CLEO | Remote Access Services – CLEO Remote Desktop - How to Set Up Home Compuers for SGD

CLEO Remote Access Services

CLEO Remote Desktop Access

How to Set Up Home Computers for SGD

1.Introduction

2.Important Settings for Remote Desktop

2.1.Introduction

2.2.Web Browser

2.3.Java runtime

2.4.Username and password for SGD

2.5.Username and password for SIMS

2.6.Deleting Expired Thawte Certificates

2.7.Optional Windows Update

3.General good Practise when using Home Computers for Remote Access

3.1.Introduction

3.2.Potential Security Issues of using the internet to Access Schools Systems

3.3.How to Reduce the Risks

3.4.Passwords

3.5.File Security

3.6.How Malware could present a risk to your computer

3.7.Social Engineering

4. Technical Support

  1. Introduction

CLEO now have a range of remote access solutions that are provided free of charge to schools who are connected to the CLEO broadband service;

CLEO Webgateway

School needs to access VLE hosted on web server in school or other web enabled application

CLEO Remote Desktop

Uses SUN’s Secure Global Desktop (SGD) application. School staff able to login to school network from home, and work exactly as if they were in school. Can access all files/software and printers as if in school. Requires PCs to be left switched on or terminal services running in school. Requires any internet enabled PC with an internet browser with java installed

CLEO Remote Folder Access

Uses WebDAV technology and allows staff and pupils access to central files servers. Your school files appear as a ‘network place’ on your desktop. It lets only one user modify a file at a time, while allowing multiple users to read it. This allows files to be locked while they are being edited, preventing unexpected changes from occurring. It gives access to files only, applications must be run locally.

  1. Important Settings for Remote Desktop
  2. Introduction

This section details settings you must have in place to allow access to CLEO Remote Desktop services

2.2.Web Browser

Sun Secure Global Desktop will run on a wide variety of web browsers operating under Windows XP, Windows Vista, Red Hat Linux 3, 4, Fedora Linux 5, or Mac OSX 10.4 operating systems. The browser will need to have Javatm technology enabled. Browsers and Client devices should support HTTP, HTTPS and SSH version 2 or later

2.3.Java runtime

The browser will need to have Javatm technology enabled. To download the latest version of Java go to;

Click on the ‘Free Java Download’ icon. The website will verify your operating system and select the most appropriate version of Java for you to download. Click ‘verify installation’.

The appropriate version of Java will now be installed.

2.4.Username and password for SGD

These details will be sent to the school once the headteachers authorisation has been received by CLEO and the accounts have been set up.

These details should be kept private and not revealed to anyone. If you feel that your password has been compromised you should inform your Local Authority ICT Support immediately. They will be able to reset your password.

2.5.Username and password for MIS Systems

Usernames and passwords for SIMS/MIS access will remain the responsibility of the school and/or local authority.

2.6.Deleting Expired Thawte Certificates

When you try and log in to Cleo Remote Desktop you may receive the following error.“Cannot connect to server desktop:443. X509 version 3 certificate used for signing in their certificate chain does not contain a basic constraints extension and is not valid for signing.”

This issue is caused by a certificate that has expired on the home pc.

This issue can be addressed as follows:-

  1. Choose Menu option ‘tools’ in internet Explorer click on Internet Options.

  1. Click on the Content Tab and select the Certificates Button

  1. Click on the Intermediate Certification Authorities and have a look at the expiration date and remove any Thawte Certificates that may have expired.

2.7.Optional Windows Update

  1. The following update is unfortunately only released as an optional Windows Update but required when using CLEO Remote Desktop.
  2. Open Internet Explorer and click on Tools and then select Windows Updates. This will open the Microsoft Windows Update website. It may take sometime for the website to check your current updates.

2. When Microsoft Windows Update website has completed its check, select the custom option.

3. Under Select by type on the Left hand Column select Software, Optional and tick Microsoft Base Smartcard Cryptographic Service Provider Package. Then Click on Review and Install Updates and Install the updates

  1. General good Practise when using Home Computers for Remote Access

3.1.Introduction

The following guidance is designed to help users set up their home computers when using them forall CLEO Remote Access Services

3.2.Potential Security Issues of using the internet to Access Schools Systems

When a computer is directly connected to the internet it can be contacted by any other computer in the world that is also on the internet. This means that there is a considerable risk of exposure to unwanted third parties and malware that could connect to and potentially compromise that computer.

Whilst the CLEO network has many safeguards in place you MUST ensure that you have taken precautions to minimise any risk associated with your computer at home connecting to school computers.

If you are accessing school data from outside the school environment there is a much greater risk of confidential information being disclosed to unauthorised third parties. Any disclosure of information could put children at risk and would be a breach of The Data Protection Act that could lead to disciplinary action against the members of staff involved.

3.3.How to Reduce the Risks

  • Make sure that your computer has up to date Anti Virus Software. There are plenty of alternative anti virus software providers (some of them free) for those wishing to protect home PCs. When choosing an anti virus product for home use, make sure that you will be able to get regular updates – new viruses are being created all the time. If you suspect that your PC has become infected with a virus (or other malware) don’t use it to remotely access your school’s system until you are certain that the virus has been deleted. If you do not know how to remove the virus yourself, seek competent help.
  • Make sure that your computer has Windows Update turned on so that it has the latest operating system patches.
  • Use spam filtering services, most Internet Service Providers (ISP) offer the option of spam filtering, whilst this probably will not stop all the spam coming through it will greatly reduce it and lessen the risk of your pc being infected by a virus.
  • Wireless network connections must be encrypted and should be set to use WPA2 encryption rather than the older WEP standard. If you are unsure what level of encryption is being used please use a network cable to connect to the internet rather than wireless.
  • Turn on Phishing Filters on the Web browser to reduce the risk of phishing attacks.
  • Use an anti spyware program to detect spyware, Windows Defender from Microsoft is available as a free download and is built in Windows vista. Sophos will also detect spyware.
  • Run a full virus scan weekly on your computer.

3.4.Passwords

  • Use strong passwords. Passwords should be a minimum of 8 characters long and should contain a mix of letters, numbers and symbols. Try not to use words or phrases that could be easily guessed by somebody that knows you (e.g. names of family members or pets).
  • Passwords should be changed regularly, at least once a term, ideally more often. If you have reason to suspect that somebody has obtained your password, change it immediately.
  • Do not use password storing facilities found in some programs to automatically remember passwords.
  • You should not reveal your passwords to anyone. If you have for any reason revealed your password to anyone you should change your password immediately
  • File Security
  • Do not copy information from a school system onto a non school system. You may be in breach of the Data Protection Act if you do.
  • Your internet browser should have file caching turned off. Caching is a process where your computer stores a copy of files visited on the internet on your local computer. The technical checks document that accompanies this guidance explains how to turn off caching.
  • Regularly save your work on your school computer, you must not at any stage save work to your home computer.
  • Do not openly work with sensitive information in public places especially where there is an opportunity for eavesdropping.
  • Do not allow any unauthorised person, including family and friends, access to data held on your school’s system. You will be breaching the Data Protection Act if you do.

3.6.How Malware could present a risk to your computer

Malware is a general term for programs that can infect your computer in any number of ways. It can be downloaded onto your computer without you being aware, by visiting a website, through file sharing software or simply by clicking on an infected email attachment. Some malware can search the hard disks of a compromised pc and go through the email contacts and forward that information on to a third party. It could also search a system for keys or passwords.

In general malware takes one of the following forms:

Worms are a type of program that can infect a computer without any body doing anything. Computers that are on the internet without a firewall and up to date anti virus are particularly vulnerable to this form of attack. Once a worm has infected your computer it will try and infect others using your network connection, and it may also have other undesirable effects, such as destruction of data held on your PC.

Computer viruses are another form of malware that require the user to do something such as click on an email attachment before they infect a computer. If you do not recognise the sender on an email please be very wary of clicking on unknown attachments. If you have any doubts delete the email, if it is important the sender will try and get back in touch.

Key logging software logs any keystrokes that you make and records the information. If used by criminals, this software can give access to your user names and passwords, such as your school network log on information and the SIMS passwords. It may also include personal information such as online banking details if it is used on your home pc.

Once a computer is infected by a virus it may be used as part of a botnet, these are networks of computers that are essentially hijacked by a third party for their purposes. They may be used to unwittingly host unsuitable web sites or for other criminal purposes.

Spam is unsolicited email that often includes viruses or inappropriate content. In addition to carrying potential viruses, spam is time consuming

Phishing scams are criminal attempts to steal users’ personal information by masquerading as a trustworthy business, such as a bank or auction website. A user may receive a link to a bank website in an email which directs them to a bogus website in an attempt to get identity or bank details. This information is then used for criminal purposes.

3.7.Social Engineering

The reason why many viruses can infect a computer is because they use social engineering techniques to get people to click on an attachment or web site link. They may attempt to disguise the attachment as a funny photo or something that a user will be curious enough to open, such as an electronic greeting.

Other forms of social engineering include people pretending to be someone else and trying to get you to tell them your password. You may get someone pretending be technical support when you have never logged a call, trying to get you to reveal your password details to them.

For more information about how to protect yourselves online please refer to any of the following websites:-

Get Safe Online

-

Government backed website with expert advice

Think You Know?

Information from the Child Exploitation and Online Protection Centre (CEOP)

Childnet

Non-profit international organisation working to keep the internet safe for children.

4. Technical Support

Technical support for the CLEO remote access services is provided by each of the LocalAuthorityICTSchool Support Services. All requests for CLEO remote access services are coordinated through these services – if you have any queries during the setup process and preparation of your service they will be able to provide advice. Please note that, although the CLEO remote access services are free and the LA Schools ICT Support Services will advise you on the settings required they may charge for any additional work requested to assist you in preparing your network.

Cumbria Schools

Cumbria Schools Helpdesk

Tel: 01228 221225

Email:

Lancashire Schools

The Westfield Centre

Tel: 0845 053 0006

Email:

page 1 of 14

© CLEO 2008 CLEO Remote Access Services –How to Set Up Home Computers for SGD