Last week, a parent installed some internet filtering software on his son’s school-owned computer. His son is 11 years old, and has just started discovering, you know, the internet that 11 year old kids find. Unfortunately, the software the dad installed conflicted with our pre-installed AV software, Kaspersky. The son, perhaps being less than 100% honest, told us he needed to install some printer drivers. Normally students can do this without any intervention on the part of IT. However, we noticed we couldn’t install the software.
After spending the requisite 15 minutes trying to install the software, we realized we couldn’t get around the dad-installed software, so we re-imaged the machine. The son came back a day later with a clean machine, the printer drivers installed, but no dad-installed software.
The dad is, quite understandably, pissed. Our current blocking strategy is to restrict DNS queries to our internal DNS or to an outside DNS service (openDNS). We block any DNS queries that don’t go to one of our approved dns servers. Inside our school, we feel fairly comfortable that “joe average student” can’t access unauthorized content. Even so, we monitor network traffic carefully. But outside of school, students can change DNS settings and access inappropriate content (for a whole lot of reasons we grant student admin access on their laptops, so we can’t easily block access to dns settings).
What could we do differently, better?
I think the real challenge here is how can we support parents to block according to their standards? Some families will want very strict blocking, and some not at all. My take on this is to help parents understand how to use router-based filtering. Unless you child connects to another unsecured wireless network, the best place to block is at the router.
Next up: a list of resources to help parents control their wireless connection
Published on Friday, December 17, 2010 (8 years, one day, and 18 hours ago). Posted in: Educational Tech Security