Professional Documents
Culture Documents
DfES
Network Services Project
Network Security
Draft v3.1
Copyright © 2004 The JNT Association
UKERNA manages the networking programme on behalf of the higher and further education and
research community in the United Kingdom. JANET, the United Kingdom's education and re-
search network, is funded by the Joint Information Systems Committee (JISC).
For further information please contact:
JANET Customer Service
UKERNA Tel: 0870 850 2212
Atlas Centre, Chilton, Didcot +44 1235 822 212
Oxfordshire, OX11 0QS Fax: 0870 850 2213
+44 1235 822 397
E-mail: service@janet.ac.uk
Copyright:
This document is copyright The JNT Association trading as UKERNA. Parts of it, as appropri-
ate, may be freely copied and incorporated unaltered into another document unless produced for
commercial gain, subject to the source being appropriately acknowledged and the copyright pre-
served. The reproduction of logos without permission is expressly forbidden. Permission should
be sought from JANET Customer Service.
Trademarks:
JANET®, SuperJANET® and UKERNA® are registered trademarks of the Higher Education
Funding Councils for England, Scotland and Wales. The JNT Association is the registered user
of these trademarks.
Disclaimer:
The information contained herein is believed to be correct at the time of issue, but no liability
can be accepted for any inaccuracies.
The reader is reminded that changes may have taken place since issue, particularly in rapidly
changing areas such as internet addressing, and consequently URLs and e-mail addresses should
be used with caution.
The JNT Association cannot accept any responsibility for any loss or damage resulting from the
use of the material contained herein.
Availability:
Further copies of this document may be obtained from JANET Customer Service at the above
address.
Network Security
1 Purpose...............................................................................................................4
1.1 Scope.....................................................................................................4
1.2 Target Audience.....................................................................................5
1.3 Strategic Issues......................................................................................5
1.4 Summary of Responsibilities..................................................................5
1.5 National Education Network...................................................................7
1.6 Interoperability and Standards...............................................................8
2 Management Framework...................................................................................8
2.1 Policies...................................................................................................8
2.2 Resources............................................................................................10
2.3 Chain of Responsibility........................................................................10
3 Network Design................................................................................................11
3.1 Partitioning the Network.......................................................................11
3.2 Firewalls...............................................................................................11
3.3 Measures to Protect Data, Communications and Systems.................13
3.4 Mobile and Remote Working................................................................13
3.5 Wireless Networks...............................................................................14
4 System Protection ..........................................................................................14
4.1 Responsibilities....................................................................................15
4.2 Privileges .............................................................................................15
4.3 Configuration and Maintenance...........................................................15
4.4 Access Control.....................................................................................15
5 Content Protection...........................................................................................16
5.1 Virus Scanning.....................................................................................16
5.2 Content Filtering...................................................................................17
6 User Education.................................................................................................17
6.1 Awareness and Good Practice.............................................................18
6.2 Terms and Conditions..........................................................................18
6.3 Training and Updating..........................................................................18
6.4 User Support........................................................................................18
7 Security Incident Response............................................................................18
7.1 Reporting Process...............................................................................19
7.2 External Interference with the School’s Network.................................19
7.3 Abuse by Internal Users ......................................................................19
7.4 Content and Privacy Incidents.............................................................20
7.5 Network Monitoring..............................................................................20
7.6 Information Dissemination...................................................................20
8 References.......................................................................................................22
Appendix A: Glossary .......................................................................................24
Appendix B: Internet Services in a School Network......................................32
1 Purpose
School networks are complex and serve a rapidly developing set of educational
requirements, some of which challenge the technology and its security, implemented
within limited budgets. Many agencies are involved in providing the end-to-end network
service. There are networks on school premises, regional networks, Internet connectivity
and the National Interconnect via JANET. The whole forms the National Education
Network. At least three layers of educational management are involved: schools, local
authorities and national oversight. Suppliers include commercial network suppliers and
Internet service providers, Local Authorities (LA), Regional Broadband Consortia (RBC)
and national agencies such as UKERNA. These agencies must work together to produce
a consistent, functional and secure IP network across the various management domains.
This document sets out a number of policies, activities and controls that are needed to
give a reasonable level of technical security to the educational network. It does not
consider the detailed location or operation of controls, specific details of policy or
technical systems configurations, though these are essential to match the security of the
network to its intended use. The document only lightly treats issues of information
security or other aspects of content.
A number of other existing documents are referenced. Some of these are examples of
policy or technical design; others are papers on how to prepare these. Where possible,
examples of best practice in the schools sector have been referenced supplemented by
examples from other sources.
1.1 Scope
To be effective, security must be built in at all stages of the procurement, configuration
and management of a network. This document therefore contains recommendations that
will need to be taken into account at all these stages.
The main beneficiaries of a secure network will be schools and their pupils. The
recommendations therefore apply directly to computers and networks within schools.
However, security must also be considered in all procurements of products and services
related to the network, including software, computers and network connections, whether
bought by individual schools or on a regional or national basis. The recommendations are
therefore directly relevant to suppliers to schools, including LAs, RBCs and commercial
network suppliers and service providers.
Security decisions can have a very wide impact across the Internet. The nature of a
school’s network and the services it delivers may affect the behaviour of upstream and
other networks and services, and vice versa. Decisions affecting security should therefore
involve wide consultation and an informed appreciation of their impact both locally and
on a wider scale. If this is not done then it is highly likely that mismatched expectations
will result in a network that is both less functional and less secure than it could have
been.
In the areas covered by the remaining sections of this document – Network Design
(Section 3), Content Protection (Section 5) and Incident Response (Section 7) – schools
and Local Authorities will need to work together to determine the most effective way to
deliver a secure service that meets the ICT requirements of education. A recurring theme
is the need for adequate resourcing of recurrent costs in technical and support staff, in
management involvement and in regular updates to software and hardware.
It should be noted that some information will have multiple target audiences (e.g. pupils,
parents, technical and management staff) so may need to be presented with different form
and content for each group.
1.4.1 Schools
School managers will normally be responsible for ensuring that:
• Risk assessments are made of their school’s use of ICT. (Section 2.1.2)
• They have an appropriate security policy to address the identified risks. (2.1.1)
• There is a process for regular review and periodic updating of the policy. (2.1.3)
• There are sufficient resources and skills to maintain all ICT systems in a secure
fashion. (2.2 & 4.1)
• Security responsibilities are clearly defined. (2.3)
• Appropriate policies exist and are implemented to cover remote and mobile
working, where this is enabled. (3.4)
• Wireless networks are used in a secure manner. (3.5)
• Access to networked computers, and especially privileged access, is controlled.
(4.2)
• All systems are configured securely before being connected to the school network
and that there is a maintenance plan to ensure that security measures are kept up
to date. (4.3)
• Appropriate records are kept of computer use by individuals. (4.4, 7.3)
• All networked systems run anti-virus software with an up-to-date configuration.
(5.1)
• All users of ICT equipment receive appropriate training and updating in safety,
security and good practice in ICT use. (6.1 & 6.3)
• All users of ICT equipment agree to be bound by an Acceptable Use Policy. (6.2)
• Support is available to all users of networked computers. (6.4)
• Users are encouraged to report security problems and there is a process for
handling such reports. (7.1.1)
• Processes, agreements and systems to handle external attacks on the network are
in place. (7.2)
• Sufficient records of use are kept to allow internal misuse to be traced to an
individual. (7.3)
• Appropriate policies are in place to report and deal with inappropriate content or
misuse of personal data. (7.4)
• Network use is measured and monitored to enable faults and security incidents to
be identified and dealt with. (7.5)
• Central facilities are provided to support the core network applications required
for education, as defined in the security policy. (Section 2.1 and, for example,
Appendix B)
Connection to the Internet should be provided at the LA/RBC or higher level; Internet
connections lower down the network are likely to cause serious operational, management
and security problems. Internet connection aggregation has clear benefits and it is
recommended that this be considered by Local Authorities.
This structure reflects the management domains within the network: identifying who is
responsible for systems and networks at each level. It is likely that the physical network
will have the same organisation, though the locations of the boundaries may vary
between different regions and schools depending, for instance, on networking technology
and management arrangements.
Where they exist, international standards are to be preferred as they are better understood
and more likely to be supported by easily available products. In these documents, such
standards will therefore be highlighted when appropriate. However, it is important to note
that many standards, particularly more recent ones, may still provide some flexibility of
interpretation. Apparently standards-compliant products may not always work together as
well as might be hoped, and prior testing to ensure compatibility is always advisable.
There will also be a need for local agreements, within the overall security standards,
particularly regarding the management and configuration of the network. For example, if
a school does not allocate IP addresses to computers in a way agreed with the authority
that runs the regional routers, then the network is unlikely to be able to transfer packets as
intended. In the area of security, these local agreements are likely to dominate, covering
topics such as the types of traffic allowed on the Internet, how services such as mail and
web browsing are provided and how use and misuse of the network are to be accounted
for.
2 Management Framework
2.1 Policies
Policy on the purpose of the education network is beyond the scope of this document.
However, that policy will determine the services and facilities required and will affect the
acceptable use policy for the network, which in turn has an impact on the security policy.
To permit some concrete proposals to be presented, a sample set of network applications
and services is set out in Appendix B, together with recommendations as to how they can
most easily be provided in a secure fashion. It is believed that these are sufficient to meet
most of the needs of school staff and of daytime and other students, mainly while they are
on school premises.
• security requirements;
• responsibilities;
• procedures for administration including monitoring;
• measures and processes for individual areas of concern such as viruses and
content filtering.
References:
http://www.kent.gov.uk/eis/ - follow ‘broadband’ link to ICT security policy
http://www.sln.org.uk/teacher/p1131.htm
http://www.jisc.ac.uk/index.cfm?name=jcas_papers_security.
2.2 Resources
Sufficient resources must be made available on a continuing basis to safely develop,
maintain and manage the network and services provided. Schools must ensure that they
are able to make informed decisions on the safety and educational issues presented by
computers and networks. School managers must therefore ensure they have access to
sufficient advice and assistance for all aspects of network operation, security and use. It is
likely that in most cases Local Authorities or Regional Broadband Consortia will be the
main source of support.
In most school environments the resource most likely to be scarce is staff effort dedicated
to the network; it may be possible to delegate or outsource much technical effort to
commercial or local government suppliers at reasonable cost, but there is no alternative to
informed oversight by local management of safety and educational matters. Planned,
regular and ongoing investment in user awareness, system administration and security
monitoring reduces both the likelihood that a security incident will occur and the
disruptive impact of any such event.
3 Network Design
The design of the networks concerned must:
• support the services and applications that schools need, and
• make it possible to implement the above security and use policies.
The following sections cover aspects of network design from a security standpoint. A
more detailed discussion of network design is set out in the Network Design document.
For schools connected to the same LA or RBC network, it may be technically possible to
configure regional and school network devices so that their networks behave as one. It
might seem attractive to allow computers in different schools to exchange or share
information just as they can within a school. Unfortunately there are serious risks in
weakening the partitioning of the network in this way, and these are very hard to manage
and control. Without an effective partition, security problems such as virus infections in
one school can very quickly spread to others. Even if there are no technical security
problems, private information can also leak very easily across an unpartitioned network.
It will almost always be better to arrange cooperation using well-known services and
applications such as e-mail and Web pages, probably on secure servers located outside the
schools’ LANs, where an application gateway can manage the transfer of information
through firewalls.
3.2 Firewalls
All host systems (client or server computers) on the network must be protected against
hostile traffic from the Internet and from other parts of the network by at least one
firewall or other network control device implementing a default-deny policy (see below).
The location of these devices should be chosen to implement the partitioning mentioned
above.
In most cases it should not be necessary for a school to partition their network by
deploying an internal firewall. It should be possible for the LA or other provider to
operate the firewall function separating the school network from the Internet.
All network traffic represents a risk. The services permitted through each firewall and the
systems to which traffic is allowed to flow must therefore be agreed using a risk
assessment and change management process (see sections 2.1.2 and 2.1.4), with all
changes approved and recorded so that they can be reversed if required.
Management of firewalls and similar devices requires high-level skills and should only be
undertaken by suitably experienced staff. The implementation by schools of their own
firewalls independently of the RBC/LA central firewall service is likely to lead to
complications. Therefore, most of the schools that have firewalls will outsource their
management to the network suppliers or RBC/LA staff.
All schools considering implementing their own firewalls should first understand the
implications for IP videoconferencing and content delivery. In order to enable IP
videoconferencing it is recommended that each local authority, rather than each school,
deploys either an H.323-aware firewall, or a proxy server alongside an existing firewall.
Issues relating to IP videoconferencing and firewalls are discussed in the associated
Videoconferencing document.
Firewalls need to be adequately sized for the traffic they handle and also, in the case of
firewalls within LA/RBC networks, for the very large number of simultaneous network
connections made over the network. Firewall rule-sets will need to be reviewed to ensure
consistency and efficiency.
Where firewalls are implemented at school level as well as RBC/LA level, care is
required to ensure reasonable agreement on the rule set. LAs should provide guidance to
their schools on how to achieve this.
Reference:
http://safety.ngfl.gov.uk/schools/document.php3?D=d68
Some applications (such as video) use the network in ways that make the rules in a
default-deny firewall impracticable. These may need local servers supporting the
applications concerned, acting as proxies or gateways to simplify the demands on
firewalls.
The default-deny strategy will inevitably restrict access to new on-line services where
these do not use configurations already available. All additional routes into a network
reduce security to some degree and this must be balanced with the educational benefits of
the new service. Worm attacks that use open ports to scan IP address ranges for
vulnerabilities are likely to continue to increase; to reduce exposure to these it may be
necessary to open some ports only at the specific times when their services are required
and close them afterwards. Flexibility in network use will then depend on the provision
of flexible and easily-managed firewalls.
Content and service providers and product vendors must ensure that precise information
is available to firewall managers and that the number of additional ports to be opened is
kept to a minimum. Schools intending to use new products or services must identify and
agree well in advance any changes to their own firewalls and those of the LA/RBC within
the relevant security policies and guidance on firewall management (see 3.2).
For this reason traffic from the Interconnect Service should be filtered through any
firewall that the RBC operates towards the external world.
3.4.1 Policy
If a school perceives the need for some or all of its users to reach some or all of its
network facilities from elsewhere in the Internet (for instance while working from home),
it must prepare a policy statement indicating what is required and the responsibilities of
the user, the school and the network provider to ensure that security is not put at risk.
3.4.2 Systems
If remote access facilities are to be provided then a risk assessment must be performed
and appropriate technical and procedural controls put in place. Typically there will be an
enhanced need for users to authenticate themselves, possibly with an additional
authentication step and separate cryptographic tokens or certificates. If systems need to
be accessed remotely, they should normally be outsourced and located outside the
school's local area network.
4 System Protection
A “system” here means a computer, which may be a server, a desktop system for single or
shared use, a portable computer (laptop, tablet, handheld etc) or a network device such as
a switch, router or firewall.
4.1 Responsibilities
Every system connected to the network must have a designated owner whom the school
holds responsible for its security. The owner must be given appropriate resources, skills,
and information to fulfil this responsibility; clearly the level appropriate will depend on
the nature of the system and the part of the network to which it is or can be connected.
4.2 Privileges
Users of any system must be separated at least into those who are authorised to maintain
the system and those who are not. Technical and procedural measures must be in place to
ensure that each group only has those privileges they need.
Reference: http://wp.netscape.com/security/basics/passwords.html
Although the impact of most of the above problems can be limited with care and vigil-
ance by all concerned, authentication at LA level is not at present appropriate for most
services in schools.
4.4.3 Systems
Policies and technical controls must be in place if laptop or similar systems are to be
connected to the network when these have also been connected to other networks.
Laptops are now one of the most common infection vectors for computer viruses.
5 Content Protection
5.1 Virus Scanning
Security policies at LA/RBC and school level must make clear the requirement for virus
scanning.
All end-user systems must run anti-virus software, with definition files regularly updated,
automatically if possible. Disabling this protection should be seen as a serious
disciplinary matter. External e-mail both entering and leaving the network should be
checked by up-to-date anti-virus software, preferably at the mail server. Internal mail
should be checked in transit. Mail servers, fileservers and other application servers must
be scanned regularly to find infected files or messages that may have arrived by other
routes.
School management must recognise that maintaining anti-virus measures requires
considerable resource and determination. Frequently ICT support staff are overwhelmed
by the magnitude of the task or their efforts are defeated by systems that move around the
school and are taken home. Scanning tools that detect vulnerabilities across the network
should be used on a regular basis.
References:
http://safety.ngfl.gov.uk/schools/document.php3?D=d52
http://www.ja.net/CERT/JANET-CERT/prevention/antivirus.html.
6 User Education
Many users of school networks will be young or will have limited interest in or
understanding of networking. The material referred to in the following paragraphs must
be designed and presented so that it is likely to convey its message effectively to all users
concerned.
In particular, schools may need to remind users of their responsibilities in appropriate
network/Internet use at the point of access, rather than assuming that staff or pupils
accept a general abstract rule.
Reference: http://www.kented.org.uk/ngfl/policy.html
Incidents may be identified by users within the school, by other Internet users or by
network staff (either in the school or in one of its Local Authority or commercial service
providers).
Some incidents may involve Law Enforcement agencies, and schools should have a
policy for handling interactions with them. In many cases it will be appropriate for the
Local Authority to take some part.
Reference: http://www.linx.net/noncore/bcp/traceability-bcp.html.
responsible contacts within each school, and recommending actions to be taken by school
managers and their technicians.
The information disseminated may come from commercial or other professional security
services and response teams, from vendors, from Internet bulletins and similar sources, or
from local knowledge. Information from some of these sources may need additional
interpretation or explanation to make it directly useful to schools.
In some cases it may be appropriate to require schools to acknowledge that they have
received and acted upon the information or advice received, to prevent insecure schools
posing a threat to their users and the rest of the network.
8 References
DfES Standards Fund Guidance
ICT in Schools Standards Fund Grant 2004-05
Guidance for Schools and LEAs
http://www.dfes.gov.uk/ictinschools/funding/
Security Policy
http://www.kent.gov.uk/eis/ - follow ‘broadband’ link to ICT security policy
http://www.sln.org.uk/teacher/p1131.htm
http://www.jisc.ac.uk/index.cfm?name=jcas_papers_security
Risk Management
http://www.ja.net/conferences/SJ4/manage_risks/prog.html
Firewalls
http://safety.ngfl.gov.uk/schools/document.php3?D=d68
http://www.ja.net/CERT/JANET-CERT/prevention/networks.html
Wireless Networks
http://www.bgfl.org/services/editsupp/wireless.htm
http://www.ja.net/documents/factsheets/wireless-security.pdf
http://www.securityfocus.com/infocus/1732
http://www.securityfocus.com/infocus/1735
System Protection
http://www.ja.net/CERT/JANET-CERT/prevention/machines.html
Passwords
http://wp.netscape.com/security/basics/passwords.html
Virus Scanning
http://safety.ngfl.gov.uk/schools/document.php3?D=d52
http://www.ja.net/CERT/JANET-CERT/prevention/antivirus.html
Content filtering
http://safety.ngfl.gov.uk/schools/document.php3?D=d55
External Attacks
http://www.cert.org/csirts/
Internal Attacks
http://www.linx.net/noncore/bcp/traceability-bcp.html
Network Monitoring
http://www.ja.net/services/netsight/index.html and
http://www.ja.net/documents/factsheets/unusual_traffic.pdf
General information
http://safety.ngfl.gov.uk/schools/
Network Design
DfES ICT in Schools Network Services Project
UKERNA, March 2004
Videoconferencing
DfES ICT in Schools Network Services Project
UKERNA, March 2004
Appendix A: Glossary
This glossary explains the terms used in this document. An extensive general networking
glossary can be found at the JANET National User Group Web site:
http://www.jnug.ac.uk/netglossary.html.
Address
In this document refers to an IP address. An IP address is the unique layer
identifier for a host on the local IP network.
Authentication
The process or processes which enable one party in an electronic communication
(typically a user or a client) to say to another party (a server or provider) who they
are in a way satisfactory to that second party. Examples include supplying a user or
account name and a password, presenting a smart card and entering a PIN, having a
thumbprint recognised, sending a cryptographic certificate which matches one held
by the other party or responding to a challenge in the correct way. Note that in some
situations it may not be obvious which way round the roles are; when connecting to
a 'secure' Web site using SSL it is the Web site that seeks to convince the human
user's Web browser of its identity.
The purpose of authentication is usually to support authorisation, the granting or
denial of access to some resources.
Broadband
A transmission medium capable of supporting a wide range of frequencies. It can
carry multiple signals by dividing the total capacity of the medium into multiple,
independent bandwidth channels, where each channel operates only on a specific
range of frequencies. [Source: RFC1392]
In a networking context the term means ‘at least 2Mbps in both directions’.
The term has been adopted in common usage to refer to connections to the
Internet at speeds of 128Kbps or greater. These may be asymmetric.
CA
CERT
Computer Emergency Response Team (also known as CSIRT, Computer Security
Incident Response Team, or IRT) Coordinates responses to computer security
threats and incidents on behalf of some community or network. Where the
constituency for a CERT is identified with an Internet domain name such as 'ja.net',
the team can usually be reached through a corresponding e-mail address beginning
'abuse@' or 'security@', such as 'abuse@ja.net' or 'security@ja.net'. A CERT will
accept reports of suspected security events from its own constituency and will
engage with the CERTs of other providers or communities to resolve external
threats; it will also deal with relevant complaints about its own customers from
outside. It will issue advisory material from time to time. It is essential that the
CERT function in an organisation has the support of senior management, as security
response is sometimes disruptive to other activities. CERTs cooperate regionally
and globally through organisations such as CERT/CC and FIRST in the US:
http://www.cert.org/
http://www.first.org/
and TF-CSIRT in Europe:
http://www.terena.nl/tech/task-forces/tf-csirt/
Certificate
A collection of data which indicates entitlement to some resources. A certificate is
typically unintelligible to a human reader and is produced and read using
cryptographic software. It may include the identity of the person or object to whom
it refers, some details of the resources to be made available (such as a time limit),
and some indication of a chain of trust. Certificates are of value to persons or
computers controlling resources because those controllers can confirm that they
were issued with the authority of a party they have arranged to trust for that purpose
(a 'Certificate Authority'). X.509 is the most widely accepted standard for
cryptographic certificates.
Data Protection
Legislation and guidance on the use of information about individual people
('personal data'). UK legislation is harmonised with EU Directives; practice in the
United States has far less emphasis on the care to be taken with personal data, and
the international nature of the Internet makes this a complex issue. The UK lays
down Data Protection Principles and requires people and organisations handling
personal data to register with the Information Commissioner:
http://www.informationcommissioner.gov.uk/
Default-deny
A style of management and configuration for control devices in networks (such as
routers, firewalls, proxies and servers) in which no access is permitted by default,
and every item of access needed (port, protocol, service, network etc) must be
explicitly enabled.
DHCP
Dynamic Host Configuration Protocol. Computers in a TCP/IP network can obtain
much of the configuration information they need to connect to that network from a
DHCP server if one is provided. In most simple environments this enables client
computers to be connected with minimal preparation on the server and none on the
client. 'Dynamic' refers in part to the allocation of IP addresses from a pool to
clients when they connect; the same client may receive different addresses on
separate occasions, and only the DHCP server will have records of the transient
allocations. Specified in RFC 2131:
http://www.ietf.org/rfc/rfc2131.txt
DNS
See Domain Name System.
Encryption
Changing information into a form where it has particular properties of privacy and
integrity; and recovering the original information when appropriate. Typically,
encryption software combines the real data with one or more items of artificial
information, called keys by analogy with the processes for securing physical
objects. The results of encryption look very much like random sequences of letters
and other characters; software with access to suitable keys (which may or may not
be the same ones as before) can relatively easily recover the original information
but it is intended to be impracticable to do so without such keys. It is possible to
make some or all network traffic private or secret, and to digitally sign information
so that a recipient can confirm its integrity and its origin. The costs of doing so are
increased processing by encryption software, reduced efficiency in network traffic,
and substantial complications in the management of keys and the associated levels
of trust; encryption is the answer to some problems but not to all.
FE
Further Education.
Firewall
Router or access server, designated as a buffer between any connected public
networks and a private network. A firewall router uses access lists and other
methods to ensure the security of the private network.
Gateway
1. A computer which exchanges information between two networks in two
different forms, rather like an idealised language translator. For instance, an e-
mail gateway might accept e-mail in some proprietary form inside a network
and change it to Internet e-mail form for transmission elsewhere.
2. A router at the boundary of an organisational network, passing network traffic
to and from a service provider and the Internet. Computers in the network
need to be configured to send their Internet traffic to such a gateway router.
HE
Higher Education.
Internet
The global public network comprising many interconnected, but independently
operated, service provider networks.
Internet Protocol
The communications standard used on the Internet.
IP
See Internet Protocol.
JANET
See Joint Academic Network.
Local Authority
A UK regional body which may operate its own local network providing service
directly to schools.
LA
See Local Authority.
LAN
See Local Area Network.
NAT
See Network Address Translation.
Proxy
Intermediary program that acts as both a server and a client for the purpose of
making requests on behalf of other clients. Requests are serviced internally or by
passing them on, possibly after translation, to other servers. A proxy interprets,
and, if necessary, rewrites a request message before forwarding it.
RBC
See Regional Broadband Consortium.
Router
Often used as a generic term for an IP router, however the term may be used to
refer to a device that is routing other protocols in addition to IP.
Spam
Unsolicited Bulk E-mail. The term 'spam' is used very loosely. It is usually best to
refer to 'UBE' (see below), 'e-mail abuse', 'marketing e-mail' or some other specific
term appropriate to the context. A common form of e-mail abuse is the falsification
of the origin of messages.
Switch
Ethernet switch.
Token
A generic term; an encryption token may be a key, a certificate or some other item
of data involved in cryptographic activity.
UBE
Unsolicited Bulk E-mail. E-mail is Unsolicited unless the intended recipient has
chosen in advance to receive it; it is Bulk if it is sent indiscriminately. European
Commission Directive 2002/58/EC:
http://europa.eu.int/eur-
lex/pri/en/oj/dat/2002/l_201/l_20120020731en00370047.pdf
Virus
A program which changes the way some other program works, and which can
spread from computer to computer by e-mail, by exploiting weaknesses in the
operating system or application software, or by deceiving a computer user so that
they unwittingly take part in the propagation. Popularly refers to any unwanted
program; 'worm' is used to mean almost the same thing. As well as propagating,
some viruses and worms have damaging side effects such as damage to data,
exposure of private data or the establishment of undesirable services on an infected
computer.
VPN
Virtual Private Network.
VLE
Virtual Learning Environment. A set of services to support learning, bundled into a
single product. As well as presenting source material, VLEs have management
elements to cover registration, monitoring of progress and student support. Some
products are Web based; others use proprietary protocols and servers.
WEP
Wireless Equivalent Privacy, specified in IEEE 802.11b. An encryption protocol
used with the 802.11 wireless standards and now regarded as providing only
rudimentary security.
Wireless
Wireless networking connects end-user computers (typically laptops, tablets or
handhelds) to wired segments of a LAN. Each computer has its own radio, either
built in or in a PCMCIA or similar card; further radios in one or more 'access
points' are fixed in the room or area where wireless is made available, and they
have the usual wired connections to the rest of the network. Current standards in
widespread use (all from IEEE) include IEEE 802.11b and the faster IEEE 802.11g.
Worm
See 'virus'.
WPA
Wi-Fi Protected Access. Enhancements to WEP providing satisfactory privacy for
wireless LAN use and a user authentication mechanism. An informal standard
expected to be superseded by the IEEE 802.11i standard which will be very
similar.