With your S4 system installed, you could just manually edit the config files for the banning of users + classes as with any proxy + content filtering server. However, the whole point of the S4 web interface is to simplify this process and to provide members of staff access to different sections. This allows those staff you specify to block / unblock sites, ban pupils or classrooms, etc. From within the ‘User Management | Edit Staff Access Rights’ you can add members of staff that should have access to the web interface, and then place a tick next to the different sections they should be able to access. The default access rights are considered ideal for a normal teacher, though you can of course tailor this to suit your needs.
Under the ‘User Management’ section, the ability to block classes is disabled by default, as this is an area still heavily under development. Although working fine in test establishments, it requires a great deal of manual configuration to import the data from your MIS system to ensure the S4 web interface has the most up to date class and pupil lists. This method is a little hit + miss, as pupils can simply log onto the computer as another user should they know their password. For this reason, the default method of blocking Internet access is either by selecting a particular classroom, or by individual users. Data for individual users is pulled from your Active Directory, so you will need to specify connection settings within the ‘Admin Settings’.
The user helpdesk is an excellent, light-weight system for managing problems within your network. It removes the need for a separate helpdesk, and lets members of staff log problems and browse the knowledge base from the same screen as banning websites or classes.
The firewall activated by default permits web traffic, and ssh access on the internal network and no more. If you have additional ports that require opening for certain applications to function correctly, you can add additional rules or port forwarding options. These changes are automatically saved and so will remain when the server is rebooted.
There is a section within the S4 web interface relating to ‘Intrusion Detection’, which is disabled by default for all users. At the moment, this is still heavily under development. Components for the intrustion detections include Snort and Tripwire, neither of which are installed on your system during these installation instructions. In the future, it is planned that a low-resource ruleset for Snort will be integrated into the system, so please keep an eye on available updates!