I'm developing some workshop curriculum on the topic of Internet safety for the purpose of helping parents protect their kids. I'm good on the issue of helping parents control their home computers but I'm not very up to speed with how educational institutions configure the laptops they provide to students where (I assume) parents will have less control over configurations, specifically with regards to Internet access. Obviously parents can set general usage rules in the home such that they can watch their kids while using school-provided laptops, but what about when the kids aren't at home?
Some specific questions I have are:
- How will K-12 schools typically configure student laptops for Internet access?
- Are students typically allowed to connect to any given WIFI, or do they maybe restrict it to the student's home network?
- Is Internet usage logged/monitored by the school outside of the school's network? Via a client-based monitoring package or something?
- What is a typical internet usage policy at a K-12 school
EDIT:
Thanks for the info so far! I'm really looking for some info where students are allowed to take laptops home, or where they're purchased through a school program for classroom use. Anyone support this type of thing that can shed some light?
Most schools in the states fall under federal regulations that say that if you want XYZ funding, you're required to filter all access. Other schools filter just because it's asking for less litigation.
So...at our schools, students grades 5+ have their own accounts that they use to log in. The school laptops in buildings where we have them are configured such that they connect to a wireless network with WPA encryption via policy, so no laptop user can walk in off the street to connect to the network that gives special access to our printers and such.
We have a separate "public" wireless network that asks for a quick login and follows restrictive access at the firewall with the most restrictive filtering in place.
We don't have laptops that are taken home. They're all supposed to be used in-building.
Monitoring connections is only done at the filter. It logs all access automatically so access is tracked by username. Policies dictate that if the account is used to try accessing restricted sites, that user is held liable, so NO SHARING PASSWORDS. Doesn't always stop them, but some people have gotten into trouble for this.
Policy also says that the technology isn't for personal use and access is to be education-related. There's a lot of leeway though. Generally if it's not causing problems (sucking bandwidth, caught trying to bypass the filters, etc.) then there's not enough manpower to pursue hunting kids playing some stupid flash game during study hall. Most schools are way too understaffed and overworked to pursue people that aren't causing ripples.
You might be able to find policies posted on the websites for several school districts.
This doesnt directly answer all of your questions, but I think it will be useful.
I think schools and libraries are eligible for certain funding if they are CIPA compliant. This basically means running a CIPA compliant web filter. OpenDNS is CIPA compliant and can be config'd fairly easily on any machine. You could use SteadyState restrictions to prevent thwarting the web filter...
The company I work for has a product which fits your requirements nicely (there are several schools using it already). The product is called Sonar, and the product website can be found here.
Do keep in mind, that I'm biased as I work on the product, and they do pay my salary.
You may wish to consider whilelisting, instead of "blocking". If a site should be whitelisted, it can be added, but otherwise they're inaccessible.
Along with OpenDNS, Squid can be configured as a whitelisting tool.
The GPOs we have at work, for example, are uneditable at the machine level - all browsers have to go through the corporate proxy.