Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
20 posts

Geek
+1 received by user: 10

Linewize

  Reply # 1495357 19-Feb-2016 05:43
One person supports this post
Send private message

At a more abstract level this is really a conversation around the nature of what is 'private' information online and what is not.

 

As a society we have reached a reasonably common agreement about how these things play out in the physical world.

 

For example any stranger on the street can see you go into your doctors waiting room and even sit down next to you in the waiting room if they wish.

 

This is accepted public behaviour in a public space, no one would raise an eyebrow to this.

 

But if said stranger then sat in and listened to your doctors consultation, that would be considered an outrageous breach of your privacy.

 

We are still in the process of agreeing as a society where the equivalent virtual boundaries exist.

 

For me, allowing a complete stranger to inspect all my online content in plain text is just as outrageous as having a stranger sit in on my doctors appointment.

 

surely the downsides to supporting a MITMA approach far outweigh the benefit of stopping little Jonny searching for boobs.

 

 


UHD

553 posts

Ultimate Geek
+1 received by user: 235


  Reply # 1495371 19-Feb-2016 07:53
Send private message

I find it ridiculous that the responsibility (decryption is optional) is simply left up to schools as well, the majority of administration staff there have no idea of the implications of that option and of course will request it. N4L can't simply wash their hands of the whole issue by passing the buck back to schools. If information technology professionals refuse to encourage good digitial citizenship then who will?


 
 
 
 


9 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1495395 19-Feb-2016 08:33
One person supports this post
Send private message

UHD:

 

I find it ridiculous that the responsibility (decryption is optional) is simply left up to schools as well, the majority of administration staff there have no idea of the implications of that option and of course will request it. N4L can't simply wash their hands of the whole issue by passing the buck back to schools. If information technology professionals refuse to encourage good digitial citizenship then who will?

 

 

SSL decryption technology is not new and has been around for a while. Most vendors in the market offering full security solutions offer these features and has become the necessary evil. I personally believe it would be irresponsible mandating the feature and needs to be optional, so that it can align with the policies of the specific organisation and what they looking to achieve. This is where solutions offering these features (a tool in the toolbelt), have options to ensure not all content is inspected. e.g Do not inspect financial, healthcare etc which is a policy decision (and best practise). It is then up to the policies and clear communication with the users of the network understanding what is and what is not been done. 

 

The challenge facing all industries is more around security verse blocking/warning about "naughty" content. Malware, ransomware, Malvertising, bad actor browser extensions etc, is now more commonly been delivered over HTTPS.. and bypassing security scanning solutions. This part is generally ignored and the threats are ignored...

 

Looking at security reports and market trends, this is becoming more of a requirement for organisations unfortunately to deploy mechanisms such as SSL decryption to combat these security threats and protect the data. 

 

@UHD -

 

 

"I find it ridiculous that the responsibility (decryption is optional) is simply left up to schools as well...."

 

 

I would be interested in your view here and what you believe should be the case? and then also in context with security protection component..


9 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1495406 19-Feb-2016 08:55
Send private message

ScottNoakes:

 

 

 

 

 

For me, allowing a complete stranger to inspect all my online content in plain text is just as outrageous as having a stranger sit in on my doctors appointment.

 

 

I would fully agree with you on this comment in regards to plain text and it is a good thing SSL encryption technology was developed! therefore, the stranger is not in the appointment unless he got there beforehand and bugged the room... There are then mitigations which have been deployed by many vendors to provide the ability to limit what is and what is not inspected.

 

**I don't personally like the fact of having to do SSL decryption but putting a different hat on for the other side of the conversation**

 

 

surely the downsides to supporting a MITMA approach far outweigh the benefit of stopping little Jonny searching for boobs.

 

 

Opinion.. 

 

I fully agree with you on increasing your risk profile against stopping b00bs (Majority of this can be achieved without SSL decryption) but then what about the security component?
Is there more downside to blocking malware etc (high risk) vs MITMA which is generally low risk based on the frequency of having a certificate compromised and then having to intercept their traffic etc?

 

 


965 posts

Ultimate Geek
+1 received by user: 146

UberGroup

  Reply # 1495414 19-Feb-2016 09:13
Send private message

Filtering is cat and mouse anyway, the latest malware isn't going to be 100% caught by this solution and what you do is create a massive new vector for different attacks. Security does not mean breaking security





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

20 posts

Geek
+1 received by user: 10

Linewize

  Reply # 1495419 19-Feb-2016 09:19
Send private message

I guess for me where the security argument falls apart is in regards to BYOD.

 

From what we see in schools, supporting BYOD is the only ways schools will meet the MOE 1:1 device:student ratio for year 4 and above by end of 2017 target.

 

 

 

We certainly don't see the MOE allocating any additional budget to make this target a reality, therefore us parents will have to meet that target by paying for these devices. 

 

Protecting a device from malware on a single network by using a MITHM attack is pointless when that device will come into contact with multiple networks on any given day.

 

Home WiFi, Cafe WiFi, Public Library WiFi, etc...

 

Strikes me it's like practicing safe sex with only half the people you sleep with, kind of pointless really.

 

The security of these mobile devices now rests with their operating systems, in a multiple network environment that is beyond our control.

 

Yes, we also need to protect school infrastructure but that's best done by proper access control measures and separating guest usage from internal infrastructure with proper VLAN configuration, something which sadly is sorely lacking in schools and something we at Linewize are focussed on making happen.


965 posts

Ultimate Geek
+1 received by user: 146

UberGroup

  Reply # 1495438 19-Feb-2016 09:40
One person supports this post
Send private message

100% with you on that. Protect what the school owns, quarantine that what it doesn't, Device control and protection for kid's devices should be with the parents





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

20 posts

Geek
+1 received by user: 10

Linewize

  Reply # 1495476 19-Feb-2016 10:33
Send private message

Beccara:

 

100% with you on that. Protect what the school owns, quarantine that what it doesn't, Device control and protection for kid's devices should be with the parents

 

 

Absolutely.

 

But I would add an addendum. Schools pursuing leased Chromebook programs are introducing a wireless device into a home environment where parents with strong internet safe concerns might not want their child to have wireless Internet access.

 

Linewize can assuage these concerns by VPNing traffic back through the school network and out to the Internet via their Linewize appliance and apply Internet safety filtering (such as 'No porn') regardless of the wireless network the device is connected to.

 

Later this year we're releasing our Homewize product and putting the visibility and control over these devices outside school hours into the hands of the parents:

 

- No Internet after bedtime.

 

- Only educational sites during homework time. 

 

- Visibility that enables conversations arpound cyber safety: "Jonny I see you're using YikYak, can you share with me how you're using it as Linewize tells me that it's a great platform for cyber-bullying." 

 

- When a child clicks an on ad an interim page is displayed outlining the reasons interacting with advertising can be a _bad_thing_.

 

- When a child clicks on an email phishing link an interim page is displayed saying "this is not the site you think it is, are you sure you want to go there?"

 

And hopefully we'll all get better at understanding which security concerns are real and which behaviours are dangerous.

 

 


2242 posts

Uber Geek
+1 received by user: 353

Trusted
Subscriber

  Reply # 1495530 19-Feb-2016 11:29
Send private message

UHD:

 

...N4L can't simply wash their hands of the whole issue by passing the buck back to schools...

 

 

Washing their hands would be not providing the option to the schools in the first place. Leaving the schools to defend against online threats with filtering configurations or solutions which don't actually cover the full spectrum of threats would be a total disservice and disingenuous really. 

 

Someone earlier referred to that as practicing safe sex but with only half of the people you sleep with.

 

ScottNoakes:

 

Beccara:

 

100% with you on that. Protect what the school owns, quarantine that what it doesn't, Device control and protection for kid's devices should be with the parents

 

 

Absolutely.

 

 

I think I'm with you on that too to a degree, and that's already the suggested best practice from the looks it it, their admin guide for setting this up shows examples with servers and guest wifi networks excluded already. 

- Feel sorry for anyone working in a school IT department, you do what's right and the parents are on you for privacy concerns, you do what is easy and you leave a big gaping security hole in the schools network. There's no winning, so much easier in corporate environments where you can mandate things without kids/parents being so precious. 


An aside, just watch the advertising, it's against the FUG, don't want you stood down in your second week back at school :)
 


696 posts

Ultimate Geek
+1 received by user: 103


  Reply # 1599191 26-Jul-2016 19:32
Send private message

Our school seems to be switching over to this same system. Their only explanation is that this new provider is going to make the internet fast and to be able to use the internet we need to click on this link for the certificate and if we don't we will have severely limited access to the internet.

Most of the students won't know what these certificates can grant access too and just click through the warnings in fear of losing their only connection to the internet that in this day and age is required in the classroom by a lot of classes.

I'm concerned about having this certificate installed on BYOD devices and what the school itself has access to when we're at not specifically connected to the school network.

2369 posts

Uber Geek
+1 received by user: 1029


  Reply # 1599900 27-Jul-2016 23:29
Send private message

Beccara:

 

Interesting events since i posted, Said child is now upset and unhappy as she's the only one in the glass without an ipad and the teacher is excluding her from things kids are doing because of it :/ Not a happy parent here as I'm now in effect forced to buy an ipad 4 or ipad air/2 as these are the devices the school allows (no android)

 

 

 

edit:// Teacher was getting kids to google things and type them down for her to see. Our child was given an dictionary and a list of words to look up and write down their meaning on. Not strictly within the scope of this topic but a fear of mine  before this was how the teacher would integrate tech into their teaching and the answer right now is badly

 

 

It's a heck of a way to create a divide between students - imagine being the lone kid sat in the corner with a dictionary if your parents can't/won't spring for an iPad, while the other kids can fully partake of the lesson.

 

I'm wondering whether anything that the school is asking the students to do actually specifically requires an iPad, or whether it's just the school being lazy as it's easier to teach/monitor if all the kids are on the same platform. If it's just google and websites etc then an android tablet with 3G/4G would probably fit the bill - and would eliminate concerns about the fake CA as, since the user wouldn't be on the schools network, they wouldn't need it for connectivity.

 

Actually, there might be an even bigger divide between the kids. Imagine being the kid on the filtered connection, with all the "interesting" sites blocked and knowing that everything you did could be monitored. Then you glance over and realise that Timmy can look at anything he wants, and can't be monitored when he doesn't want to be, because his dad got him the iPad model with a cellular plan as well.

 

(BTW, if I had a kid who was subject to this, I would seriously consider getting them a device with a cellular option for internet access rather than let the school install this on my hardware. Possibly with a VM set up on it with a browser and the fake certificate installed if possible on the device in question, for any occasions when they *had* to connect to the school network, or didn't want to drain their data plan on video. And I would almost certainly do this if that's what others in the class were getting as, from experience, being the excluded/bullied kid isn't a lot of fun).


965 posts

Ultimate Geek
+1 received by user: 146

UberGroup

  Reply # 1600000 28-Jul-2016 08:36
Send private message

School in question specifically banned mobile data devices. if kids wanted internet it had to be via their wireless and their ca cert





Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

2369 posts

Uber Geek
+1 received by user: 1029


  Reply # 1600363 28-Jul-2016 21:43
Send private message

Wow. So they have pretty much banned any kid having a modern cellphone then?

 

 

 

 


1033 posts

Uber Geek
+1 received by user: 217


  Reply # 1600390 28-Jul-2016 23:13
One person supports this post
Send private message

JimmyH:

Wow. So they have pretty much banned any kid having a modern cellphone then?

 

 

 

 

Don't most schools?

2345 posts

Uber Geek
+1 received by user: 624


  Reply # 1600402 28-Jul-2016 23:33
Send private message

Think you are going a little overboard here guys?

If the kid does nothing wrong, having their "fake" certificateonboard has no bearing on how well they use the device?

As they only allow iPads anyway, there's only so much they can do on Apples closed system, so just TELL them it's monitored and not for use for banking and let them get on with using it? When they are done using it at school, wipe it clean and use it as you will. This is effectively just like they would have at a school where the BYOD is mandated and the device is school 'managed' until the pupil leaves the program and its wiped for them...

1 | 2 | 3 | 4 | 5 | 6
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

CPTPP text and National Interest Analysis released for public scrutiny
Posted 21-Feb-2018 19:43


Foodstuffs to trial digitised shopping trolleys
Posted 21-Feb-2018 18:27


2018: The year of zero-login, smart cars & the biometrics of things
Posted 21-Feb-2018 18:25


Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.