by David Colarusso - March 14th, 2007
Since I last blogged about refresh and censorship, things haven’t gotten any better. Our security was compromised, resulting in the posting of our students’ names, logins, and passwords on the web. I still don’t have a login, and the entire school network went down today. Unfortunately, our new contract with BT requires that all service go through them. So our senior management has been leaving phone messages all day long. That’s right, they couldn’t reach a real person. As of this afternoon, there was still no reply. We should have staff on site with the permissions and knowhow to handle these issues when they arise. Unfortunately, the BT contract precludes this.
In the Firewall’s Chill, I proposed five operational guidelines for school networks, and today I really wish we had two of them in place. Unfortunately, I also realize
are needed. It’s like the “warning contents are hot” text on takeout coffee; sometimes you’re amazed at people’s staggering lack of common sense.
After talking to some students, I think the password breach was probably the result of a teacher leaving their desk and failing to log out. So I suppose one should add the guideline “Have all publicly-accessible terminals lock themselves when left idle.” This is where my third guideline, “Allow users to choose their own passwords,” comes into play. Hard to remember passwords lead users to write them down, and they also make the process of logging in a chore. People are
likely to lock their desktop/logout when the process of logging back in doesn’t cause a hassle.
I don’t know if the network issue is being looked into, and I really wish I had a way to. Whether or not I can access files tomorrow influences what my lessons will look like. As is, I’ll have to walk in with two plans, and I have no idea when things may be fixed. Even though I couldn’t access the web from school, I can from home. This is where I wish we were following my fifth suggestion “Maintain a Local Status & Maintenance Blog.” However, there might be an email explaining things. I should check my inbox. Oh wait, we can’t access work email off site. I think that should be another rule, “Allow users to access email off site.” I’ll save this rant for later. ;)
Now here’s the mind boggling lack of common sense. Wait for it… Our students’ logins are based on their national qualification IDs. That’s right, it’s like assigning social security numbers as logins. Man that was a smart decision.
Alright then, I have to head off to parents’ night now. That should be fun. All the room assignments and such were stored on the network, and the business manager was running around like crazy this afternoon working from paper and memory. Also, most teachers house their students’ marks on the network. On the up side, it should make for interesting conversation.