Do you use firefox in your school? If so, what are your policies with regard to securing the browser, without having the ability to restrict the pupils access to options using GPOs?
Bookmark/Search this post with:
Do you use firefox in your school? If so, what are your policies with regard to securing the browser, without having the ability to restrict the pupils access to options using GPOs?
[quote=r-mo]
Do you use firefox in your school? If so, what are your policies with regard to securing the browser, without having the ability to restrict the pupils access to options using GPOs?
[/quote]
what is a GPO? I set up Firefox for a school with locked down proxy settings pointing at a Squid proxy server. You can secure the proxy settings and pretty much anything in Firefox by putting lockpref statements in
all.jsa file, perhaps called mozilla.cfg and make sure it is owned by root not the user and in all.js point at your new file with a line likepref("general.config.filename", "mozilla.cfg");
and also put this in all.js to avoid having to rot13 encode your config file.
pref("general.config.obscure_value", 0);I am presuming you are using Linux - it will be pretty much the same in terms of files and content in Windows, but setting the permissions on the file is different.
http://schools.phoenixfox.info/entry.php?id=4
We use Squid as a transparent (intercepting) proxy server, so all school Internet connections are filtered and logged, whether or not users set a proxy, which means we don't need to worry so much about locking down browsers.
Firefox's adblock, googlepedia and scrapbook extensions alone make it a far more appealing prospect for educational use than the leading proprietary alternative.
Although they relate to Firefox 2, there are some rather techie articles on Firefox enterprise deployment at http://www.mozillazine.org/talkback.html?article=21054 which may be of interest to some.
ah yes, one of the particular things about this project which ruled out the transparent proxy was that the proxy had to work when the students were outside the school. These were school owned small laptops (The Elonex £99 ONEt/websurfer things) and the policies needed to apply when connecting to home or public wireless networks. We set up the proxy settings to an address that resolves internally and externally to the internal and external IP address of the proxy. That means when outside the school all their internet traffic was bouncing off the server in the school but they had plentiful bandwidth so that wasn't a problem.
Hi Alan,
Thanks for that info, exactly what I needed. A GPO is a group policy object, a windows mechanism of distributing configuration settings across a group of computers.
Your proxy sounds very interesting indeed as all our clients are currently set to go through our filtered school service so at the moment they are using IE internally and Firefox externally, or 2 separate firefox profiles with the different proxy settings, or manually changing the settings.
Thanks
Stephen.
My Director of ICT in school is keen on using Open Source, we are, in fact, installing Open Office and Audaciy in our new digital language lab in May.
He is, however, very reticent to roll out Firefox to the wider school (including staff) due to security concerns. This thread is going to be really useful to help me build a case to put to him.
What would you say to him to quell his security concerns?
IE on Windows is notoriously vulnerable. Do a test. Use the latest IE on Windows to access the internet without any anti-virus software and see how long it takes to get infected with malware. Use the latest FIrefox on Linux with no anti-virus software and see how long that takes to get infected. Anyone that is really concerned about security above all else would switch immediately off Windows even if that resulted in some additional short term cost.
@jpicardo.
"Security concerns" might cover a whole raft of areas; proxy and access already discussed earlier. I would like to highlight another part of the subject.
IE (Internet Explorer) does not exactly have an unblemished record when it comes to its protection against malicious code.
Even in the recent past there have been several high profile issues identifying more holes which allow malicious code to be executed on the Windows platform. The most recent resulted in "experts" recommending all users switch to a different browser until the patch was issued and installed http://news.bbc.co.uk/1/hi/technology/7784908.stm.
And when MS finally patched the flaw, it was quickly worked around by using their cash-cow MS Office: http://www.techworld.com/news/index.cfm?RSS&NewsID=108625 "... be cautious about opening Word documents".
I consider IE to be the least secure of the main browsers available. The fact it only runs on a pretty insecure operating system too, only compounds the problem.
Perhaps a very good example of one of the benefits of FOSS is in this even more recent security flaw in MS Software: http://www.techworld.com/news/index.cfm?RSS&NewsID=108762. They had been informed of the problem some 8 months earlier and yet had failed to rectify it. With proprietary closed-source software, you - the user - has little or no way of knowing what holes are there, and when or if they will be fixed. There are almost certainly further exploits that MS know about but have not made public and perhaps never will...
Until the hackers find them that is.
My apologies. I should have made myself clear. By security concerns I meant access to unsuitable material by pupils (and, of course, by staff). His argument is that you can tinker with Firefox's proxy setting more easily if you were so minded.
More apologies if this sounds daft, but I am a languages teacher, not a tech, coming to this forum for some advice as to what to tell my ICT Director when we are next having a coffee in the staff room
Hi José
It's possible to lock down the proxy server used by Firefox, see http://kb.mozillazine.org/Locking_preferences and https://developer.mozilla.org/En/Automatic_Mozilla_Configurator
A better approach is to do all the proxy control at the gateway, using Squid as a transparent proxy, as we do at my school, thus automatically filtering any wifi access on site too. How to do this is the other side of my own abstraction boundary, but your network manager should get some way by googling the italicised terms above or asking on the excellent edugeek.net site. If these approaches fail, I'll see if my NM can speak to your NM, techie-to-techie.
Miles.