Smoothwall News RSS Feed

Embracing BYOD

Tue, 07 Aug 2012 16:33:34 GMT

With more than 60,000 employees, Cisco Systems has embraced the bring-your-own-device (BYOD) phenomenon, defined as the burgeoning penetration of personal smartphones, tablets and laptops into the workplace.

Steve Martino, the company's vice president of information technology, says almost 60 percent of Cisco employees have at least one mobile device connected to IT services, not including laptops, and more than 15 percent have more than one handheld that they use for job responsibilities. In terms of the benefits of deploying such an environment, the costs saved by Cisco for not issuing the devices itself are last on Martino's list, which may be surprising to some.

Instead, employee productivity and engagement take the lead, he says. “Users who have the freedom of choice to bring their own device, are seeing about 30 minutes a day [of] greater productivity than those that are using devices they're not comfortable with,” Martino says. “I think it's comfort, it's familiarity and it's also time and place. Where and when they can use their device. Those are the two drivers.”

Like at Cisco, many enterprises around the world are finally taking note of the advantages that mobility adds to their business. By now, security professionals are quite familiar with the BYOD term, and while the wave of mobile devices flooding the workplace wasn't initially welcomed with open arms by those charged with protecting enterprise networks, it seems as though organizations at every level believe there's no choice at this point but to embrace it.

Many concerns revolve around the additional points of entry available for cyber criminals, increasing the likelihood of sensitive data extraction or creating disruptive scenarios that could be extremely costly for enterprises. And, with looming threats and an increasing number of threat vectors, security pros are faced with a big decision: to lock down or not to lock down. There are pros and cons, many say.

Threats are always present no matter which type of environment is deployed, says Lawrence Reusing, general manager for mobile security at Oakdale, Minn.-based data security firm Imation. He says it's only a matter of time before enterprises have to step up to the BYOD challenge at hand.

“At this point, I'd say that a significant proportion of enterprise and government organizations have accepted that BYOD is here now and is inevitable,” Reusing says. “They assume that it's necessary for organizations to support employee-owned devices.”

To continue reading click here.

Check out SC Magazine's BYOD Spotlight! - Good recommendations on preparing your network for the BYOD movement.

Mass Suspension at Pittsburgh School for Bypassing Filter

Wed, 08 Feb 2012 10:07:14 GMT

Dozens of students have been suspended for a day from a school district in Pittsburgh for using a program that allowed them to get around their school's Web filter. According to local news coverage, Brentwood Borough School District in Pennsylvania suspended at least 100 students after catching them using Ultrasurf, a free tool that allows users to bypass firewalls and make their online identities anonymous.

The school sent out letters informing parents about the suspension. Students also received 15 demerits and have been banned from using school computers for the next nine weeks.

Although school officials declined to comment to reporters, at least one parent was quoted in CBS affiliate reporting as blaming school personnel rather than her child for the infraction of the district's acceptable use policy. "Kids should not have been punished for this; they should have punished the person in charge of security; they should have been doing their job," she said.

As reported by the Pittsburgh Tribune-Review, one student, a senior and a member of the National Honor Society who was part of the reprimand, said, "I thought it was just a way to get my schoolwork done. I didn't know the severity or the consequences of using this."

According to district policy 815 regulating acceptable use of the Internet, disabling or bypassing the Internet blocking or filtering software without authorization is prohibited. Failure to comply shall result, the document states, "in usage restrictions, loss of access privileges, disciplinary action, and/or legal proceedings."

You can read Dian's article in full at The Journal

Note: Smoothwall's Guardian Web Security dynamically prevents proxy circumvention by students and employees.

In Love and Sharing Passwords

Wed, 08 Feb 2012 10:07:00 GMT

MATT RICHTEL of the NY Times has writen a great article on why giving your new love the keys to your on-line world might be a bit of a mistake ...

Young couples have long signaled their devotion to each other by various means — the gift of a letterman jacket, or an exchange of class rings or ID bracelets. Best friends share locker combinations.

The digital era has given rise to a more intimate custom. It has become fashionable for young people to express their affection for each other by sharing their passwords to e-mail,Facebook and other accounts. Boyfriends and girlfriends sometimes even create identical passwords, and let each other read their private e-mails and texts.

They say they know such digital entanglements are risky, because a souring relationship can lead to people using online secrets against each other. But that, they say, is part of what makes the symbolism of the shared password so powerful.

“It’s a sign of trust,” Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. “I have nothing to hide from him, and he has nothing to hide from me.”

“That is so cute,” said Cherry Ng, 16, listening in to her friend’s comments to a reporter outside school. “They really trust each other.”

We do, said Ms. Carandang, 17. “I know he’d never do anything to hurt my reputation,” she added.

It doesn’t always end so well, of course. Changing a password is simple, but students, counselors and parents say that damage is often done before a password is changed, or that the sharing of online lives can be the reason a relationship falters.

The stories of fallout include a spurned boyfriend in junior high who tries to humiliate his ex-girlfriend by spreading her e-mail secrets; tensions between significant others over scouring each other’s private messages for clues of disloyalty or infidelity; or grabbing a cellphone from a former best friend, unlocking it with a password and sending threatening texts to someone else.

Rosalind Wiseman, who studies how teenagers use technology and is author of “Queen Bees and Wannabes,” a book for parents about helping girls survive adolescence, said the sharing of passwords, and the pressure to do so, was somewhat similar to sex.

Sharing passwords, she noted, feels forbidden because it is generally discouraged by adults and involves vulnerability. And there is pressure in many teenage relationships to share passwords, just as there is to have sex.

“The response is the same: if we’re in a relationship, you have to give me anything,” Ms. Wiseman said.

In a 2011 telephone survey, the Pew Internet and American Life Project found that 30 percent of teenagers who were regularly online had shared a password with a friend, boyfriend or girlfriend. The survey, of 770 teenagers aged 12 to 17, found that girls were almost twice as likely as boys to share. And in more than two dozen interviews, parents, students and counselors said that the practice had become widespread.

You can read the full piece here at the NYTimes

SWURL

Thu, 05 Jan 2012 15:10:53 GMT

Conversely, we know that getting constant requests to unblock web pages gets pretty wearing for the IT guys - who themselves are running complex networks and under daily pressure to reduce costs and improve service levels.

Smoothwall’s deceptively simple SWURL web service allows network managers to devolve the daily management of personal block and allow lists to those most capable of deciding what is appropriate web content in the classroom - the teacher. The teacher is still filtered, monitored and controlled under the school’s/LA’s hierarchical policies but has the freedom to use the resources that they need without involving highly pressed non-teaching staff.

SWURL is an easy to implement solution that saves time, resources and not a little frustration.

Hybrid Networks

Thu, 05 Jan 2012 15:10:41 GMT

Neither solution in isolation is ideal - especially if your remit covers a mix of school, publicly accessible, administrative and operational networks.

Remembering that each network has specific user profiles with their own needs and web usage patterns - couple this with different management styles, legal and administrative requirements. The challenge of delivering a web experience that isn’t unduly restrictive (and conforms to the organisation’s policies) to individuals looks at first glance insurmountable.

The answer to this seemingly intractable problem is simple - mix both central and local deployments. Manage the systems centrally and devolve (where appropriate) control of policies to local management - a true hybrid web filtering and control solution.

Smoothwall Web Filtering + Security - delivered as a mix of software, hardware and virtualised

Smoothwall’s flexible deployment methods and device based licensing model allows you to deploy the solution that best fits your needs - and one that will co-exist with your existing infrastructure and policies. You can choose any mix of Smoothwall software, virtualised or hardware deployments to cover your complete estate - from small UTMs for outlying locations to full multi-thousand user data centre deployments and everything in-between.

Utilising your existing authentication you can manage policies for each user, group, and location - defining when and what they can access on the web, even for mobile and guest users.

Smoothwall Hybrid Web Filtering and Security Deployments

Benefits for Policy Makers

Centrally controlled impassable ‘red-line’ policies ensuring legislative requirements and organisational values are complied with
Operates highest recognised standards of filtering and e-safety for children (Department of Education (Becta) Accredited for Education Use)
Policy management with precise ‘who, what, when, where’ and device level control
Accessible
Detailed forensic and evidential quality logging combined with (non-technical) trend and usage reporting portal
Devolved policy management to non-technical staff

Integrated Home Office Anti-Terrorist / Illegal Content Blocklist
Integrated Internet Watch Foundation Blocklist
Fits British social and cultural norms - designed, engineered and supported UK

Benefits for Network Managers

Co-exists with existing directory services and authentication
Can be integrated into existing data centres and infrastructure
Scalable consistent deployment and implementation as software, hardware or virtualised service
All the benefits of a centrally hosted system with the flexibility of local deployment
Centralised systems management
Unified interface and technology platform
Devolved management of local policies
Licenced by maximum device count not by users,location or number of deployments
Dynamic web content analysis with advanced categorisation with daily updates
Active perimeter protection from web-borne viruses and malware (identity theft, botnets, trojans, spyware, encryption)
Filter public WiFi and guest devices on networks
Supports BOYD (‘bring your own device’) schemes with authentication against the local directory service via captive portal
Local support and advice - designed, engineered and supported in the UK

Benefits for Educators and Teachers

Dynamic web content analysis delivers safe content in the classroom
Operates highest recognised standards of filtering and e-safety for children (Department of Education (Becta) Accredited for Education Use)
Delivers proper access to diverse web resources
- YouTube/education
- Safe Search
- Social Media (when used in an educational context)
Manage and unblock uncategorised web pages without referring to IT support (by using the new SWURL feature)
Allows teachers to focus on teaching not the supporting IT

Benefits for Users

Appropriate and safe access to web for all types of user
BOYD (Bring You Own Device)
‘Light touch’ filtering with the right policy enforced at the right time
e.g. Facebook at lunchtime only

Google Encrypted Search

Thu, 05 Jan 2012 15:10:28 GMT

Many web filters (including Smoothwall) force the user to ‘safe-search’ - an effective way of ensuring that what pops up isn’t going to be offensive or inappropriate. So far so good - safe search results and no nasty surprises.

However, there’s a snag that may catch the unwary. The HTTPS protocol (which encrypts the web page between you and the server to stop interference) stops many web filters from intercepting full URLs or modifying the pages in any way. Ah! you say - that’s not really a problem for me or my students as we don’t use encrypted search. Sorry, but you probably do.

HTTPS on Google used to be optional, now they're changing it to be default. So the ‘safe search’ you once relied on now may not be so ‘safe’.

Smoothwall users don’t have to worry as we’ve been filtering HTTPS searches effectively for ages - our HTTPS interception allows us to inspect pages and remove dodgy thumbnails and content (but only if it’s actually turned on - if you’re not sure ask your IT support).

And, if your web filter can't do HTTPS interception, you'll need to say ‘thanks but no thanks’ to Google and it’s search engine - unless you like (unpleasant) surprises.

Read Only Facebook

Thu, 05 Jan 2012 15:10:13 GMT

There are literally millions of us who can’t help ourselves updating and posting when we should be doing something else at work or school. Help is at hand for those responsible for keeping us on the productive straight and narrow - with a couple of clicks they can help us break our addiction - at least when we’re supposed to be doing something else.

The office and classroom ‘No Facebook Here’ notices can be finally torn up and consigned to the recycling bin. The outright ban on school and organisation networks of our much loved (in most corners anyway) online playground can at last be repealed.

The clever bods at Smoothwall have engineered a way to make Facebook ‘read only’ - you can look but you can’t click - so you can keep an eye on your wall but not post anything. Except obviously, when your boss says it’s OK - at lunchtimes, before and after your work hours, in the rec room etc. It’s sort of a techie way of creating detente - the higher-ups get you to do what you need to be doing - and you don’t feel as cheesed off as you did when they banned it outright.

What’ll they think of next?

YouTube.com/education

Thu, 05 Jan 2012 15:10:02 GMT

Stumbling across the wrong sort of ‘Boobies’ and ‘Great Tits’ when giving a lesson on bird life in the UK would result in some upset young people and parents.

Thankfully the good people at YouTube have created a channel dedicated to education users - properly monitored educational content from reputable sources. There’s a catch though. YouTube is often blocked outright by your organisation's web filtering policies because picking out the right videos is a herculean task. Luckily, YouTube now offer a solution - but you need some clever tricks in your filtering to be able to access it!

With Smoothwall you can safely use your school’s YouTube channel (which contains your own library of pre-checked and authorised content) and safely browse and use entire YouTube/education videos without fear of coming across the wrong sort of ‘bird’. All without having to harass your IT support team to unblock individual videos.

Another nifty Smoothwall feature designed just for educators.

SWG-3600 & UTM-3000

Thu, 05 Jan 2012 15:09:49 GMT

Designed and built to deliver a stress free solution for demanding LA and school network managers they tick all the spec boxes. Reliable hardware based on Dell’s PowerEdge server platform, twin 6-core Intel Xeon processors with 12GB RAM and pair of 1TB RAID SATA disks and very fancy high performance NICs (plus optional go faster stripes and a big spoiler).

Couple the hardware with Smoothwall’s British designed, engineered and supported web filtering and security software and you’ve got a serious race ready package.

Smoothwall Guardian Web Security Appliance
With dynamic web content analysis (DfE/Becta Accredited), 'who, what, when, where' policy tools and filtering of HTTPS. Controls of: anonymous proxies, Instant Messaging, social-networking, blogging, file-uploads, P2P sharing, video and Flash files. Support for mobile devices#, YouTube education, read-only Facebook and BYOD (Bring Your Own Device) schemes. And, detailed reporting & live traffic graphs - there’s everything you need to protect your users, network and ultimately your organisation.

Smoothwall UTM Appliance
A fully featured firewall with External Attack Defence using Intrusion Detection System (IDS) and stateful and deep packet inspection. Internal Network Segregation to protect critical and confidential resources by internal zoning and segregation. Smoothwall DfE/Becta Accredited Guardian Web Security web access control and dynamic content filtering. Effective perimeter malware protection. VPN Gateway that can manage up to 500 secure gateways. WAN aggregation. Email security with anti-spam and phishing detection. Efficient load balancing for in-coming and out-going traffic across multiple internet connections including fail-over protocols. And, Internet Access Control with User Authentication.

Mobile Guardian for iOS, Mac and Windows

Thu, 05 Jan 2012 15:09:32 GMT

As the network environment is becoming more complex with iPads, iPhones, iPods as well as Windows laptops, Macs and other devices requiring access, the implications for not delivering a safe on-line experience when users are out of the network is becoming ever more apparent.

If users leave the protection of the school network with supplied hardware and are not properly controlled, filtered or monitored - what they get up to on-line may seriously impact on them and ultimately the school and it’s senior management team.

Smoothwall’s Mobile Guardian ensures that the organisation’s web usage policies can be easily deployed across Windows, Mac and iOS (and soon Android) devices and that they can be rigidly enforced when they leave the safety of their home network. Using a mix of technologies that are appropriate to the platform (such as forced proxies and local filtering) Mobile Guardian controls and logs all web use in line with the school’s policies.

As students and staff become ever more mobile with their IT Smoothwall can help you to ensure that their safety and security on-line can be maintained wherever they are.

Bring Your Own Device

Thu, 05 Jan 2012 15:09:18 GMT

King Canute had it easy.

Many students and teachers now have higher specification communications devices at home and in their pockets than they are supplied with on the school campus.

We all know that the lines between work, social and play are becoming blurred as they converge online. The constant pressure on budgets, curriculum, legislation, people and time will continue to increase - and, we are just at the start of the process. Education needs to keep up and help equip students for the change in the way we all live. King Canute had it easy by comparison - he only had to contend with the tides.

So, let’s get pragmatic. There are no silver bullets, magic spells or all encompassing one-click solutions to making online services safe for students and staff. Especially for the increasing number of private mobile devices that are appearing on your campus. Creating an environment that encourages your staff, guests and students to use a safe, filtered and reliable Wi-Fi service will reliably protect the majority of them. Those that want to go ‘off piste’ will - and there’s not much you can do to protect them, especially if they are using 3G or unfiltered public services.

Five simple steps to delivering safer guest network access

Step one. Provide good quality Wi-Fi to guests, staff and students
If it is cheaper than 3G, faster and not overly restrictive then the majority will use for every day web use. If they are using your service it can be tied to the school Authentication - and, most importantly your filtering and control policies.

Step two. Strengthen security at the perimeter
You can’t ensure that all devices that enter your guest network are clean and have properly maintained anti-malware. You can however protect the network using internal firewalls and use reliable anti-malware scanning of guest and user web traffic at the perimeter.

Step three. Use effective DfE / Becta Accredited web filtering technology
Over-blocking known safe content causes frustration - not blocking unsafe content causes distress (and potential litigation). Work with the best dynamic content filtering technology to reduce the risks. You can then deliver great service to your users which will help to keep them safely inside the fence.

Step four. Create ‘who, what, where and when’ user policies that encourage and reward responsible behaviour.
Design your Acceptable Usage Policies (AUP) to have clear rules - e.g. Facebook at breaks and before & after core hours - then everybody then knows where they stand, and what is and isn’t acceptable.

Step five. Review and update your policies as you go along
The web and your users behaviour changes constantly so you’ll need to fine-tune your service regularly. To do this you’ll need effective and easy to use reporting tools - from trends to individual users and sites - remember the old maxim ‘data isn’t information’ so a system that just spits out raw logs isn’t going to help you much.

The commercial bit. At Smoothwall we’ve already go a solution that brings together network guest access and ‘bring your own device’ schemes and firmly places them under your control. You can transparently authenticate your users, apply the right types of filtering policy at the right time and easily report on their activity. We’re specialists in education web filtering and control, we’re based in the UK and we’re nice people to deal with. If you are looking to protect your users and network we are a great place to start.

Cyberbullying puts pressure on teachers

Thu, 05 Jan 2012 15:06:25 GMT

Geelong Times - 07/11/2011

CYBER bullying is not just an issue for students, with schools and teachers increasingly under pressure to act on any report or face being sued.

Coulter Roache partner Martin Reid, who practises in workplace relations, said bullying did not have to happen in the classroom for the school to be taken to civil court.

He said both schools and teachers owed students a "duty of care" and could be held liable if they were aware a student was being bullied online by another student at any hour of the day or night and did nothing about it.

"The laws are effectively the same as personal injury laws," Mr Reid said.

"If somebody slips on water at the supermarket and suffers a broken hip, they can sue because the supermarket was negligent in cleaning up the water.

"It's the same if a student is being bullied on Facebook by a fellow student and the school is aware of it, but they do nothing about it.

"It's the general law of negligence ... you must establish there was a duty of care, that it was breached, the student suffered harm and the risk of harm was foreseeable, and the harm was caused by the breach"

Mr Reid said the rise in Facebook and other social media forums was making it increasingly hard for schools to monitor student behaviour.

He said it was important to remember teachers would not be liable if the bullying occurred outside school hours and they were not made aware of it.

In Victoria, there is yet to be a court decision in which a teacher has been held liable for cyber bullying between students.

However, Mr Reid said many schools were aware of the risks and had policies in place to deal with them ...

You can read the full article here

You can read detailed analysis of the issues raised in this article in Smoothwall's e-Safety Law in Education whitepapers that have been developed by the eminent lawyer Dr. Brian Bandey. You can also discuss many other related issues with fellow professionals in E-Safey in Education LinkedIn Forum.

Get Safe Online Week 2011

Thu, 05 Jan 2012 15:06:25 GMT

This week marks the 6th annual Get Safe Online week. For one week a year, this organisation remind both consumers and small businesses of the risks they face in everyday web usage.

eSafety practice extends requires more than a single solution, and can involve a change of philosophy beyond the keyboard.

The scheme is headed by The Home Office, The Central Sponsor for Information Assurance (CSIA), The Department for Business, Enterprise and Regulatory Reform (BERR), and the Centre for the Protection of National Infrastructure (CPNI) - with the backing of many industry sponsors.

Visit their site to find tips on IT safety and data protection, and learn how to protect yourself against viruses, phishing attacks, malicious spam, and more.

Visit their site at www.getsafeonline.org today. Stay safe.

What do Civil Servants Surf?

Thu, 05 Jan 2012 15:06:24 GMT

The BBC comes out top (pretty much as expected) with the usual suspects appearing in the top 100 - interestingly Facebook came low down (in at number 85 on the list of the top 1000). It does beg the question though of what do other government departments get up to at breaktime?

See the details here >>>

http://www.techwatch.co.uk

Freedom of Information request here >>

http://www.dft.gov.uk

Fake Google SSL Certificate

Thu, 05 Jan 2012 15:06:24 GMT

The fake Google SSL Certificate found in the wild in late August has serious implications which will take some time to surface - especially to web users in Iran.

However, the industry has acted quickly to shut down the threat with rapid updates from Mozilla, Google (and Smoothwall).

Lots of in-depth coverage here >>>

theregister.co.uk

blog.mozilla.com/security

googleonlinesecurity.blogspot.com

Smoothwall + VIPRE

Thu, 05 Jan 2012 15:06:23 GMT

Smoothwall has fully integrated GFI VIPRE™ anti-malware into the Guardian Web Security, UTM and Email Security product range. Smoothwall’s web content filtering already protects users against web-borne viruses and malware - the integration of the latest VIPRE engine will deliver dramatically improved, 3rd generation web security protection against sophisticated and developing threats.

Smoothwall CEO George Lungley commented: “The integration of VIPRE with Guardian is a key element in our strategy to provide a user web environment that is secure and safe without being highly restricted or being a burden to network managers. In our tests, VIPRE performed exceptionally well and the anti-malware engine itself is noticeably light on system resource usage.”

The VIPRE anti-malware engine is the culmination of years of experience and the latest development tools and ideas. It is certified by Virus Bulletin, OASIS, ICSA and WestCoastLabs – and importantly, it regularly outperforms many of the other globally recognized brands in on-going reactive and pro-active testing. By using a unique combination of heuristic and behaviour analysis along with ThreatNet™ user community intelligence and ThreatTrack™ data feeds, VIPRE delivers exceptionally high detection rates and fast updates for new exploits and zero-day threats.

SEO Poisoning

Thu, 05 Jan 2012 15:06:23 GMT

How does it work?

First. Take a trending topic; an on-line game, celebrity gossip, a news related issue, some 'talent' show tittle-tattle - it's even better if risque images or illegal downloads are involved.
If you're not up to date with pop-culture a quick look on Google trends will give you a good place to start.

Next. Create a few web pages on dubious hosts with innocuous sounding names.
Fill these with malware. Being the miscreant that you are, you've probably already done this step.
Now pump these pages chock full of keywords and (searchable) images relating to the chosen topic. Because the subject is relatively fresh, little search engine traffic exists on it so far - you have a red-hot chance at some virgin ground when it comes to search engine ranking.

So, now you wait.

Meanwhile, at a school nearby, 700 impressionable users wait to find out about their celebrity slip-up, or game download. 700 users who almost certainly don't yet have the experience to spot the honeytrap you've set up. 700 users behind a quality internet connection which is just perfect for your botnet, which you can now sell to even more nefarious characters further up (or down) the criminal food chain.

School Network Manager / SysAdmin - what can you do?

Implement serious pro-active anti-malware at your gateway. These are the latest threats and by their nature their attack is ephemeral and will have disappeared into the smoke (to reappear in a different guise) before the week is out.Hope for signature updates - it's a possibility they might arrive in time by fairy-post
Implement some search term filtering - not only will it help keep your students "on task" and not searching for games, or aforementioned risque jpegs, but it can also reduce your exposure profile when it comes to these kind of threats
Talk to Smoothwall - we know a bit more about this than most

BTW, I'm off to search for those pics of Christina Aguilera.

Tom Newton
Product Manager
Smoothwall

Smoothwall Becta Accreditation 2011

Thu, 05 Jan 2012 15:06:22 GMT

Becta (British Education Communications and Technology Agency) is now winding down its operations and passing key areas such as e-safety and ISP accreditation over to the DfE (Department for Education). It has now awarded its final round of Accredited Internet Product Provider certifications for web filtering products to cover the transitional period.

The Smoothwall Guardian Web Filtering product range has again achieved accredited status ensuring that the high standards required for protecting children in education are properly maintained.

The testing standard is rigorous; Smoothwall Guardian again passed and notably blocked an impressive 100% of content in the pornographic/adult category and over 90% of content in the other categories which consisted of: Pornographic, adult, tasteless or offensive materialViolence (including weapons and bombs)Racist, extremist and hate materialIllegal drug taking and promotionCriminal skills, proxy avoidance and software piracy

Smoothwall’s success is based upon Dynamic Content Analysis - a technology that screens the actual content and construction of web pages in detail, identifying and blocking objectionable material as well as dangerous hidden content. It also enables Guardian to detect and block the anonymous proxy sites used by students to evade web filters in schools. In addition, all of Smoothwall’s web filters incorporate blocklist content from the Internet Watch Foundation, which is updated daily.

George Lungley, CEO of Smoothwall stated; “Threats on the web are now more sophisticated than ever and pupils more at risk. The Becta standards and the accreditation process they created provided our industry with a solid benchmark on which to measure our performance. We are looking forward to working with the DfE on setting even higher standards in the future to protect our young people.”

About the Becta Web Filtering Accreditation Standards:

Accreditation is awarded to either managed internet services or internet products. Accredited suppliers are either: accredited managed internet services: these offer internet access and a range of internet safety services. Managed internet services are those provided by commercial ISPs, local authorities and regional broadband consortia. accredited web content filtering products or services: these supply specific solutions to ISPs and may be provided as a managed service to its customer.

Many of the internet services are jointly provided by commercial and public-sector organisations. For example, the telecommunication and internet access aspect may be supplied by a commercial entity, but the filtering of unsuitable internet content may be provided by a local authority. Becta web content filtering products and services requirements

A web content filtering product or service must meet or exceed the following requirements as a minimum under the Becta Accreditation of Internet Services. Internet Watch Foundation Child Sexual Abuse Images and Content (CAIC) list

It is a requirement of this accreditation that the Internet Watch Foundation CAIC list is implemented in all accredited products and services. Illegal content blocked

The product or service must block 100% of illegal material identified by the Internet Watch Foundation. Inappropriate content blocked

The product or service must be capable of blocking at least 90% of inappropriate internet content in each the following categories:

Adult: content containing sexually explicit images, video or text, the depiction of actual or realistic sexual activity
Violence: content containing graphically violent images, video or text
Race hate material: content which promotes violence or attack on individuals or institutions on the basis of religious, racial or gender grounds
Illegal drug taking and the promotion of illegal drug use: content relating to the use or promotion of illegal drugs or misuse of prescription drugs
Criminal skill/activity: content relating to the promotion of criminal and other activities
Gambling: content relating to the use of online gambling websites or information relating to the promotion of gambling and gambling advice. Changes requests to the filtered content
The must be a mechanism for an authorised member of a customer organisation to request amendments to the web content filtering service
The appropriate procedures must be in place to authenticate personnel that request changes to any part of the service. Security and virus protection

The service or product should include adequate protection against the following:

External malicious attacks
Viruses and trojans
Denial of service attacks
Email bombs and spam Support requirements
Support must be available through two channels: telephone and e-support (e-support includes email and or web based contact methods)
All support requests must be acknowledged within two working hours and assigned a unique reference number
A first attempt to resolve the support request takes place within the first four hours

Other areas that require compliance include system availability and capacity, service continuity, service management, customer service and requirements for Becta to have the appropriate access to any given service or product to enable monitoring evaluations to take place at any time during the accreditation period.

UK Schools Vulnerable

Thu, 05 Jan 2012 15:06:22 GMT

The SC Magazine article "UK schools extremely vulnerable to hackers, warn security experts at NGS Secure" has generated a range of interesting comments from industry professionals - many of the comments highlight the complexity and difficulty of operating networks in public sector and education environments - and the impact of politics and the media in such a sensitive environment.

SC Magazine

Internet Safety Day - 8 February

Thu, 05 Jan 2012 15:06:21 GMT

In connection with the Safer Internet Day1 on 8 February 2011, Eurostat, the statistical office of the European Union, presents a selection of statistics concerning internet security. The Safer Internet Day is part of a global drive to promote a safer Internet for all users, in particular children and young people, and is organised by INSAFE, a European internet safety network co-funded by the European Commission.

The data presented in this News Release have been collected from the survey on Information and Communication Technologies (ICT) usage in households and by individuals in the EU27, mainly carried out in the second quarter of 2010. More data on internet security and related topics can be found in the dedicated section on Information Society on the Eurostat website3.

3% of internet users suffered financial loss

In the EU27 in 2010, almost one third of individuals (31%) who used the internet in the 12 months prior to the survey reported that they caught a virus or other computer infection4 resulting in loss of information or time during this period. The highest shares of internet users who caught a virus or other computer infection were found in Bulgaria (58%), Malta (50%), Slovakia (47%), Hungary (46%) and Italy (45%), and the lowest in Austria (14%), Ireland (15%), Finland (20%) and Germany (22%).

Among the individuals in the EU27 who used the internet in the last 12 months, 4% reported that they suffered from an abuse of personal information sent on the internet and/or other privacy violations4 in this period, with the highest shares in Bulgaria and Spain (both 7%), Italy and the Netherlands (both 6%). In the same period, 3% of internet users in the EU27 suffered financial loss due to phishing or pharming attacks or fraudulent payment card use4, with the highest shares recorded in Latvia (8%), the United Kingdom (7%), Malta and Austria (both 5%).

In 2010 in the EU27, a large majority of individuals (84%) who used the internet in the last 12 months stated that they used an IT security software or tool4 to protect their private computer and data. Among the Member States, more than 90% of internet users in the Netherlands (96%), Luxembourg, Malta and Finland (all 91%) used IT security software, while it was less than two-thirds in Latvia (62%), Romania (64%) and Estonia (65%).

Use of parental control software remains limited

In 2010, 14% of individuals in the EU27 who used the internet in the last 12 months and live in a household with children had a parental control or web filtering software4 installed. This share was highest in Luxembourg and Slovenia (both 25%), followed by France (24%), Denmark, Austria, the United Kingdom (all 21%) and Finland (20%).

Of the individuals in the EU27 who used the internet in the last 12 months and live in a household with children, 5% reported that they experienced children accessing inappropriate websites or connecting with potentially dangerous persons4 while using a computer within the household. The highest shares were recorded in Italy (11%) and Latvia (9%). It should be noted that this indicator only represents the share of individuals who became aware of this problem and thus it may underestimate the real figure.

Read the rest of this article here