Computer Security - school network email security

11-16-2003, 04:37 PM

I work in a school where they have installed a new network. The email is now
web based and we cant use outlook etc to handle our email. The reason we are
given is;
"I am also surprised that you would want to allow the use of an unfiltered
email client in your classroom particularly in light of Government
guidelines to schools on internet safety."

I am after two bits of information
1. Is there any truth in the above statement?

2. Does your school let you use outlook etc?

thanks
roy

--
www.island-artist.com art from the western isles

Misterroy

11-16-2003, 04:57 PM

In article <bp893o$koa$>,
says...
> I work in a school where they have installed a new network. The email is now
> web based and we cant use outlook etc to handle our email. The reason we are
> given is;
> "I am also surprised that you would want to allow the use of an unfiltered
> email client in your classroom particularly in light of Government
> guidelines to schools on internet safety."
>
> I am after two bits of information
> 1. Is there any truth in the above statement?
>
> 2. Does your school let you use outlook etc?

Roy,

They have a point, but it's misguided - A properly configured firewall
can strip out attachments that contain any virus.

You should ask them if they filter web content - not just the sites, but
the active-x and other scripting parts or if they just filter for porn.
If they are not blocking active-x and such they are just as exposed as
with email.

--
--

(Remove 999 to reply to me)

11-17-2003, 03:26 PM

"Misterroy" <> wrote in message news:<bp893o$koa$>...
> "I am also surprised that you would want to allow the use of an unfiltered
> email client in your classroom particularly in light of Government
> guidelines to schools on internet safety."
>
> I am after two bits of information
> 1. Is there any truth in the above statement?

You might want them to qualify that statement. Certainly there are
benefits to a controlled Internet connection in schools to protect the
students from the unsavory component of the Internet, but I don't see
how they equate student security with removal of a POP client.
Outlook Express certainly is among the more vulnerable email clients
on the planet, but it isn't the only one.

> 2. Does your school let you use outlook etc?

I'm not an educator (hat's off to those who are), but I email my
daughter's teacher regularly. I just checked the headers on the most
recent message and it appears the teacher is using an email client.
Specifically, Internet Mail Service (5.5.2657.72). I may be wrong,
and the teacher is using a web-mail solution that feeds IMS.

You may have no choice but to accept the school's policy, but they are
also taking on the responsibility of supp0orting your address book
and, more importantly, your mail storage space. If they begin telling
you that you need to purge some mail to reduce the size of your inbox,
send it back with a request to increase the mailbox size. Justify the
storage of that mail (can't pull it offline for local storage, etc.)
and insist they increase your quota. Eventually, and as long as all
mail users on that network do the same, they may reconsider their
decision and again allow pop clients.

If and when they do consider POP clients, suggest to them that
alternative software be approved for use. Instead of using Outlook,
suggest that Mozilla, Pegasus, Eudora, or any other capable package,
as a safe alternative.

11-18-2003, 12:04 AM

Given sufficient resources, your recommendations might be reasonable. Since
the poster didn't supply a full and detailed outline of the security
concerns, available resources and budget...it seems a little presumptuous to
attempt to dictate to his IT department what should and should be available.

Most schools get wired by government grants or donations, if the IT
department ... after looking at their budget... makes a decision to limit
user resources, for the benefit of the entire system...being able to keep
your months old or years old messages and downloads may be a luxury they can
no longer afford. What may be a better idea to offer a plan to update the
system, including requisite AV, ID and web filters, instead of assuming the
IT dept. just wants to be difficult.

Most IT departments understand they provide a service, but with that
responsibility comes a requirement to balance the needs of all users not
just those that are at one extreme or other. They need to answer to the IT
manager, not every disgruntled user who feels slighted or constrained.

<> wrote in message
news: om...
> "Misterroy" <> wrote in message
news:<bp893o$koa$>...
> > "I am also surprised that you would want to allow the use of an
unfiltered
> > email client in your classroom particularly in light of Government
> > guidelines to schools on internet safety."
> >
> > I am after two bits of information
> > 1. Is there any truth in the above statement?
>
> You might want them to qualify that statement. Certainly there are
> benefits to a controlled Internet connection in schools to protect the
> students from the unsavory component of the Internet, but I don't see
> how they equate student security with removal of a POP client.
> Outlook Express certainly is among the more vulnerable email clients
> on the planet, but it isn't the only one.
>
> > 2. Does your school let you use outlook etc?
>
> I'm not an educator (hat's off to those who are), but I email my
> daughter's teacher regularly. I just checked the headers on the most
> recent message and it appears the teacher is using an email client.
> Specifically, Internet Mail Service (5.5.2657.72). I may be wrong,
> and the teacher is using a web-mail solution that feeds IMS.
>
> You may have no choice but to accept the school's policy, but they are
> also taking on the responsibility of supp0orting your address book
> and, more importantly, your mail storage space. If they begin telling
> you that you need to purge some mail to reduce the size of your inbox,
> send it back with a request to increase the mailbox size. Justify the
> storage of that mail (can't pull it offline for local storage, etc.)
> and insist they increase your quota. Eventually, and as long as all
> mail users on that network do the same, they may reconsider their
> decision and again allow pop clients.
>
> If and when they do consider POP clients, suggest to them that
> alternative software be approved for use. Instead of using Outlook,
> suggest that Mozilla, Pegasus, Eudora, or any other capable package,
> as a safe alternative.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.538 / Virus Database: 333 - Release Date: 11/10/2003

11-18-2003, 07:56 AM

My reasons for posting are I have asked the IT dept for the reasons why the
network is the way it is, and I'm still waiting 6 weeks later. I want to
know how reasonable the request to use a client is.

11-18-2003, 11:32 AM

In article <bpcjap$2cn$>,
says...
> My reasons for posting are I have asked the IT dept for the reasons why the
> network is the way it is, and I'm still waiting 6 weeks later. I want to
> know how reasonable the request to use a client is.

Chances are, in a large environment, you are not going to get an answer.
They put the solution in place for a reason, and while you may not know
the reason, you won't be able to change it.

--
--

(Remove 999 to reply to me)

11-18-2003, 04:13 PM

I can see your frustration, but at the same time why do they owe you any
explanation at all? Have you ever walked into the accounting department
to start doing an audit of their processes and policies?

By explaining to you how the network is set up and secured, they are
reducing their security overall. A large part of the battle when trying
to get into someones network, is determining the design of hardware and
software.

It sounds like you are more interested in learning about security and
there are many more ways that waiting around for a government agency to
give you explanations.

Jim

Misterroy The commander of all things worth commanding said on
11/18/2003 2:56 AM:
> My reasons for posting are I have asked the IT dept for the reasons why the
> network is the way it is, and I'm still waiting 6 weeks later. I want to
> know how reasonable the request to use a client is.
>
>

11-18-2003, 08:10 PM

"Beoweolf" <Beoweolf-> wrote in message news:<wmdub.10736$. com>...
> Given sufficient resources, your recommendations might be reasonable. Since
> the poster didn't supply a full and detailed outline of the security
> concerns, available resources and budget...it seems a little presumptuous to
> attempt to dictate to his IT department what should and should be available.

Equally as presumtuous to assume I suggested the IT department be
dictated to. Contrary, I suggested that the OP make requests and
attempt to justify them. To demand is futile.

> What may be a better idea to offer a plan to update the
> system, including requisite AV, ID and web filters, instead of assuming the
> IT dept. just wants to be difficult.

Is it the responsibility of the end user to make such an offer to IT?
Or is it better if all end users submit requests, let a committee
decide what to incorporate, and let the skilled system designers and
engineers create the plan?

I never suggested the IT department was being difficult.

> [The IT staff] need to answer to the IT
> manager, not every disgruntled user who feels slighted or constrained.

Then adjust my text and replace "IT staff" with "IT Manager" or "your
Manager." The ethereal "they" are the people with which one must
communicate. The object is to express one's desires so they may be
considered in the next budget or upgrade review. If the OP doesn't
make his requests, then they will never be fulfilled.

It's not being demanding to ask for network usage policies, it's being
responsible. And it's not demanding to ask for more storage space or
to re-instate POP3 usage, it's voicing one's desires.

11-18-2003, 08:16 PM

"Misterroy" <> wrote in message news:<bpcjap$2cn$>...
> My reasons for posting are I have asked the IT dept for the reasons why the
> network is the way it is, and I'm still waiting 6 weeks later. I want to
> know how reasonable the request to use a client is.

It could be that your request has dropped off their radar. Try asking
again, indicating that you asked once before and didn't hear back.

11-18-2003, 09:32 PM

You appear to have confused the reply, which was bringing up some issues
with recommendations which followed the original questions. Take note of
....."your recommendations"...addressed to the reply, not the original post.

But since you brought it up....The IT dept. did in fact make a decision,
that decision was to ask users to trim the amount of disc space they were
consuming. It would appear, that the problem was evaluated and the solution
was to enlist the users in policing their use of resources. It is possible
to set up a automatic program to enforce limits, they chose not to dictate,
rather to allow the user to determine what to keep, what to delete, what was
more valuable. Given unlimited disk space, people will find ways to use
it...it's human nature. Chasing the dream of No restrictions has proven time
and again to be futile. Companies, institutions that provide a service are,
again, obligated to manage those resources to the best of their abilities.
If the users are unhappy with their solution, they need to voice those
concerns through their own managers, who will filter the request and coach
it in terms the IT dept. can address and push it up through channels.
Granted, it is cumbersome and doesn't offer the satisfaction of effecting a
change from force of will, but has a greater chance of success than one
voice railing against policy changes.

Such changes, in policy or procedures are not done in a vacuum. You need to
understand that someone, and probably many someone's, had input and
ultimately approved the change. Most likely, all the managers either agreed
or were coerced and the decision you see is the result of those several
perspectives.

As harsh as it may sound and as much as you disagree, your request is an
attempt to substitute your inconvenience for the combined decision of the
resource provider. If you really want to effect a change, then get something
to backup your opinion and justify in dollars and cents, or employee morale
or business need...as to what benefits, why it is better to accept the added
expense, and system disruption of continuously upgrading and adding disk
space instead of setting reasonable limits.
Put in the right format, you may achieve some success...This matter isn't
really worth this much discussion. Looking at all (or as many as possible)
sides of an issue, before complaining may prevent drawn-out discussion that
lead no where and tend to cause ill will and defensive posturing.
<> wrote in message
news: om...
> "Beoweolf" <Beoweolf-> wrote in message
news:<wmdub.10736$. com>...
> > Given sufficient resources, your recommendations might be reasonable.
Since
> > the poster didn't supply a full and detailed outline of the security
> > concerns, available resources and budget...it seems a little
presumptuous to
> > attempt to dictate to his IT department what should and should be
available.
>
> Equally as presumtuous to assume I suggested the IT department be
> dictated to. Contrary, I suggested that the OP make requests and
> attempt to justify them. To demand is futile.
>
> > What may be a better idea to offer a plan to update the
> > system, including requisite AV, ID and web filters, instead of assuming
the
> > IT dept. just wants to be difficult.
>
> Is it the responsibility of the end user to make such an offer to IT?
> Or is it better if all end users submit requests, let a committee
> decide what to incorporate, and let the skilled system designers and
> engineers create the plan?
>
> I never suggested the IT department was being difficult.
>
> > [The IT staff] need to answer to the IT
> > manager, not every disgruntled user who feels slighted or constrained.
>
> Then adjust my text and replace "IT staff" with "IT Manager" or "your
> Manager." The ethereal "they" are the people with which one must
> communicate. The object is to express one's desires so they may be
> considered in the next budget or upgrade review. If the OP doesn't
> make his requests, then they will never be fulfilled.
>
> It's not being demanding to ask for network usage policies, it's being
> responsible. And it's not demanding to ask for more storage space or
> to re-instate POP3 usage, it's voicing one's desires.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.538 / Virus Database: 333 - Release Date: 11/10/2003

11-16-2003, 04:57 PM	#2
Leythos Posts: n/a	Re: school network email security In article <bp893o$koa$>, says... > I work in a school where they have installed a new network. The email is now > web based and we cant use outlook etc to handle our email. The reason we are > given is; > "I am also surprised that you would want to allow the use of an unfiltered > email client in your classroom particularly in light of Government > guidelines to schools on internet safety." > > I am after two bits of information > 1. Is there any truth in the above statement? > > 2. Does your school let you use outlook etc? Roy, They have a point, but it's misguided - A properly configured firewall can strip out attachments that contain any virus. You should ask them if they filter web content - not just the sites, but the active-x and other scripting parts or if they just filter for porn. If they are not blocking active-x and such they are just as exposed as with email. -- -- (Remove 999 to reply to me)

11-17-2003, 03:26 PM	#3
n1pop@hotmail.com Posts: n/a	Re: school network email security "Misterroy" <> wrote in message news:<bp893o$koa$>... > "I am also surprised that you would want to allow the use of an unfiltered > email client in your classroom particularly in light of Government > guidelines to schools on internet safety." > > I am after two bits of information > 1. Is there any truth in the above statement? You might want them to qualify that statement. Certainly there are benefits to a controlled Internet connection in schools to protect the students from the unsavory component of the Internet, but I don't see how they equate student security with removal of a POP client. Outlook Express certainly is among the more vulnerable email clients on the planet, but it isn't the only one. > 2. Does your school let you use outlook etc? I'm not an educator (hat's off to those who are), but I email my daughter's teacher regularly. I just checked the headers on the most recent message and it appears the teacher is using an email client. Specifically, Internet Mail Service (5.5.2657.72). I may be wrong, and the teacher is using a web-mail solution that feeds IMS. You may have no choice but to accept the school's policy, but they are also taking on the responsibility of supp0orting your address book and, more importantly, your mail storage space. If they begin telling you that you need to purge some mail to reduce the size of your inbox, send it back with a request to increase the mailbox size. Justify the storage of that mail (can't pull it offline for local storage, etc.) and insist they increase your quota. Eventually, and as long as all mail users on that network do the same, they may reconsider their decision and again allow pop clients. If and when they do consider POP clients, suggest to them that alternative software be approved for use. Instead of using Outlook, suggest that Mozilla, Pegasus, Eudora, or any other capable package, as a safe alternative.

11-18-2003, 12:04 AM	#4
Beoweolf Posts: n/a	Re: school network email security Given sufficient resources, your recommendations might be reasonable. Since the poster didn't supply a full and detailed outline of the security concerns, available resources and budget...it seems a little presumptuous to attempt to dictate to his IT department what should and should be available. Most schools get wired by government grants or donations, if the IT department ... after looking at their budget... makes a decision to limit user resources, for the benefit of the entire system...being able to keep your months old or years old messages and downloads may be a luxury they can no longer afford. What may be a better idea to offer a plan to update the system, including requisite AV, ID and web filters, instead of assuming the IT dept. just wants to be difficult. Most IT departments understand they provide a service, but with that responsibility comes a requirement to balance the needs of all users not just those that are at one extreme or other. They need to answer to the IT manager, not every disgruntled user who feels slighted or constrained. <> wrote in message news: om... > "Misterroy" <> wrote in message news:<bp893o$koa$>... > > "I am also surprised that you would want to allow the use of an unfiltered > > email client in your classroom particularly in light of Government > > guidelines to schools on internet safety." > > > > I am after two bits of information > > 1. Is there any truth in the above statement? > > You might want them to qualify that statement. Certainly there are > benefits to a controlled Internet connection in schools to protect the > students from the unsavory component of the Internet, but I don't see > how they equate student security with removal of a POP client. > Outlook Express certainly is among the more vulnerable email clients > on the planet, but it isn't the only one. > > > 2. Does your school let you use outlook etc? > > I'm not an educator (hat's off to those who are), but I email my > daughter's teacher regularly. I just checked the headers on the most > recent message and it appears the teacher is using an email client. > Specifically, Internet Mail Service (5.5.2657.72). I may be wrong, > and the teacher is using a web-mail solution that feeds IMS. > > You may have no choice but to accept the school's policy, but they are > also taking on the responsibility of supp0orting your address book > and, more importantly, your mail storage space. If they begin telling > you that you need to purge some mail to reduce the size of your inbox, > send it back with a request to increase the mailbox size. Justify the > storage of that mail (can't pull it offline for local storage, etc.) > and insist they increase your quota. Eventually, and as long as all > mail users on that network do the same, they may reconsider their > decision and again allow pop clients. > > If and when they do consider POP clients, suggest to them that > alternative software be approved for use. Instead of using Outlook, > suggest that Mozilla, Pegasus, Eudora, or any other capable package, > as a safe alternative. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.538 / Virus Database: 333 - Release Date: 11/10/2003

11-18-2003, 07:56 AM	#5
Misterroy Posts: n/a	Re: school network email security My reasons for posting are I have asked the IT dept for the reasons why the network is the way it is, and I'm still waiting 6 weeks later. I want to know how reasonable the request to use a client is.

11-18-2003, 11:32 AM	#6
Leythos Posts: n/a	Re: school network email security In article <bpcjap$2cn$>, says... > My reasons for posting are I have asked the IT dept for the reasons why the > network is the way it is, and I'm still waiting 6 weeks later. I want to > know how reasonable the request to use a client is. Chances are, in a large environment, you are not going to get an answer. They put the solution in place for a reason, and while you may not know the reason, you won't be able to change it. -- -- (Remove 999 to reply to me)

11-16-2003, 04:37 PM	#1
	school network email security I work in a school where they have installed a new network. The email is now web based and we cant use outlook etc to handle our email. The reason we are given is; "I am also surprised that you would want to allow the use of an unfiltered email client in your classroom particularly in light of Government guidelines to schools on internet safety." I am after two bits of information 1. Is there any truth in the above statement? 2. Does your school let you use outlook etc? thanks roy -- www.island-artist.com art from the western isles Misterroy

11-18-2003, 04:13 PM	#7
Jim Posts: n/a	Re: school network email security I can see your frustration, but at the same time why do they owe you any explanation at all? Have you ever walked into the accounting department to start doing an audit of their processes and policies? By explaining to you how the network is set up and secured, they are reducing their security overall. A large part of the battle when trying to get into someones network, is determining the design of hardware and software. It sounds like you are more interested in learning about security and there are many more ways that waiting around for a government agency to give you explanations. Jim Misterroy The commander of all things worth commanding said on 11/18/2003 2:56 AM: > My reasons for posting are I have asked the IT dept for the reasons why the > network is the way it is, and I'm still waiting 6 weeks later. I want to > know how reasonable the request to use a client is. > >

11-18-2003, 08:10 PM	#8
n1pop@hotmail.com Posts: n/a	Re: school network email security "Beoweolf" <Beoweolf-> wrote in message news:<wmdub.10736$. com>... > Given sufficient resources, your recommendations might be reasonable. Since > the poster didn't supply a full and detailed outline of the security > concerns, available resources and budget...it seems a little presumptuous to > attempt to dictate to his IT department what should and should be available. Equally as presumtuous to assume I suggested the IT department be dictated to. Contrary, I suggested that the OP make requests and attempt to justify them. To demand is futile. > What may be a better idea to offer a plan to update the > system, including requisite AV, ID and web filters, instead of assuming the > IT dept. just wants to be difficult. Is it the responsibility of the end user to make such an offer to IT? Or is it better if all end users submit requests, let a committee decide what to incorporate, and let the skilled system designers and engineers create the plan? I never suggested the IT department was being difficult. > [The IT staff] need to answer to the IT > manager, not every disgruntled user who feels slighted or constrained. Then adjust my text and replace "IT staff" with "IT Manager" or "your Manager." The ethereal "they" are the people with which one must communicate. The object is to express one's desires so they may be considered in the next budget or upgrade review. If the OP doesn't make his requests, then they will never be fulfilled. It's not being demanding to ask for network usage policies, it's being responsible. And it's not demanding to ask for more storage space or to re-instate POP3 usage, it's voicing one's desires.

11-18-2003, 08:16 PM	#9
n1pop@hotmail.com Posts: n/a	Re: school network email security "Misterroy" <> wrote in message news:<bpcjap$2cn$>... > My reasons for posting are I have asked the IT dept for the reasons why the > network is the way it is, and I'm still waiting 6 weeks later. I want to > know how reasonable the request to use a client is. It could be that your request has dropped off their radar. Try asking again, indicating that you asked once before and didn't hear back.

11-18-2003, 09:32 PM	#10
Beoweolf Posts: n/a	Re: school network email security You appear to have confused the reply, which was bringing up some issues with recommendations which followed the original questions. Take note of ....."your recommendations"...addressed to the reply, not the original post. But since you brought it up....The IT dept. did in fact make a decision, that decision was to ask users to trim the amount of disc space they were consuming. It would appear, that the problem was evaluated and the solution was to enlist the users in policing their use of resources. It is possible to set up a automatic program to enforce limits, they chose not to dictate, rather to allow the user to determine what to keep, what to delete, what was more valuable. Given unlimited disk space, people will find ways to use it...it's human nature. Chasing the dream of No restrictions has proven time and again to be futile. Companies, institutions that provide a service are, again, obligated to manage those resources to the best of their abilities. If the users are unhappy with their solution, they need to voice those concerns through their own managers, who will filter the request and coach it in terms the IT dept. can address and push it up through channels. Granted, it is cumbersome and doesn't offer the satisfaction of effecting a change from force of will, but has a greater chance of success than one voice railing against policy changes. Such changes, in policy or procedures are not done in a vacuum. You need to understand that someone, and probably many someone's, had input and ultimately approved the change. Most likely, all the managers either agreed or were coerced and the decision you see is the result of those several perspectives. As harsh as it may sound and as much as you disagree, your request is an attempt to substitute your inconvenience for the combined decision of the resource provider. If you really want to effect a change, then get something to backup your opinion and justify in dollars and cents, or employee morale or business need...as to what benefits, why it is better to accept the added expense, and system disruption of continuously upgrading and adding disk space instead of setting reasonable limits. Put in the right format, you may achieve some success...This matter isn't really worth this much discussion. Looking at all (or as many as possible) sides of an issue, before complaining may prevent drawn-out discussion that lead no where and tend to cause ill will and defensive posturing. <> wrote in message news: om... > "Beoweolf" <Beoweolf-> wrote in message news:<wmdub.10736$. com>... > > Given sufficient resources, your recommendations might be reasonable. Since > > the poster didn't supply a full and detailed outline of the security > > concerns, available resources and budget...it seems a little presumptuous to > > attempt to dictate to his IT department what should and should be available. > > Equally as presumtuous to assume I suggested the IT department be > dictated to. Contrary, I suggested that the OP make requests and > attempt to justify them. To demand is futile. > > > What may be a better idea to offer a plan to update the > > system, including requisite AV, ID and web filters, instead of assuming the > > IT dept. just wants to be difficult. > > Is it the responsibility of the end user to make such an offer to IT? > Or is it better if all end users submit requests, let a committee > decide what to incorporate, and let the skilled system designers and > engineers create the plan? > > I never suggested the IT department was being difficult. > > > [The IT staff] need to answer to the IT > > manager, not every disgruntled user who feels slighted or constrained. > > Then adjust my text and replace "IT staff" with "IT Manager" or "your > Manager." The ethereal "they" are the people with which one must > communicate. The object is to express one's desires so they may be > considered in the next budget or upgrade review. If the OP doesn't > make his requests, then they will never be fulfilled. > > It's not being demanding to ask for network usage policies, it's being > responsible. And it's not demanding to ask for more storage space or > to re-instate POP3 usage, it's voicing one's desires. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.538 / Virus Database: 333 - Release Date: 11/10/2003

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search