Hertfordshire Internet Connectivity Service (HICS)
Improvements for e-Safety
**URGENT ACTION REQUIRED**
Protecting staff and students from inappropriate or illegal material is a priority of HICS and the service is continually evolving, ensuring it meets the ever-changing needs of schools. To maintain our high standard of filtering to safe guard your pupils and students a significant change is going to be made, in the next few weeks, to the way data is retrieved across the HICS network.
This will require action by your network support staff or third party support organisation.
Background
Over recent months, changes have been made by Yahoo in the way it retrieves search results. It now diverts users to their HTTPS site, rather than the HTTP site that it previously used. The effect of this change compromised eSafety as this disabled some of the safety features available on HICS. With this in mind, the decision was made by ICT in Schools Partnership Working Group (head teacher and governor representatives) to restrict access to this website and it was subsequently put on our WF1 filtering level.
We believe on June 24th, Google will also be diverting internet sessions through HICS to their HTTPS site. Rather than restrict access to Google, and to combat this growing trend, the decision has been made by ICT in Schools Partnership Working Group to deploy Man in the Middle technology. This technology has already been successfully adopted by a number of other LAs.
What is Man in the Middle?
It has the capability to decrypt the HTTPS session to apply the necessary HICS safety features. Man in the Middle technology can decrypt all HTTPS traffic. With this in mind, HICS will have a ‘white list’ detailing which websites to decrypt so as data is only decrypted where necessary. For example, even though this technology has the capabilities to decrypt online banking websites, we will leave banking websites from the list of websites that we will decrypt.
Why do we need Man in the Middle?
HTTPS adds additional security for individuals by encrypting transmitted data making it more difficult for snoopers to see personal confidential information. However this means the existing HICS filtering cannot check for inappropriate material which raises the risk that students and pupils could access inappropriate materials. Man in the Middle technology will decrypt traffic from sites on the white list (see above) enabling the usual HICS e-Safety checks to continue safe guarding your pupils and students.
Actions required by you and your school
Your technical support will need to download and deploy an SSL certificate toall end user devices. For “managed devices”, this should be possible from a central management point (such as a server),
Important Note for your technical support provider:
- If you have computers, tablets, iPADs, etc that are not managed centrally they will take longer as the SSL certificate will need to be installed manually to each device.
Generally staff laptops are managed by the school’s file server but updates, such as the SSL certificate, AV, etc, can only happen when the laptop is brought into school and logged into the network. Please ensure all staff do this as soon as possible after the certificate has been downloaded to the file server.
To facilitate the change, instructions have been uploaded here: .
- contact the SITSS Connectivity Service Desk, via email, once the certificate has been correctly installed
The SITSS Connectivity Service Desk will arrange for the installation to be completed and will inform you and your IT support team when this happened.
As head teacher you may wish to inform your staff that if they choose to use the school network for personal activities HICS will have a security feature in place that could decrypt their personal information. HICS assures everyone that search and retrieved data is only checked for inappropriate material. See Appendix 1 below.
Without this action, schools will no longer be able to benefit from the filtering and protection that the HICS network delivers.
If you have further questions on the changes please contact the SITSS Connectivity Service Desk on
Appendix 1
Draft notification for school staff regarding Man in the Middle
The following information sheet has been prepared as a draft template (for modification) should head teachers wish to inform their staff about the change to the web filtering within HICS
Hertfordshire Internet Connectivity Service (HICS) and eSafety
Due to changes in the way search engines such as Google & Yahoo monitor and filter inappropriate materials, using HTTPS, HICS is deploying additional safety features to improve upon their safe searching functionality.
Whilst the safe search engines filter out most inappropriate material they are not 100% secure and they hide web search traffic from our, HICS, filtering equipment. This has led the head teacher and governors ICT strategic group (ICT Partnership Working Group, ICT PWG) to ask HICS to deploy Man in the Middle technology to minimise the eSafety risk.
The Man in the Middle solution decrypts searches and returned web pages, which then allows HICS to filter out inappropriate search summaries and images.
What is Man in the Middle?
It has the capability to decrypt the HTTPS session to apply the necessary enhanced HICS safety features. Man in the Middle technology can decrypt all HTTPS traffic. With this in mind, HICS will have a ‘white list’ detailing which websites to decrypt so as data is only decrypted where necessary. For example, even though this technology has the capabilities to decrypt online banking websites, we will leave banking websites from the list of websites that we will decrypt.
eSafety is paramount and despite our collective efforts it is still possible to beat the system - vigilance by school staff will always be required.
Schools may wish to refer to their school’s Staff, Governor and Visitor - Acceptable Use Agreement / Code of Conductor add their own comment to the above about staff not using school equipment for personal activities.
The following is taken from the Model Policies for Schools, eSafety and Data Security, Guidance Policies for ICT Acceptable Use, page 10, published on TheGrid
I understand that all my use of the Internet and other related technologies can be monitored and logged and can be made available, on request, to my Line Manager or Headteacher