- What does the S4 do?
- How does the S4 actually work?
- How does the content filtering work?
- Will the S4 block all games / porn / warez?
- What security does the S4 provide?
- How secure is the S4 system itself?
- What reporting can I obtain about pupil Internet usage?
- Can I block only certain types of websites for certain classes?
- Can I stop file-sharing programmes like Kazaa or Bit Torrent?
- What virus protection does the S4 offer?
- Does the S4 really stop pop-up’s and webpage advertisements?
- How are users authenticated by S4?
- Can you backup the S4 system?
- How easy is it to update the S4 system?
- Which operating systems can my clients be running?
- What network infrastructure can the S4 connect into?
What does the S4 do?
Basically, the S4 system can be broken down into 3 parts:
- advanced content filtering + control of Internet access
- proxy + caching server
- firewall + security systems including intrusion detection
This means that all your users accessing the Internet are controlled by rules setup by yourself as to what they can + can’t do, such as accessing certain sites or url’s, accessing e-mail at certain times during the day, or downloading specific types of files. Some sections can be controlled by teachers such as blocking or unblocking websites, or access to individual pupils or classes. Acting as a proxy + caching server helps speed up your Internet connection by holding commonly accessed websites locally, and allowing teachers to request certain content to be available for a particular lesson, meaning if the Internet connection goes down, their lesson plan doesn’t go with it. Finally, by incorporating firewall + intrusion detection, you are more protected against threats from both outside and inside your network, as well as being able to easily see what has been taking place.
How does the S4 actually work?
It watches and listens. You tell it what you want to allow and what you want to disallow. The S4 can also be set to try and work things out for itself, providing more protection over access to certain parts of the Internet. By checking what a particular user is requesting against what you have configured, user’s are either waved through, or told off for being naughty. All of these actions are recorded, allowing you to quickly see what individual users have been doing, which sites are most commonly accessed, the number of sites blocked, etc. In the same way, the security systems watch and listen for certain events to take place and then respond in whichever manner configured, taking the strain away from network managers to constantly be on the guard.
How does the content filtering work?
Massive lists of websites, url’s, words and phrases are built-in to the S4, allowing it to make decisions based on what requests the user has made. If the user has requested a website containing pornography, it denies the request. If a user requests mathematics revision help, it allows the request. Words and phrases also come into the equation, adjusting the decisions based on the content of the pages. Let’s take an obvious example:
- Let’s say little Johnny is bored, trying to be naughty, so searches for “breasts”. The content filtering has a think, and decides this isn’t acceptable, so Johnny get’s a warning for being a naughty boy, his request his logged, and can be viewed using built-in reports
- Now, let’s suppose little Johnny is now in a biology lesson and researching the topic the class is currently studying, so searches for “breast cancer”. This time, the content filtering understands the nature of the request and so allows it through
It isn’t always as straight forward as that, and even though the second search given in the example may be allowed through, each website after that will be scanned for phrases and keywords, and decisions made for each site. Thus, if the owner of a website tried to fool such systems being including the phrase “cancer” somewhere within the page, the content filtering ‘pre-loads’ the page before displaying it to the user, and can work out exactly what the page is about and whether it is acceptable
Will the S4 block all games / porn / warez?
That all depends on how you control pupil access. Standard configuration uses normal content filtering rules, adjusted by yourself, and would allow certain sites to slip through at some point. This is us being honest with you. Any system that claims to be 100% reliable is wrong. It may be for very short period time, until the websites change something here and there to get round it. However, for the majority of the time, the S4 system will block acces to such sites. An alternative form of configuration is using filter groups to control access. Basically, you can assign all users by default to only be able to access websites specifically allowed by yourselves. This is not ideal when research is to be done, but it does have the advantage of preventing anything other than a specific list of websites being accessed. In this manner, nothing gets past unless you’ve already allowed it.
What security does the S4 provide?
There are three forms of security provided by the S4 system:
- Firewall to allow / disallow certain kinds of traffic, access to certain ports, and data going in or out of your network
- Curently in development, intrusion detection to scan traffic for certain types of events associated with possible threats, attacks or methods of circumventing systems
- File system integrity checks to warn you of possible attempts to actually alter the S4 system itself
These systems provide additional protection for your Internet connections and stop users attempting to access systems they shouldn’t be. With recent changes in data protection laws in the UK, it is more important than ever that information stored on your network stays on your network. Concerns about illegal music and film downloading can also be an issue to schools with the potential fines that come with such actions, so the S4 provides a barrier that users cannot get through, preventing them from engaging in such activities.
How secure is the S4 system itself?
As secure as it can be. Years of experience in computing and networking security has meant the S4 is able to defend itself in the environment the S4 system will be placed into action. All the usual methods of security have been adhered to such as removing un-neccessary packages and services, and the S4 system itself is built around GNU/Debian Linux, famous for it’s meticulous security principals. GNU/Debian Linux is also one of the most configurable systems available in terms of security and hardening, meaning there is a very solid foundation on which the S4 is built upon.
What reporting can I obtain about pupil Internet usage?
Daily stats are compiled for each user, allowing you to view what sites they have accessed. Reports can be filtered to display all websites accessed or only those blocked, or simply viewing the unique websites they are accessed or a complete breakdown by site and url, depending on how in depth you want to get. All requests include time and location so you can see where and when they user accessed certain material, as well as being able to view daily / weekly / monthly stats for internet usage on a whole to see your main peaks are when the systems will be under full load.
Can I block only certain types of websites for certain classes?
Certainly, and this is a key feature of the S4 system. Using ‘filter groups’, you can selectively apply restrictions to individual pupils or entire classes, meaning their level access varies based on your settings. You could, for example, set a class to only be able to access permitted sites on a ‘white list’, meaning all other sites are blocked – perfect for revision lessons where you want the pupils focused on educational sites. If you wish, you could supplement this by allowing games to be played for the last five minutes if the behaviour has been good. All of this allows you to fine tune exactly what the kids can and can’t do in bulk without worrying that they’ll find some loop-hole often available with standard content filtering systems.
Can I stop file-sharing programmes like Kazaa or Bit Torrent?
yes. Firstly, the initial configuration of the S4 system prevents executables and zip files being downloaded, so they couldn’t get the installer. If it was brought in on disk and the policies applied to the workstations allowed installation to occur, the default configuration of the firewall is to block all unneccessary ports. Assuming a user was really determined, they could switch ports, however the S4 monitors bandwidth usage by users can report back if excessive traffic is generated by individual users, alerting you of what is happening. It can even terminate connections if you allow it to once a certain threshold is reacher. Users leaving files to download on an evening is circumvented by limiting access to certain times during the day – after 5p.m, for example, all Internet access could be stopped. See if they can get around that one.
What virus protection does the S4 offer?
Built-in to the S4 system is the ClamAV anti-virus solution, actively scanning documents exchanged across the Internet, both in + out. This makes it a lot more effective than other solutions simply scanning incoming traffic. As documents are downloaded, the documents are scanned, including the ability to scan inside .zip files, meaning viruses downloaded via e-mail’s are stopped before they come through to your system. Of course, the most common forms of files used to transfer viruses are blocked by default anyway. Secondly, by scanning outgoing traffic, if a virus were to infect your network via user transferring a file from floppy disk or USB stick, any attempts made by an e-mail virus, for example, to spread by sending itself out to others would be stopped and reported back, allowing action to be taken.
Does the S4 really stop pop-up’s and webpage advertisements?
Let’s be honest, anyone that claims to be able to stop 100% of pop-ups and advertisements is simply not telling the truth. Sure, it might work for a couple of weeks of even months, but ways around it will be found. The S4 system is constantly updated with latest patterns to stop advertisements being loaded within websites as much as possible, and to try and catch pop-up advertisements and block these as well. A lot of problems caused by pop-up’s are often related to spyware infection on a certain workstation. While the S4 can’t help you with cleaning individual machines, the S4 system does stop the downloading of various file extensions, including executables as a first step to stopping the problem happening in the first place.
How are users authenticated by S4?
Automatically. If your users are working with Internet Explorer, they won’t even realise what is happening. Non-Microsoft based browsers such as Mozilla Firefox, Opera, Netscape, Konqueror, etc. will be prompted for a username + password, which will be exactly the same as their normal workstation login, meaning no additional passwords to remember. This works by connecting in to your existing network infrastructure, be it Microsoft Windows Server based, Novell Netware based, or a form of Linux NIS. The idea is to reduce the burden on the users to remember more passwords, and reduce the burden on network managers to maintain these additional user accounts when someone forgets their password (but don’t worry, teachers never forget their password anyway).
Can you backup the S4 system?
Certainly! There’s no point in having all this data on internet usage stored, finely tuned lists of websites and url’s to allow or disallow and classes or pupils set to be applied to certain filter groups or banned from the Internet completely if you loose in the event of a hardware failure. Backups can be created anytime via the web based interface allowing backups to be stored onto a USB memory stick if required, or setup to automatically backup the systems and copy them files across to a network server to be included on your regular nightly backups, or the backups can be copied to CD-R/CD-RW media automatically each evening, depending on how you wish to store the media.
How easy is it to update the S4 system?
As the system is based around Debian GNU/Linux updating the base system is a snap. At the click of a button, the system will be updated. For updates to the S4 interface itself, it will be no harder than simply downloading an extracting a new package.
Which operating systems can my clients be running?
Whatever you like, the S4 system will work with any network client. An explanation of browser usage should give a little more details, but any operating system or browser will work when connecting through the S4 system.
What network infrastructure can the S4 connect into?
In terms of network and server operating systems, virtually any. Certainly all Microsoft-based networks will work without any problems, and the S4 system has also been successfully implemented on Novell Netware-based networks along with Linux NIS-based networks on SuSE Linux. If you’re not sure whether your network will be compatible, just ask.