[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [school-discuss] What should school firewalls keep in/out?





For me, port blocking is more about bandwidth control than content
control.  I like traffic shaping and I do use it as well, but it is not
sufficient in my situation.   I have schools with 200 computers sharing
128Kb/s frame relay connections and schools with 60 computers sharing
56Kb/s frame relay connections.

The policy at my schools is that _all_ outgoing ports are blocked with the
exception of ssh between schools and pop and smtp access to our mail
server.  All browsing access is done through an authenticating proxy
server.  Downloading large files during instructional time is considered
offensive behaviour.  Logs from the proxy server are browseable by the
school administration in real time, and students can be denied access in
real time.  In addition, zones within the school can have internet access
enabled or disabled in real time.  This allows a teacher to disable
internet access to a lab while they are working on an offline project. 

It's draconian and I'm sure there are people here who think it's
overboard, but I believe it is necessary in my situation.  People should
remember that this is a school network, _not_ a public network.  If you
want unfettered access to the Internet, go home, and hope you have
liberal parents. :)

I use traffic shaping to ensure that interactive protocols (ssh) and mail
traffic get priority over surfing traffic.

Steve Tonnesen
Network Administrator
Coast Mountains School District