Excerpt reprinted with permission from 1-TO-1 LEARNING: Laptop Programs That Work, © 2006, ISTE ® (International Society for Technology in Education), firstname.lastname@example.org, www.iste.org. All rights reserved.
Adding a laptop program will greatly increase the complexity of managing your network. It will probably require adding technical staff, and it will definitely add to the workload of your technology department. Planning for these logistical challenges is crucial to the long-term success of your program.
The following are some basic computer network issues to consider when planning for 1-to-1.
By now, most schools are using some sort of firewall to block ports and secure their network from unauthorized access or use. However, 1-to-1 will put added strain on your entire network, so it’s best to review your current firewall to be sure it’s up to the task.
For instance, if you don’t want students to be able to use instant messaging during the school day, have you blocked all of the ports associated with IM? IM can “jump ports,” so you may need to consider multiple measures, such as a firewall appliance, software solutions, or locking down workstations. Some of the most popular firewall appliances used by schools include Packeteer, Barracuda, and SonicWall. All of these products have their pros and cons, and they may or may not be compatible with your network architecture, so do your homework and choose carefully. As always, your most valuable asset will be a well-informed network manager who keeps up with security trends and emerging threats.
Do you have, or plan to have, Voice over Internet Protocol (VoIP) running on your network? If so, be aware that a variety of new threats are specific to this technology, and your firewall needs to be robust enough to handle them. Be sure that the company you choose to install your VoIP products will provide you with specific security advice and protection so that outside IP-specific attacks cannot get through.
Do you run an anti-virus program automatically on all of your computers? How are program and virus definition updates managed? While it’s fairly easy to administer a virus protection program for all school-based workstations, it’s more difficult to make sure student laptops that log on and off the network at odd times during the day are similarly protected and updated. At Peck, we have our anti-virus software set to automatically update during the day, and generally this doesn’t intrude on schoolwork
The timing and management of anti-virus updates are important issues to consider. You’ll need to determine what level of inconvenience users are willing to tolerate. You may be forced to make some tough decisions here, balancing the need to limit disruptions and downtime with the need to protect your data and network resources.
Other Network Security Issues
How have you balanced the security needs of your network with the needs of your students and faculty to use their computers as fully as possible? If, for example, you want to control students’ ability to install programs on their laptops and stop certain system functions, can students still go home and use their laptops with their home Internet connections? If you’re giving students 24/7 access but drastically limiting their ability to research through the Internet and download files, are you crippling the laptops’ usefulness?
There are certainly different schools of thought on this. Several of the schools interviewed for this book “lock down” their student laptops, preventing students from changing any configurations or adding software. At The Peck School, we originally went this route, too, but we found it too cumbersome and limiting, especially since we wanted to encourage students to use their laptops at home. While we do risk students making problematic changes to their computers, it’s a fairly simple matter to reimage the computers as needed and start all over.
Are security configurations regularly checked to make sure they’re set and working the way you want them to? Many security products default to a security level that’s either too high or too low. Tweaking these levels to respond to user needs and complaints will often be necessary, and this should be done several times a year.
Do you run a remote desktop product to check on network activity and computer use? We do this at Peck, and it’s been quite useful as a monitoring tool. For instance, when students are working in groups, teachers will use the remote desktop utility to check their students’ screens to be sure they haven’t wandered away from the subject at hand. Other schools use ARD (Apple Remote Desktop) and similar products to both monitor appropriate use and check on student progress on assignments and projects. This unobtrusive approach to offering formative feedback and advice precisely when it’s needed works especially well with adolescents, who often want to save face and not ask for help in front of their peers.
Do you have an SMTP gateway that scans your e-mail for viruses and spam? Have you set it up to filter both incoming and outgoing mail? We typically think of security threats coming from the outside, but if any of your laptop users has “caught” a worm or Trojan horse, he or she may unknowingly be sending out viruses or worms to others.
Does your Internet Service Provider (ISP) offer any anti-spam or anti-virus protection? This seems to be a growing trend and can provide another layer of security. At The Peck School, we have two levels of security: a Symantec SMTP gateway and Trend Micro’s security products running on our ISP’s T1 connection.
Is your e-mail set up to allow downloading and uploading of attachments? Provided your other security components are in place, this is usually safe and is an excellent way to get around defective floppy disks and CD-ROMs that aren’t readable. Students can simply attach files to e-mails and send them to themselves or their teachers, going back and forth from home as needed. You may have to establish size limits on attached files and also block the uploading of certain types of files, particularly executables. There will be a fine balance required here, however: too many limits will make it difficult for users to get their work done efficiently.
Internet Proxy Servers and Filters
Do you use a proxy server? Your laptops will most likely connect to the school network through a proxy server. You’ll probably need settings for both home and school. At Peck, we’ve set up Home and School Internet connections on our iBooks. Macintosh’s Safari is smart enough to know the difference and provide the proxy settings at school and not use those settings at home when Home is checked. Our network manager and technical support specialist make sure the settings are created and then adjusted over the summer so that the laptops will work seamlessly once the students get them in the fall.
Do you filter your Internet access? This is a federal requirement, so most districts do. How often is your filter updated? Do you also log everyone’s Internet use? At Peck, we use Symantec’s Enterprise solution, which includes an SMTP gateway for all e-mail traffic and Web content filtering. Since we’re a K–8 school, we believe our students need this kind of protection. I’ve also used Websense to filter Internet content. Both products are easy to configure and update and allow users to prevent or allow specific Web addresses as needed. This means that if a teacher wants to use a particular Web site that for some reason is filtered out by one of our categories, we can add that site to our “safe” list. Many similar filtering products are available on the market.
Passwords and Privacy Issues
How are you keeping your data secure internally? This means making sure no one can see anyone else’s files. Password protection and user grouping are two ways to protect data. At Peck, we assign teachers and administrators to groups and then allow those groups to get “rights” to certain files on the network. Users can see their own personal files, but they can only see other people’s files when they’ve been given permission to do so.
How often are passwords changed? Do you allow short or long passwords? Can people reuse old passwords? Are letter and number combination passwords required? At Peck, passwords for e-mail, the network, and Internet access are all in effect. Since we’re multiplatform (our laptops are Macintosh, while most of our servers are Windows), we haven’t implemented, and prefer not to use, a one-password approach. This means users have to remember and input multiple passwords.
Some schools and districts have used LDAP (Lightweight Directory Access Protocol) to simplify access to all servers, but Peck hasn’t done this and has no LDAP-accessible applications. With an LDAP solution, users logging onto your network need just one password, instead of several, to gain access to all services. When applications are LDAP-compatible, they share the password. It’s like having a master key for all the doors in the building. Without this solution, students and teachers must input separate passwords for different resources: a password for the network, a password for the Internet, a password for e-mail, and so on.
Have you addressed FERPA (Family Educational Rights and Privacy Act) with regard to your network and electronic data? Check out the following site to learn the FERPA guidelines you need to consider: www.ed.gov/policy/gen/guid/fpco/ferpa/index.html. In general, FERPA guidelines require schools to make sure that only teachers and administrators who need to access student data can do so. Student records are password-protected and locked away from inadvertent viewing. You may have to check the access rights of your network groups to make sure they are in compliance with FERPA.
How much storage space per user is allowed on the network? If you allow too much, you may find the temptation to save inappropriate files too great for some.
Our approach at The Peck School is to start everyone off with 100 megabytes and add more storage based on requests. When teachers and students are working on videos, we have in the past given them more. Lately, however, we’ve decided it makes more sense to have users save video files to their own hard drives and then burn them to DVD or compress them with QuickTime and save on a CD. It’s an issue we continue to grapple with, and most likely we’ll have to go to larger storage options in the future. iMovies have really taken off as an educational vehicle, and that means you’ll need more storage for these big files.
Is everything on your network backed up regularly? While you don’t need a daily backup of every single file, you do need your entire network backed up on a regular schedule. If applications and databases aren’t regularly backed up, a reinstall in the event of a server crash will mean a reconfiguration of all of them. This will require you to restore all program updates and possibly many months of records and changes (if these records and changes are even recoverable).
Have you tested your restore lately? Even if you back up regularly, you need to test the restore of these files to make sure your backup is running reliably and the restore feature works. You’ll have to consider your network and bandwidth here. Peck’s solution is to make sure everyone backs up files to the network. We don’t back up on the fly or during the day when wireless files are going back and forth. We back up about 2 a.m. when no one is on the network and there’s no wireless activity.
Blocking File Types and File Sharing
Do you block certain file types—such as MP3s and other media and game files—from being freely passed around your network? This is a big issue and deserves careful consideration. At Peck, we do allow students to download legally purchased music to their computers. However, if any of their music, or any other files they may have downloaded, causes the computer to crash, only the normal applications will be reinstalled when the computer is reformatted. It’s a fine line. We want our students to “own” their computers, but we also want them to understand that the primary use of their laptops should be school-related.
Do you block the sharing of hard drives on your network? If you allow this sharing, or simply don’t monitor it, you may find students setting up their own peer-to-peer file sharing system to pass music files back and forth. You should block or turn off this feature unless there’s a compelling educational reason to have it available.
Are all your mission-critical software products regularly updated? Is a log kept of this information? Are there special authentication issues related to laptops used in more than one network environment? There should be a regular update log and approach that can be accessed and viewed by your technology department, and more than one person should be trained on how to do these updates.
Tech Support and Maintenance
What’s your priority—your network or your laptop users—as far as support and maintenance is concerned? The answer may seem obvious, but there will be times when you have to make this difficult call.
For example, what if a critical network update becomes available during the middle of the school day: do you shut down the network right away to install it, or do you wait until most users have logged off and left the school building? At the schools where I’ve worked, we’ve almost always chosen the needs of computer users over the network. It’s important that your teachers know they’re your priority even when you have to make a call now and then in favor of the network. You want technology to support the learning, not keep the learning from happening just to save time.
Pamela Livingston has held computer support positions at Pan American World Airways and Chemical Bank and served as a project leader at PC Magazine Labs and a technical editor for PC Sources Magazine. More than a dozen years ago, she turned to educational computer support, and in 2002 became head of technology at The Peck School in Morristown, New Jersey.
To purchase 1-to-1 Learning: Laptop Programs That Workclick here.