Previous post
Posted on: 10 November 2016
Author: Corbel
As mentioned in part one of this article, new Keeping Children Safe in Education (KCSIE) statutory guidance became statutory on September 5th, 2016 and in the second part of this article we’re going to detail out a solution from one of the three firewall/content filter manufacturers that has the correct signatures in their filter to meet the new guidelines. This actual solution is unique in that it is also the only one that is a complete Unified Threat Management (UTM) solution, so the all the relevant components are in place and just need configuring to your particular setup. This is effectively a one-stop solution that meets the new Government guidelines.
Built around the renowned SonicWALL Next Generation Firewalls and FastVue reporting software, it is able to provide a complete, powerful and easy to use solution using class-leading technology. The SonicWALL and FastVue solution is designed to exceed the baseline requirements of KCSIE. By providing integrated web filtering, application control, SSL inspection and anti-malware along with extensive reporting and monitoring, this solution is able to offer exceptional security and performance to any education setting.
SonicWALL has developed fully integrated security appliances delivering everything you need to protect your network for over 20 years. All SonicWALL security appliances feature deep packet inspection firewalls, which act as the first line of defence against security breaches. Integrated SSL/IPSec virtual private networking (VPN) delivers a secure and affordable means of connecting remote locations or staff working from home.
All SonicWALL Next Generation Firewalls provide the same level of security and offer the same suite of security services. This ensures a scaleable solution that fits both technical requirements and budget constraints. From the smallest pre-school to the largest academy or college there is a solution that fits.
SonicWALL content filtering solutions (CFS) offer the most affordable way to protect your students from harmful and inappropriate web content. CFS is ideal for schools and colleges looking for a cost-effective, integrated solution. Running on all SonicWALL network security appliances, CFS features a continuously updated, comprehensive database of over 4 million web sites, domains and IP addresses. With the inclusion of both IWF CAIC and the Home Office terrorism lists, you can be confident students and staff will be protected from the worst content on the Internet.
CFS provides a comprehensive list of 50+ website categories, including all those appropriate to KCSIE such as radicalisation/extremism, drugs, pornography, hate/violence and illegal activities.
Flexible policy design allows for age appropriate filtering and granular control without over (or under) blocking. Integration with Active Directory (AD) means appropriate filtering policies can be applied based on user and user group, enabling individual users to be identified through their AD/LDAP credentials.
Advanced features such as password override mean a teacher can bypass a blocked site for a given period thus avoiding disruption during a teaching session. Policies can then be updated, for example inclusion in a custom allowed list for permanent exceptions.
Other features include custom categories, custom allowed/blocked lists, bandwidth management based upon website category, multiple customisable block pages and confirmation page (logged acceptance before accessing a particular site). See example in figures 1.
Blocked website “Splash” screen messages can be customised in order to refer students/staff back to the online safety acceptable use policy, creating awareness along with enforcement (see figure 1).
Educational establishments can seize control over the Web sites students can access using their IT-issued computers even when roaming and accessing the internet from outside the firewall perimeter. The Content Filtering Client addresses safety, security and productivity concerns by extending the controls to block harmful and unproductive Web content. Supported platforms include Windows, Mac and Chromebooks.
Harmful and Illegal web content often lurks deep within social media sites such as Twitter, Facebook and YouTube. Some Schools will simply not allow social media applications to run, however YouTube for example is a Google owned company and has some excellent resources for learning, therefore often the filtering policy will need to be flexible.
Many websites (including Google) are now utilising SSL encryption (HTTPS) as standard, to safeguard personal information when accessing them. Current research shows approximately 25-40% of all web traffic to be SSL encrypted and without the ability to inspect this traffic, your solution is effectively blind. More concerning, is that without inspecting deep inside the content of encrypted streams, filtering policies will fail to correctly identify harmful and illegal content embedded within trusted social media sites and access may not be blocked. SonicWALL Deep Packet Inspection for SSL (DPI-SSL) allows its users to safely inspect encrypted traffic. Once decrypted, all security services such as CFS and anti-virus can be applied, as per normal unencrypted connections.
Flexible controls ensure “trusted” sites such hosted applications can remain un-inspected to ensure maximum performance.
SonicWALL gives you complete application visibility and control over which applications are being used on the network, by whom, the bandwidth they are using and what priority they have over your network’s valuable bandwidth.
To include additional layers of protection in your network, simply add one or more security services, such as anti-virus, anti-spyware and intrusion prevention, application control or advanced threat protection (ATP/sandboxing). These services run seamlessly on your SonicWALL security appliance under a unified management system. And with everything coming from one source, you won’t run afoul of complications that pop up when multiple solutions from different vendors don’t work well together. It all adds up to lower total cost of ownership.
FastVue provides the ease of use, visibility and monitoring necessary to achieve compliance with the new KCSIE guidance by ensuring policies are being correctly applied and to alert on potential infringements. As a software solution, it provides for flexible deployments across physical or virtual environments.
Designed to work specifically with SonicWALL network appliances, FastVue have spent many years developing a simple to use reporting and monitoring solution that delivers clear and concise information, that is easy to interpret for ICT, non-ICT staff and Inspectors alike.
Combining a real-time view of exactly what Internet activity is taking place and historical data, we deliver a reporting and monitoring solution with the ability to alert, block and report, on users searching for illegal or inappropriate web content. Additionally, the system offers clear historical information on the websites visited by your users.
Having reporting intelligence easily accessible allows for any education setting to quickly establish it is meeting all legal obligations and its own risk-assessed policies are being applied appropriately. Configurable alerting allows for instant notification of policy infringement or notification for specific activities which may be undesirable.
Each and every school and college in England will need to comply with the new KCSIE statutory guidance and as a result fresh expectation is placed upon those responsible for safeguarding, who, with no additional financial support from Government, will now need to demonstrate much more rigour around online safety policy in order to keep children safe and to pass future inspections. Decisions also need to made around what level of web filtering and monitoring is “appropriate” for each educational setting. This will depend upon a number of factors including the assessment of risk, budget and ICT expertise. The SonicWALL/Fastvue solution detailed above places flexibility and control back into the hands of those responsible for online safeguarding. It is granular enough to enforce and inform without hindering learning and delivers reports and alerts to designated safeguarding leads (DSL’s) to facilitate decision making, according to policy or passed to inspectors who will want to understand how illegal and harmful content is blocked to internet users.
This results in a key cornerstone of the online safeguarding policy being delivered that provides compliance with KCSIE (depending upon needs/risk) and most importantly a safe online learning environment for children and young people.
If you are interested in finding out more about content/web filtering and how you can approach protecting your students online, please give our education team a call on 01473 241515, or use our contact form on our website.
Previous post
Next post