail:  Intercept and decrypt GMail related SSL traffic. Achieving this normally involves pushing out root certificates provided by your filter vendor out to your end hosts.  Add the HTTP header X-GoogApps-Allowed-Domains, whose value is a comma- separated list with allowed domain name(s). Include the domain you registered with Google Apps and any secondary domains you might have added.  Archive GMail using an application like Vault. This makes all of the mail sent over your network searchable and keeps your school compliant. Best Practice #4: Delegate Web-Filtering to Teachers “Teachers need choice on when they’re ready to unblock as they teach students to use technology appropriately.” – Tanya Avrith, Google Certified Teacher. We see two “classroom-level” issues come up time and again in post-deployment scenarios:  Classroom Management: While this was a solved problem in a Windows-only world with applications like LanSchool, the product that we see used most often for a Chrome- heavy classroom is Hapara’s Teacher Dashboard.  Web-filtering policy: The advent of Common Core has meant that teachers have a great deal of control over the tools and websites that they use for classroom instruction. However, we believe that web-filtering policy (which is decided at the district level) has not kept pace with this trend. More often than not teachers who find an interesting resource during lesson planning end up finding that resource is blocked during classroom instruction. The only recourse is to file a helpdesk ticket. We believe that where possible, teachers should be allowed, and indeed encouraged to tweak the district’s web-filtering policy to suit the needs of their classroom. Best Practice #5: Don’t Just Block. Audit. "You can't change behavior that you can't see or connect to a specific user." - Tim White, Director of Technology at Webb City R-VII School District Based on our interaction with districts around the nation, we have come to the conclusion that for these districts, filtering is not just about achieving compliance or denying access to students. It is about:  Modifying behavior: Being able to teach your students responsible use of the technology that they’ve been given access to.
 Figuring out how students are really using technology. Usage patterns and statistics can be used to bolster community buy-in for scaling your 1:1 program.  Tweaking policies to reinforce positive behavior. If the initial policy is stringent, you might want to use evidence provided by your audit logs to open up access. On the other hand if the policy turns out to be too lax and students end up spending more time than they should on distracting sites, you could use that evidence to keep them more focused on the task at hand. Best Practice #6: Take-home needs Filtering or Digital Citizenship The primary driver of the need for web-filtering is compliance with the CIPA law. Having said that, the law does not mandate filtering at home. Those of our customers who choose to filter at home do so because it aligns with the standards of their community. For school districts that choose not to filter at home, we do believe that a monitoring tool of some sort to be useful for the same reasons stated in the previous section: without monitoring, you have no idea if your 1:1 program is being put to good use and on the trajectory to do what it is really intended to do – raise student achievement. In the absence of web-filtering, we have found from empirical evidence that Digital Citizenship is an effective tool in encouraging appropriate use of technology resources. One example of digital citizenship as applied to 1:1 would be parents letting kids know that they cannot take devices with them to their bedrooms (an unsupervised environment). Many of the schools in our customer base do have programs in place that teach students appropriate use of technology resources. Best Practice #7: Layered Defense with Base Firewall Policy The following FireWall policies can be used with minimal effort to prevent the use of evasive applications and proxyies in your environment: Start out by keeping only ports 53 (UDP), 80 and 443 open on the egress and expand out from there. Generally speaking, DNS, HTTP and HTTPS are the only kinds of traffic you should see on the egress of your network. You could start from there and open up further ports based on user demand. Other protocols (RDP, FTP, etc) tend to be limited to your Intranet. Blocking the HTTP CONNECT method will deter proxy access. If you use DNS-based filtering such as Securly or OpenDNS, you can further lock down the DNS egress traffic to be limited to Securly/OpenDNS DNS IP addresses along with perhaps the clearinghouse DNS server used by the district. Likewise, if you are using a cloud-based proxy such as Securly or Zscaler, limit your HTTP CONNECTs to the IP addresses of Securly/Zscaler servers.
Best Practice #8: Lock-Down Windows Devices with Active Directory In a Windows environment, you can prevent application installation by user group using GPO. Besides preventing the use of evasive applications, this has the added benefit of keeping malware off your network (and potential cost savings from not having to purchase anti-malware software for your Windows hosts). Best Practice #9: Lock-Down 1:1 Rollout with MDM We believe it to be self-evident that putting devices in the hands of your students without a way to manage those devices is unlikely to get favorable results for your 1:1 deployment. Generally speaking, Chromebooks use the Google Apps Admin Control panel as their MDM. For Windows based devices, Active Directory made it easy to push out Group Policies. The point of contention is mostly for iOS devices. The lack of a good option from Apple makes this the case. Common MDM options include AirWatch, Casper, JAMF and MobileIron. Several of our customers use Meraki’s MDM simply because it is a free and reliable option. Conclusion While there is no silver bullet in security, the best practices outlined in this document can not only secure your 1:1 deployments against exposure to unsafe content, but also keep students productive and focused on educational content and away from time sinks thereby allowing your school to achieve a higher achievement ROI on your 1:1 investment. About Securly Securly is a cloud-based web-filter that provides in-school and take-home filtering across all devices. For more information, please visit www.securly.com or email support@securly.com

Empfohlen

Case Study: Webb City R-VII School District
Case Study: Webb City R-VII School DistrictCase Study: Webb City R-VII School District
Case Study: Webb City R-VII School District
Securly
 
1:1 Device Theft in K-12 Schools
1:1 Device Theft in K-12 Schools1:1 Device Theft in K-12 Schools
1:1 Device Theft in K-12 Schools
Securly
 
Securly Product Brief
Securly Product BriefSecurly Product Brief
Securly Product Brief
Securly
 
East Maine School District Case Study
East Maine School District Case StudyEast Maine School District Case Study
East Maine School District Case Study
Securly
 
Tom's River Case Study
Tom's River Case StudyTom's River Case Study
Tom's River Case Study
Securly
 
Case Study: Gila Crossing Community School
Case Study: Gila Crossing Community SchoolCase Study: Gila Crossing Community School
Case Study: Gila Crossing Community School
Securly
 
Securly - Pickens County Case Study
Securly - Pickens County Case StudySecurly - Pickens County Case Study
Securly - Pickens County Case Study
Securly
 
Case Study: Summit Public Schools
Case Study: Summit Public SchoolsCase Study: Summit Public Schools
Case Study: Summit Public Schools
Securly
 

Empfohlen

Case Study: Webb City R-VII School District
Case Study: Webb City R-VII School DistrictCase Study: Webb City R-VII School District
Case Study: Webb City R-VII School District
Securly
 
1:1 Device Theft in K-12 Schools
1:1 Device Theft in K-12 Schools1:1 Device Theft in K-12 Schools
1:1 Device Theft in K-12 Schools
Securly
 
Securly Product Brief
Securly Product BriefSecurly Product Brief
Securly Product Brief
Securly
 
East Maine School District Case Study
East Maine School District Case StudyEast Maine School District Case Study
East Maine School District Case Study
Securly
 
Tom's River Case Study
Tom's River Case StudyTom's River Case Study
Tom's River Case Study
Securly
 
Case Study: Gila Crossing Community School
Case Study: Gila Crossing Community SchoolCase Study: Gila Crossing Community School
Case Study: Gila Crossing Community School
Securly
 
Securly - Pickens County Case Study
Securly - Pickens County Case StudySecurly - Pickens County Case Study
Securly - Pickens County Case Study
Securly
 
Case Study: Summit Public Schools
Case Study: Summit Public SchoolsCase Study: Summit Public Schools
Case Study: Summit Public Schools
Securly
 
Baugo Community Schools
Baugo Community SchoolsBaugo Community Schools
Baugo Community Schools
Securly
 
Lee's Summit
Lee's SummitLee's Summit
Lee's Summit
Securly
 
Student Safety Reimagined - Product Brief
Student Safety Reimagined - Product BriefStudent Safety Reimagined - Product Brief
Student Safety Reimagined - Product Brief
Securly
 
Delegated Admin by Securly
Delegated Admin by SecurlyDelegated Admin by Securly
Delegated Admin by Securly
Securly
 
Case Study: Massac Unit #1 School District
Case Study: Massac Unit #1 School DistrictCase Study: Massac Unit #1 School District
Case Study: Massac Unit #1 School District
Securly
 
Auditor by Securly
Auditor by SecurlyAuditor by Securly
Auditor by Securly
Securly
 
Web Policies Presentation
Web Policies PresentationWeb Policies Presentation
Web Policies Presentation
spaul6414
 
What is Securly?
What is Securly?What is Securly?
What is Securly?
Securly
 
School Technology Planning
School Technology PlanningSchool Technology Planning
School Technology Planning
WELSTech
 
District Administration Magazine - Dec 2014 Feature - Simmons
District Administration Magazine - Dec 2014 Feature - SimmonsDistrict Administration Magazine - Dec 2014 Feature - Simmons
District Administration Magazine - Dec 2014 Feature - Simmons
Marc Simmons, EdD
 
E-Safety
E-SafetyE-Safety
E-Safety
Kevin Campbell-Wright
 
Teachmeet presentation 2mins. 2010
Teachmeet presentation 2mins. 2010Teachmeet presentation 2mins. 2010
Teachmeet presentation 2mins. 2010
pdingley
 
Top 10 trends In Education Technology for 2016
Top 10 trends In Education Technology for 2016Top 10 trends In Education Technology for 2016
Top 10 trends In Education Technology for 2016
karima1
 
Learn how can protect data from cyber attack with single sign on services
Learn how can protect data from cyber attack with single sign on servicesLearn how can protect data from cyber attack with single sign on services
Learn how can protect data from cyber attack with single sign on services
campuseai
 
BYOD & Social Media: The Risks and Benefits for Education
BYOD & Social Media: The Risks and Benefits for EducationBYOD & Social Media: The Risks and Benefits for Education
BYOD & Social Media: The Risks and Benefits for Education
Bloxx
 
Leadership for Engaging Students Digitally: It's not about the Angry Birds!
Leadership for Engaging Students Digitally: It's not about the Angry Birds!Leadership for Engaging Students Digitally: It's not about the Angry Birds!
Leadership for Engaging Students Digitally: It's not about the Angry Birds!
ewilliams65
 
Best practices SmarterMeasure Learning Readiness Indicator Webinar
Best practices SmarterMeasure Learning Readiness Indicator WebinarBest practices SmarterMeasure Learning Readiness Indicator Webinar
Best practices SmarterMeasure Learning Readiness Indicator Webinar
SmarterServices Owen
 
Identity and Access Management in Education - Common Issues and How to Mitiga...
Identity and Access Management in Education - Common Issues and How to Mitiga...Identity and Access Management in Education - Common Issues and How to Mitiga...
Identity and Access Management in Education - Common Issues and How to Mitiga...
Tom Fasano
 
E learning development process
E learning development processE learning development process
E learning development process
Marie Weaver
 
HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10
Scott Edmunds
 
Web2 Price
Web2 PriceWeb2 Price
Web2 Price
johno2128
 
Web2 Price
Web2 PriceWeb2 Price
Web2 Price
johno2128
 

Weitere ähnliche Inhalte

Was ist angesagt?

Case Study: Massac Unit #1 School District
Case Study: Massac Unit #1 School DistrictCase Study: Massac Unit #1 School District
Case Study: Massac Unit #1 School District
Securly
 
Web Policies Presentation
Web Policies PresentationWeb Policies Presentation
Web Policies Presentation
spaul6414
 
District Administration Magazine - Dec 2014 Feature - Simmons
District Administration Magazine - Dec 2014 Feature - SimmonsDistrict Administration Magazine - Dec 2014 Feature - Simmons
District Administration Magazine - Dec 2014 Feature - Simmons
Marc Simmons, EdD
 
BYOD & Social Media: The Risks and Benefits for Education
BYOD & Social Media: The Risks and Benefits for EducationBYOD & Social Media: The Risks and Benefits for Education
BYOD & Social Media: The Risks and Benefits for Education
Bloxx
 
Identity and Access Management in Education - Common Issues and How to Mitiga...
Identity and Access Management in Education - Common Issues and How to Mitiga...Identity and Access Management in Education - Common Issues and How to Mitiga...
Identity and Access Management in Education - Common Issues and How to Mitiga...
Tom Fasano
 

Was ist angesagt? (19)

Baugo Community Schools
Baugo Community SchoolsBaugo Community Schools
Baugo Community Schools
 
Lee's Summit
Lee's SummitLee's Summit
Lee's Summit
 
Student Safety Reimagined - Product Brief
Student Safety Reimagined - Product BriefStudent Safety Reimagined - Product Brief
Student Safety Reimagined - Product Brief
 
Delegated Admin by Securly
Delegated Admin by SecurlyDelegated Admin by Securly
Delegated Admin by Securly
 
Case Study: Massac Unit #1 School District
Case Study: Massac Unit #1 School DistrictCase Study: Massac Unit #1 School District
Case Study: Massac Unit #1 School District
 
Auditor by Securly
Auditor by SecurlyAuditor by Securly
Auditor by Securly
 
Web Policies Presentation
Web Policies PresentationWeb Policies Presentation
Web Policies Presentation
 
What is Securly?
What is Securly?What is Securly?
What is Securly?
 
School Technology Planning
School Technology PlanningSchool Technology Planning
School Technology Planning
 
District Administration Magazine - Dec 2014 Feature - Simmons
District Administration Magazine - Dec 2014 Feature - SimmonsDistrict Administration Magazine - Dec 2014 Feature - Simmons
District Administration Magazine - Dec 2014 Feature - Simmons
 
E-Safety
E-SafetyE-Safety
E-Safety
 
Teachmeet presentation 2mins. 2010
Teachmeet presentation 2mins. 2010Teachmeet presentation 2mins. 2010
Teachmeet presentation 2mins. 2010
 
Top 10 trends In Education Technology for 2016
Top 10 trends In Education Technology for 2016Top 10 trends In Education Technology for 2016
Top 10 trends In Education Technology for 2016
 
Learn how can protect data from cyber attack with single sign on services
Learn how can protect data from cyber attack with single sign on servicesLearn how can protect data from cyber attack with single sign on services
Learn how can protect data from cyber attack with single sign on services
 
BYOD & Social Media: The Risks and Benefits for Education
BYOD & Social Media: The Risks and Benefits for EducationBYOD & Social Media: The Risks and Benefits for Education
BYOD & Social Media: The Risks and Benefits for Education
 
Leadership for Engaging Students Digitally: It's not about the Angry Birds!
Leadership for Engaging Students Digitally: It's not about the Angry Birds!Leadership for Engaging Students Digitally: It's not about the Angry Birds!
Leadership for Engaging Students Digitally: It's not about the Angry Birds!
 
Best practices SmarterMeasure Learning Readiness Indicator Webinar
Best practices SmarterMeasure Learning Readiness Indicator WebinarBest practices SmarterMeasure Learning Readiness Indicator Webinar
Best practices SmarterMeasure Learning Readiness Indicator Webinar
 
Identity and Access Management in Education - Common Issues and How to Mitiga...
Identity and Access Management in Education - Common Issues and How to Mitiga...Identity and Access Management in Education - Common Issues and How to Mitiga...
Identity and Access Management in Education - Common Issues and How to Mitiga...
 
E learning development process
E learning development processE learning development process
E learning development process
 

Ähnlich wie Best practices to shape and secure your 1:1 program

Vivitek - BYOD and the new demands for group collaboration in Education and C...
Vivitek - BYOD and the new demands for group collaboration in Education and C...Vivitek - BYOD and the new demands for group collaboration in Education and C...
Vivitek - BYOD and the new demands for group collaboration in Education and C...
WildwoodPR
 
Immersion Program Presentation Web2
Immersion Program Presentation Web2Immersion Program Presentation Web2
Immersion Program Presentation Web2
Rick Reo
 
HIT164 COMPUTING FUNDAMENTALSAssignment 1 Research Essay
HIT164 COMPUTING FUNDAMENTALSAssignment 1 Research EssayHIT164 COMPUTING FUNDAMENTALSAssignment 1 Research Essay
HIT164 COMPUTING FUNDAMENTALSAssignment 1 Research Essay
sorayan5ywschuit
 
S.NoSalesforce Business Analyst roleComputer Systems Analysts.docx
S.NoSalesforce Business Analyst roleComputer Systems Analysts.docxS.NoSalesforce Business Analyst roleComputer Systems Analysts.docx
S.NoSalesforce Business Analyst roleComputer Systems Analysts.docx
jeffsrosalyn
 
Collaborativet Tools
Collaborativet ToolsCollaborativet Tools
Collaborativet Tools
tstephens
 
Collaborative Tools
Collaborative ToolsCollaborative Tools
Collaborative Tools
tstephens
 

Ähnlich wie Best practices to shape and secure your 1:1 program (20)

HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10
 
Web2 Price
Web2 PriceWeb2 Price
Web2 Price
 
Web2 Price
Web2 PriceWeb2 Price
Web2 Price
 
Cloud Storage Research
Cloud Storage ResearchCloud Storage Research
Cloud Storage Research
 
The Future for Educational Resource Repositories in a Web 2.0 World
The Future for Educational Resource Repositories in a Web 2.0 WorldThe Future for Educational Resource Repositories in a Web 2.0 World
The Future for Educational Resource Repositories in a Web 2.0 World
 
Vivitek - BYOD and the new demands for group collaboration in Education and C...
Vivitek - BYOD and the new demands for group collaboration in Education and C...Vivitek - BYOD and the new demands for group collaboration in Education and C...
Vivitek - BYOD and the new demands for group collaboration in Education and C...
 
Data Management and Horizon 2020
Data Management and Horizon 2020Data Management and Horizon 2020
Data Management and Horizon 2020
 
E-Content Development - R.D.Sivakumar
E-Content Development - R.D.SivakumarE-Content Development - R.D.Sivakumar
E-Content Development - R.D.Sivakumar
 
Why we need a more Ethical Web
Why we need a more Ethical Web Why we need a more Ethical Web
Why we need a more Ethical Web
 
Digital Innovation in Commerce-R.D.Sivakumar
Digital Innovation in Commerce-R.D.SivakumarDigital Innovation in Commerce-R.D.Sivakumar
Digital Innovation in Commerce-R.D.Sivakumar
 
Immersion Program Presentation Web2
Immersion Program Presentation Web2Immersion Program Presentation Web2
Immersion Program Presentation Web2
 
E-Content Development - R.D.Sivakumar
E-Content Development - R.D.SivakumarE-Content Development - R.D.Sivakumar
E-Content Development - R.D.Sivakumar
 
Online productivity tools - SILS20090
Online productivity tools - SILS20090Online productivity tools - SILS20090
Online productivity tools - SILS20090
 
HIT164 COMPUTING FUNDAMENTALSAssignment 1 Research Essay
HIT164 COMPUTING FUNDAMENTALSAssignment 1 Research EssayHIT164 COMPUTING FUNDAMENTALSAssignment 1 Research Essay
HIT164 COMPUTING FUNDAMENTALSAssignment 1 Research Essay
 
Project report on blogs
Project report on blogsProject report on blogs
Project report on blogs
 
Seeory
SeeorySeeory
Seeory
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016
 
S.NoSalesforce Business Analyst roleComputer Systems Analysts.docx
S.NoSalesforce Business Analyst roleComputer Systems Analysts.docxS.NoSalesforce Business Analyst roleComputer Systems Analysts.docx
S.NoSalesforce Business Analyst roleComputer Systems Analysts.docx
 
Collaborativet Tools
Collaborativet ToolsCollaborativet Tools
Collaborativet Tools
 
Collaborative Tools
Collaborative ToolsCollaborative Tools
Collaborative Tools
 

Mehr von Securly

Anti-Bullying Legislation in the United States
Anti-Bullying Legislation in the United StatesAnti-Bullying Legislation in the United States
Anti-Bullying Legislation in the United States
Securly
 
Securly vs Hardware
Securly vs HardwareSecurly vs Hardware
Securly vs Hardware
Securly
 
Securly vs OpenDNS
Securly vs OpenDNSSecurly vs OpenDNS
Securly vs OpenDNS
Securly
 

Mehr von Securly (15)

Best practices to shape and secure your 1:1 Chromebook program
Best practices to shape and secure your 1:1 Chromebook programBest practices to shape and secure your 1:1 Chromebook program
Best practices to shape and secure your 1:1 Chromebook program
 
Best Practices for Configuring YouTube Restricted Mode
Best Practices for Configuring YouTube Restricted ModeBest Practices for Configuring YouTube Restricted Mode
Best Practices for Configuring YouTube Restricted Mode
 
Nlp whitepaper the securly way
Nlp whitepaper the securly wayNlp whitepaper the securly way
Nlp whitepaper the securly way
 
DNS to Anything - How Securly Works
DNS to Anything - How Securly WorksDNS to Anything - How Securly Works
DNS to Anything - How Securly Works
 
David's Law
David's Law David's Law
David's Law
 
Anti-Bullying Legislation in the United States
Anti-Bullying Legislation in the United StatesAnti-Bullying Legislation in the United States
Anti-Bullying Legislation in the United States
 
Auditor Admin Config - Uswest
Auditor Admin Config - UswestAuditor Admin Config - Uswest
Auditor Admin Config - Uswest
 
Auditor Admin Config - Useast
Auditor Admin Config - UseastAuditor Admin Config - Useast
Auditor Admin Config - Useast
 
Best practices to shape and secure your 1:1 program for Windows
Best practices to shape and secure your 1:1 program for WindowsBest practices to shape and secure your 1:1 program for Windows
Best practices to shape and secure your 1:1 program for Windows
 
Can social media save kids' lives?
Can social media save kids' lives?Can social media save kids' lives?
Can social media save kids' lives?
 
Managing Screen Time - The Student's Perspective
Managing Screen Time - The Student's PerspectiveManaging Screen Time - The Student's Perspective
Managing Screen Time - The Student's Perspective
 
Best practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for ChromebooksBest practices to shape and secure your 1:1 program for Chromebooks
Best practices to shape and secure your 1:1 program for Chromebooks
 
Securly vs Hardware
Securly vs HardwareSecurly vs Hardware
Securly vs Hardware
 
Securly vs OpenDNS
Securly vs OpenDNSSecurly vs OpenDNS
Securly vs OpenDNS
 
What is Securly?
What is Securly?What is Securly?
What is Securly?
 

Kürzlich hochgeladen

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 

Best practices to shape and secure your 1:1 program

  • 1. best practices to shape & secure your 1:1 program tech brief – summer2014 – v1.2 securly://
  • 2. Contents Dr. Jekyll.................................................................................................................................... 3 Mr. Hyde .................................................................................................................................... 4 Security & Productivity Best Practices........................................................................................ 6 Best Practice #1: Secure Search............................................................................................ 6 Best Practice #2: Secure YouTube......................................................................................... 7 Best Practice #3: Secure Gmail.............................................................................................. 8 Best Practice #4: Delegate Web-Filtering to Teachers............................................................ 9 Best Practice #5: Don’t Just Block. Audit................................................................................ 9 Best Practice #6: Take-home needs Filtering or Digital Citizenship .......................................10 Best Practice #7: Layered Defense with Base Firewall Policy................................................10 Best Practice #8: Lock-Down Windows Devices with Active Directory...................................11 Best Practice #9: Lock-Down 1:1 Rollout with MDM ..............................................................11 Conclusion................................................................................................................................11 About Securly ...........................................................................................................................11
  • 3. Dr. Jekyll Schools are adopting 1:1 programs by the masses. Every week, a number of districts make the news for deploying chromebooks, iPads, and other devices. One of the better known deployments occurred in Los Angeles Unified School District (LAUSD), where 640,000 students would each receive their own school-issued iPad. Maine, one of the early adopters of a 1:1 initiative, distributed an Apple MacBook to every seventh- and eighth-grader in the state back in 2002. More than a decade later, its program has won qualified praise for making access to technology equitable across students of all socioeconomic backgrounds. The 1:1 phenomenon is not just confined to U.S. borders. On the contrary, it is a global sensation. Take the country of Malaysia, for example, who recently gave Chromebooks for over 10 million students in the country. “As part of their 1:1 initiative, Malaysia is deploying Chromebooks to primary and secondary schools nationwide. These efforts to integrate the web are a central part of a national plan to reform its educational system.” – Felix Lin, Director of Product Management, Google The perceived benefits of a 1:1 program are plentiful, including:
  • 4.  Given the constantly falling costs of devices, these have become cheaper than paper textbooks. This being the case, it makes financial sense for schools to re-allocate resources towards buying devices and have students benefit from free 21st century online learning tools such as Khan Academy and CK-12.  Online information is constantly evolving as contrasted with static textbooks, where information is often outdated.  Allowing students and teachers to remotely collaborate on projects via free online tools such as Google Docs. Mr. Hyde “Even the noblest of efforts — such as, say, the Los Angeles Unified School District's program to give each of its 600,000-plus students Apple iPads — can suffer under the weight of bungled management. Since the district rolled out its $1 billion program — funded by construction bond money … reaction has ranged from skepticism at the beginning to downright hostility as more problems were reported.” – Los Angeles Times Several years and billions of dollars later, one question remains: are these devices actually being used for the reasons they were intended? There is no question that technology opens up a world of wondrous possibilities to students, but it also exposes them to distractions and risks that were previously less probable in a traditional classroom model. Among these perils is the growing threat posed by cyber-bullying and online predators, along with unprecedented access to adult content through social media and other channels. This problem is further compounded when students are taking these devices home, where there is just a fraction of the supervision available at school.
  • 5. Securly works with hundreds of schools across the United States to provide both in-school and take-home filtering. This enables us to see DNS, HTTP and HTTPS traffic from these schools “funneled” through a central location. Upending the traditional model (which asks for a on premise appliance for reporting) allows us to have a centralized, high-performance repository for all of our customers’ audit data. This in turn helps us find needles in any give haystack (Example: Which students are being most productive or being blocked the most often) or infer macro-trends among all of our haystacks put together (Example: Which websites are most popular amongst high school take-home users across 100,000 students?) The following graph shows the in-school browsing pattern (top blocked sites) of a district that is one of our customers. The browsing behavior of the same cohort of users differs quite a bit as they go home:
  • 6. Facebook is by a long shot the most blocked domain at home. This shows that student behavior can vary considerably when they’re unsupervised. Security & Productivity Best Practices We now proceed to talk about several best practices we have learnt from our customers in the field. We have seen these being used time and again to create a safe learning environment while creating “buy-in” from all stake-holders (Administrators, Teachers and Parents) who are involved in signing off on a 1:1 rollout. Best Practice #1: Secure Search Turn on safe-search: Google, Bing and Yahoo support safe search on their respective search engines. A web-filter will need to pro-actively enable these safety modes. We recommend enabling safety modes on these three search engines while keeping all other search engines (Ask, Duckduckgo, etc) blocked. The top three search engines give students more than enough freedom to research on their class assignments. Safety mode can be enabled by simply appending a string at the end of the URL, as shown here:  Google: ?&safe=active  Bing: ?& adlt=strict  Yahoo: ?&vm=r Systems such as Dan’s Guardian and Safe Squid can be used to accomplish the above. Chromebooks can have the safety mode turned on for Google on the Apps for Education Admin Control panel. Redirecting encrypted search: In 2010, Google launched an encrypted version of its search engine that made SSL the default transport for all Google traffic. This was problematic for schools, as the Children’s Internet Protection Act (CIPA) requires that students be blocked and audited when trying to access inappropriate content. Blocking encrypted search was not really a viable option, since Google has become a de-facto tool in the 21st century classroom. Google has instead provided schools with a nosslsearch.google.com option. All SSL traffic bound for google.com can be intercepted by the web-filter and re-directed to nosslsearch.google.com. This ensures a seamless re-direct from HTTPS to HTTP. Additionally, encrypted.google.com needs to be blocked by the web-filter because the nosslsearch trick does not work for this domain by design. Keyword blocking: Even with safe search turned on, keywords that would normally be inappropriate (ex: those related to drugs or violence) for a K-12 setting are allowed by Google, Bing and Yahoo. To address this issue, we recommend URL based keyword blocking. Securly
  • 7. uses a keyword list of over 1000 keywords that has been carefully culled to avoid False Positives. This list can be built from publically available sources. We also recommend accounting for permutations of those keywords to address evasive behavior. For example, a student could type “h4(k1ng” instead of “hacking” or “a$$” instead of “ass”. Safe Image Search: Several of our customers have reported the following issue: Image Search is not safe enough with Safe Search turned on. Blocking image search is not an option since there are legitimate uses for this functionality. Our recommendation in this case is to turn on the “Creative Commons” filter that is supported by all major search engines. The idea here is to filter out all images except those tagged as being distributed under the “Creative Commons” license. We have found based on extensive empirical evidence that images with this license are for the most part appropriate for classroom use. Further, the filter can be turned on for students only while leaving staff unfiltered on image search. The following strings will need to be appended to image search URLs to turn on the creative commons filter:  Google: &tbs=sur:fmc  Bing: &qft=+filterui:license-L2_L3  Yahoo: &imgl=ccr Best Practice #2: Secure YouTube “So by enabling YouTube for Schools, you're limiting everyone's ability to see videos that aren't tagged as EDU or added to your own allow list. Then the list of people that are allowed to whitelist videos is something that you have to maintain manually” - I.T. Admin on Forum There is often a debate in schools about the use of YouTube, with common implementations falling into one of three categories: completely open access, YouTube for EDU, or altogether blocked. Allowing students to access a completely open YouTube can expose them to potentially inappropriate or distracting content. On the other hand, YouTube for EDU tends to be limiting, as teachers and admins are required to add one video at a time to their playlist. With the undeniable importance of YouTube as an educational tool, blocking YouTube altogether is not really a feasible option. The solution we recommend: YouTube Safety Mode.
  • 8. YouTube Safety Mode is a setting that, similar to Google’s safe search, hides inappropriate content when enabled. Videos that have been flagged as being inappropriate by users for a host of reasons will not be accessible in this mode. The following string will need to be injected into the Cookie header of a YouTube traffic flow in order to enable Safety Mode:  PREF=f2=8000000 What follows is a description of how two of our customers are using YouTube Safety Mode to achieve a conducive learning environment.  Webb City R-VII School District, MO: Have turned on YouTube Safety mode for in- school filtering. Since the district believes that home is actually a less supervised environment, they turn on YouTube for Schools for their 1200 Chromebooks when they go home.  Romeo Community Schools, MI: YouTube Safety mode has been turned on for both school and home for 3300 Chromebooks. The Safety Mode is used in conjunction with URL based keyword blocking to achieve a learning environment that is in line with community standards. Keywords that lead to inappropriate content showing up are blacklisted on an as needed basis. Best Practice #3: Secure Gmail “Monitor the safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications.” – Wording of the CIPA law (Source: fcc.gov) The CIPA law is clear in its intent. E-mail sent by students needs to be policed. Since most web- filters lack the ability to do this, schools normally end up blocking e-mail and chat. However, this is no longer an option with many schools turning to Google’s free Apps for Education (GAfE) suite as the foundation on which they base their 1:1 initiatives. Part of GAfE is of course – GMail – which students will need to use for a truly collaborative experience. The challenge here is – allowing students to use GMail allows them to log in with their consumer (as opposed to Google
  • 9. Apps) accounts. Consumer accounts cannot be policed and this opens the school up to liability. The problem is complicated by the fact that all GMail traffic is over SSL. Very few web-filters support the ability to decrypt SSL traffic. Securly recommends the following steps to secure GMail:  Intercept and decrypt GMail related SSL traffic. Achieving this normally involves pushing out root certificates provided by your filter vendor out to your end hosts.  Add the HTTP header X-GoogApps-Allowed-Domains, whose value is a comma- separated list with allowed domain name(s). Include the domain you registered with Google Apps and any secondary domains you might have added.  Archive GMail using an application like Vault. This makes all of the mail sent over your network searchable and keeps your school compliant. Best Practice #4: Delegate Web-Filtering to Teachers “Teachers need choice on when they’re ready to unblock as they teach students to use technology appropriately.” – Tanya Avrith, Google Certified Teacher. We see two “classroom-level” issues come up time and again in post-deployment scenarios:  Classroom Management: While this was a solved problem in a Windows-only world with applications like LanSchool, the product that we see used most often for a Chrome- heavy classroom is Hapara’s Teacher Dashboard.  Web-filtering policy: The advent of Common Core has meant that teachers have a great deal of control over the tools and websites that they use for classroom instruction. However, we believe that web-filtering policy (which is decided at the district level) has not kept pace with this trend. More often than not teachers who find an interesting resource during lesson planning end up finding that resource is blocked during classroom instruction. The only recourse is to file a helpdesk ticket. We believe that where possible, teachers should be allowed, and indeed encouraged to tweak the district’s web-filtering policy to suit the needs of their classroom. Best Practice #5: Don’t Just Block. Audit. "You can't change behavior that you can't see or connect to a specific user." - Tim White, Director of Technology at Webb City R-VII School District Based on our interaction with districts around the nation, we have come to the conclusion that for these districts, filtering is not just about achieving compliance or denying access to students. It is about:  Modifying behavior: Being able to teach your students responsible use of the technology that they’ve been given access to.
  • 10.  Figuring out how students are really using technology. Usage patterns and statistics can be used to bolster community buy-in for scaling your 1:1 program.  Tweaking policies to reinforce positive behavior. If the initial policy is stringent, you might want to use evidence provided by your audit logs to open up access. On the other hand if the policy turns out to be too lax and students end up spending more time than they should on distracting sites, you could use that evidence to keep them more focused on the task at hand. Best Practice #6: Take-home needs Filtering or Digital Citizenship The primary driver of the need for web-filtering is compliance with the CIPA law. Having said that, the law does not mandate filtering at home. Those of our customers who choose to filter at home do so because it aligns with the standards of their community. For school districts that choose not to filter at home, we do believe that a monitoring tool of some sort to be useful for the same reasons stated in the previous section: without monitoring, you have no idea if your 1:1 program is being put to good use and on the trajectory to do what it is really intended to do – raise student achievement. In the absence of web-filtering, we have found from empirical evidence that Digital Citizenship is an effective tool in encouraging appropriate use of technology resources. One example of digital citizenship as applied to 1:1 would be parents letting kids know that they cannot take devices with them to their bedrooms (an unsupervised environment). Many of the schools in our customer base do have programs in place that teach students appropriate use of technology resources. Best Practice #7: Layered Defense with Base Firewall Policy The following FireWall policies can be used with minimal effort to prevent the use of evasive applications and proxyies in your environment: Start out by keeping only ports 53 (UDP), 80 and 443 open on the egress and expand out from there. Generally speaking, DNS, HTTP and HTTPS are the only kinds of traffic you should see on the egress of your network. You could start from there and open up further ports based on user demand. Other protocols (RDP, FTP, etc) tend to be limited to your Intranet. Blocking the HTTP CONNECT method will deter proxy access. If you use DNS-based filtering such as Securly or OpenDNS, you can further lock down the DNS egress traffic to be limited to Securly/OpenDNS DNS IP addresses along with perhaps the clearinghouse DNS server used by the district. Likewise, if you are using a cloud-based proxy such as Securly or Zscaler, limit your HTTP CONNECTs to the IP addresses of Securly/Zscaler servers.
  • 11. Best Practice #8: Lock-Down Windows Devices with Active Directory In a Windows environment, you can prevent application installation by user group using GPO. Besides preventing the use of evasive applications, this has the added benefit of keeping malware off your network (and potential cost savings from not having to purchase anti-malware software for your Windows hosts). Best Practice #9: Lock-Down 1:1 Rollout with MDM We believe it to be self-evident that putting devices in the hands of your students without a way to manage those devices is unlikely to get favorable results for your 1:1 deployment. Generally speaking, Chromebooks use the Google Apps Admin Control panel as their MDM. For Windows based devices, Active Directory made it easy to push out Group Policies. The point of contention is mostly for iOS devices. The lack of a good option from Apple makes this the case. Common MDM options include AirWatch, Casper, JAMF and MobileIron. Several of our customers use Meraki’s MDM simply because it is a free and reliable option. Conclusion While there is no silver bullet in security, the best practices outlined in this document can not only secure your 1:1 deployments against exposure to unsafe content, but also keep students productive and focused on educational content and away from time sinks thereby allowing your school to achieve a higher achievement ROI on your 1:1 investment. About Securly Securly is a cloud-based web-filter that provides in-school and take-home filtering across all devices. For more information, please visit www.securly.com or email support@securly.com