school network email security

Discussion in 'Computer Security' started by Misterroy, Nov 16, 2003.

  1. Misterroy

    Misterroy Guest

    I work in a school where they have installed a new network. The email is now
    web based and we cant use outlook etc to handle our email. The reason we are
    given is;
    "I am also surprised that you would want to allow the use of an unfiltered
    email client in your classroom particularly in light of Government
    guidelines to schools on internet safety."

    I am after two bits of information
    1. Is there any truth in the above statement?

    2. Does your school let you use outlook etc?


    thanks
    roy

    --
    www.island-artist.com art from the western isles
    Misterroy, Nov 16, 2003
    #1
    1. Advertising

  2. Misterroy

    Leythos Guest

    In article <bp893o$koa$>,
    says...
    > I work in a school where they have installed a new network. The email is now
    > web based and we cant use outlook etc to handle our email. The reason we are
    > given is;
    > "I am also surprised that you would want to allow the use of an unfiltered
    > email client in your classroom particularly in light of Government
    > guidelines to schools on internet safety."
    >
    > I am after two bits of information
    > 1. Is there any truth in the above statement?
    >
    > 2. Does your school let you use outlook etc?


    Roy,

    They have a point, but it's misguided - A properly configured firewall
    can strip out attachments that contain any virus.

    You should ask them if they filter web content - not just the sites, but
    the active-x and other scripting parts or if they just filter for porn.
    If they are not blocking active-x and such they are just as exposed as
    with email.


    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 16, 2003
    #2
    1. Advertising

  3. Misterroy

    Guest

    "Misterroy" <> wrote in message news:<bp893o$koa$>...
    > "I am also surprised that you would want to allow the use of an unfiltered
    > email client in your classroom particularly in light of Government
    > guidelines to schools on internet safety."
    >
    > I am after two bits of information
    > 1. Is there any truth in the above statement?


    You might want them to qualify that statement. Certainly there are
    benefits to a controlled Internet connection in schools to protect the
    students from the unsavory component of the Internet, but I don't see
    how they equate student security with removal of a POP client.
    Outlook Express certainly is among the more vulnerable email clients
    on the planet, but it isn't the only one.

    > 2. Does your school let you use outlook etc?


    I'm not an educator (hat's off to those who are), but I email my
    daughter's teacher regularly. I just checked the headers on the most
    recent message and it appears the teacher is using an email client.
    Specifically, Internet Mail Service (5.5.2657.72). I may be wrong,
    and the teacher is using a web-mail solution that feeds IMS.

    You may have no choice but to accept the school's policy, but they are
    also taking on the responsibility of supp0orting your address book
    and, more importantly, your mail storage space. If they begin telling
    you that you need to purge some mail to reduce the size of your inbox,
    send it back with a request to increase the mailbox size. Justify the
    storage of that mail (can't pull it offline for local storage, etc.)
    and insist they increase your quota. Eventually, and as long as all
    mail users on that network do the same, they may reconsider their
    decision and again allow pop clients.

    If and when they do consider POP clients, suggest to them that
    alternative software be approved for use. Instead of using Outlook,
    suggest that Mozilla, Pegasus, Eudora, or any other capable package,
    as a safe alternative.
    , Nov 17, 2003
    #3
  4. Misterroy

    Beoweolf Guest

    Given sufficient resources, your recommendations might be reasonable. Since
    the poster didn't supply a full and detailed outline of the security
    concerns, available resources and budget...it seems a little presumptuous to
    attempt to dictate to his IT department what should and should be available.

    Most schools get wired by government grants or donations, if the IT
    department ... after looking at their budget... makes a decision to limit
    user resources, for the benefit of the entire system...being able to keep
    your months old or years old messages and downloads may be a luxury they can
    no longer afford. What may be a better idea to offer a plan to update the
    system, including requisite AV, ID and web filters, instead of assuming the
    IT dept. just wants to be difficult.

    Most IT departments understand they provide a service, but with that
    responsibility comes a requirement to balance the needs of all users not
    just those that are at one extreme or other. They need to answer to the IT
    manager, not every disgruntled user who feels slighted or constrained.

    <> wrote in message
    news:...
    > "Misterroy" <> wrote in message

    news:<bp893o$koa$>...
    > > "I am also surprised that you would want to allow the use of an

    unfiltered
    > > email client in your classroom particularly in light of Government
    > > guidelines to schools on internet safety."
    > >
    > > I am after two bits of information
    > > 1. Is there any truth in the above statement?

    >
    > You might want them to qualify that statement. Certainly there are
    > benefits to a controlled Internet connection in schools to protect the
    > students from the unsavory component of the Internet, but I don't see
    > how they equate student security with removal of a POP client.
    > Outlook Express certainly is among the more vulnerable email clients
    > on the planet, but it isn't the only one.
    >
    > > 2. Does your school let you use outlook etc?

    >
    > I'm not an educator (hat's off to those who are), but I email my
    > daughter's teacher regularly. I just checked the headers on the most
    > recent message and it appears the teacher is using an email client.
    > Specifically, Internet Mail Service (5.5.2657.72). I may be wrong,
    > and the teacher is using a web-mail solution that feeds IMS.
    >
    > You may have no choice but to accept the school's policy, but they are
    > also taking on the responsibility of supp0orting your address book
    > and, more importantly, your mail storage space. If they begin telling
    > you that you need to purge some mail to reduce the size of your inbox,
    > send it back with a request to increase the mailbox size. Justify the
    > storage of that mail (can't pull it offline for local storage, etc.)
    > and insist they increase your quota. Eventually, and as long as all
    > mail users on that network do the same, they may reconsider their
    > decision and again allow pop clients.
    >
    > If and when they do consider POP clients, suggest to them that
    > alternative software be approved for use. Instead of using Outlook,
    > suggest that Mozilla, Pegasus, Eudora, or any other capable package,
    > as a safe alternative.



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.538 / Virus Database: 333 - Release Date: 11/10/2003
    Beoweolf, Nov 18, 2003
    #4
  5. Misterroy

    Misterroy Guest

    My reasons for posting are I have asked the IT dept for the reasons why the
    network is the way it is, and I'm still waiting 6 weeks later. I want to
    know how reasonable the request to use a client is.
    Misterroy, Nov 18, 2003
    #5
  6. Misterroy

    Leythos Guest

    In article <bpcjap$2cn$>,
    says...
    > My reasons for posting are I have asked the IT dept for the reasons why the
    > network is the way it is, and I'm still waiting 6 weeks later. I want to
    > know how reasonable the request to use a client is.


    Chances are, in a large environment, you are not going to get an answer.
    They put the solution in place for a reason, and while you may not know
    the reason, you won't be able to change it.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 18, 2003
    #6
  7. Misterroy

    Jim Guest

    I can see your frustration, but at the same time why do they owe you any
    explanation at all? Have you ever walked into the accounting department
    to start doing an audit of their processes and policies?

    By explaining to you how the network is set up and secured, they are
    reducing their security overall. A large part of the battle when trying
    to get into someones network, is determining the design of hardware and
    software.

    It sounds like you are more interested in learning about security and
    there are many more ways that waiting around for a government agency to
    give you explanations.

    Jim

    Misterroy The commander of all things worth commanding said on
    11/18/2003 2:56 AM:
    > My reasons for posting are I have asked the IT dept for the reasons why the
    > network is the way it is, and I'm still waiting 6 weeks later. I want to
    > know how reasonable the request to use a client is.
    >
    >
    Jim, Nov 18, 2003
    #7
  8. Misterroy

    Guest

    "Beoweolf" <> wrote in message news:<wmdub.10736$>...
    > Given sufficient resources, your recommendations might be reasonable. Since
    > the poster didn't supply a full and detailed outline of the security
    > concerns, available resources and budget...it seems a little presumptuous to
    > attempt to dictate to his IT department what should and should be available.


    Equally as presumtuous to assume I suggested the IT department be
    dictated to. Contrary, I suggested that the OP make requests and
    attempt to justify them. To demand is futile.

    > What may be a better idea to offer a plan to update the
    > system, including requisite AV, ID and web filters, instead of assuming the
    > IT dept. just wants to be difficult.


    Is it the responsibility of the end user to make such an offer to IT?
    Or is it better if all end users submit requests, let a committee
    decide what to incorporate, and let the skilled system designers and
    engineers create the plan?

    I never suggested the IT department was being difficult.

    > [The IT staff] need to answer to the IT
    > manager, not every disgruntled user who feels slighted or constrained.


    Then adjust my text and replace "IT staff" with "IT Manager" or "your
    Manager." The ethereal "they" are the people with which one must
    communicate. The object is to express one's desires so they may be
    considered in the next budget or upgrade review. If the OP doesn't
    make his requests, then they will never be fulfilled.

    It's not being demanding to ask for network usage policies, it's being
    responsible. And it's not demanding to ask for more storage space or
    to re-instate POP3 usage, it's voicing one's desires.
    , Nov 18, 2003
    #8
  9. Misterroy

    Guest

    "Misterroy" <> wrote in message news:<bpcjap$2cn$>...
    > My reasons for posting are I have asked the IT dept for the reasons why the
    > network is the way it is, and I'm still waiting 6 weeks later. I want to
    > know how reasonable the request to use a client is.


    It could be that your request has dropped off their radar. Try asking
    again, indicating that you asked once before and didn't hear back.
    , Nov 18, 2003
    #9
  10. Misterroy

    Beoweolf Guest

    You appear to have confused the reply, which was bringing up some issues
    with recommendations which followed the original questions. Take note of
    ....."your recommendations"...addressed to the reply, not the original post.

    But since you brought it up....The IT dept. did in fact make a decision,
    that decision was to ask users to trim the amount of disc space they were
    consuming. It would appear, that the problem was evaluated and the solution
    was to enlist the users in policing their use of resources. It is possible
    to set up a automatic program to enforce limits, they chose not to dictate,
    rather to allow the user to determine what to keep, what to delete, what was
    more valuable. Given unlimited disk space, people will find ways to use
    it...it's human nature. Chasing the dream of No restrictions has proven time
    and again to be futile. Companies, institutions that provide a service are,
    again, obligated to manage those resources to the best of their abilities.
    If the users are unhappy with their solution, they need to voice those
    concerns through their own managers, who will filter the request and coach
    it in terms the IT dept. can address and push it up through channels.
    Granted, it is cumbersome and doesn't offer the satisfaction of effecting a
    change from force of will, but has a greater chance of success than one
    voice railing against policy changes.

    Such changes, in policy or procedures are not done in a vacuum. You need to
    understand that someone, and probably many someone's, had input and
    ultimately approved the change. Most likely, all the managers either agreed
    or were coerced and the decision you see is the result of those several
    perspectives.

    As harsh as it may sound and as much as you disagree, your request is an
    attempt to substitute your inconvenience for the combined decision of the
    resource provider. If you really want to effect a change, then get something
    to backup your opinion and justify in dollars and cents, or employee morale
    or business need...as to what benefits, why it is better to accept the added
    expense, and system disruption of continuously upgrading and adding disk
    space instead of setting reasonable limits.
    Put in the right format, you may achieve some success...This matter isn't
    really worth this much discussion. Looking at all (or as many as possible)
    sides of an issue, before complaining may prevent drawn-out discussion that
    lead no where and tend to cause ill will and defensive posturing.
    <> wrote in message
    news:...
    > "Beoweolf" <> wrote in message

    news:<wmdub.10736$>...
    > > Given sufficient resources, your recommendations might be reasonable.

    Since
    > > the poster didn't supply a full and detailed outline of the security
    > > concerns, available resources and budget...it seems a little

    presumptuous to
    > > attempt to dictate to his IT department what should and should be

    available.
    >
    > Equally as presumtuous to assume I suggested the IT department be
    > dictated to. Contrary, I suggested that the OP make requests and
    > attempt to justify them. To demand is futile.
    >
    > > What may be a better idea to offer a plan to update the
    > > system, including requisite AV, ID and web filters, instead of assuming

    the
    > > IT dept. just wants to be difficult.

    >
    > Is it the responsibility of the end user to make such an offer to IT?
    > Or is it better if all end users submit requests, let a committee
    > decide what to incorporate, and let the skilled system designers and
    > engineers create the plan?
    >
    > I never suggested the IT department was being difficult.
    >
    > > [The IT staff] need to answer to the IT
    > > manager, not every disgruntled user who feels slighted or constrained.

    >
    > Then adjust my text and replace "IT staff" with "IT Manager" or "your
    > Manager." The ethereal "they" are the people with which one must
    > communicate. The object is to express one's desires so they may be
    > considered in the next budget or upgrade review. If the OP doesn't
    > make his requests, then they will never be fulfilled.
    >
    > It's not being demanding to ask for network usage policies, it's being
    > responsible. And it's not demanding to ask for more storage space or
    > to re-instate POP3 usage, it's voicing one's desires.



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.538 / Virus Database: 333 - Release Date: 11/10/2003
    Beoweolf, Nov 18, 2003
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QW5ncnkgTGlicmFyaWFu?=

    xp pro default settings for a school network

    =?Utf-8?B?QW5ncnkgTGlicmFyaWFu?=, Mar 2, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    462
    demon
    Mar 3, 2005
  2. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    602
    COMSOLIT Messmer
    Sep 5, 2003
  3. Replies:
    4
    Views:
    1,115
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Aug 13, 2007
  4. norberto2611
    Replies:
    0
    Views:
    533
    norberto2611
    Feb 20, 2008
  5. sealol
    Replies:
    1
    Views:
    5,499
    jd4200
    Jul 10, 2008
Loading...

Share This Page