Safe Internet in Schools

This post is the first of a series attempting to rise to the challenge of creating the environment that will allow the highest quality ICT work to happen in schools once again. The motivation is, as regular readers will know, a result of...


This post is the first of a series attempting to rise to the challenge of creating the environment that will allow the highest quality ICT work to happen in schools once again.

The motivation is, as regular readers will know, a result of widespread dissatisfaction with the uptake and quality of ICT within our schools. I for one am a trenchant critic of the current situation where students are confronted with restrictive hyper-controlled networked suites of computers where they pursue dull office-centric and trivial qualifications.

If one challenges the status quo, as I so often do, the response is inevitably lead by those who “understand-these-things-better-than-me” and can be described as a concatenation of reasons that tell you “why-things-have-to-be-the-way-they-are” while pointing piously at the “realities” I am so obviously ignoring.

Sometimes the reality really does define a situation and the processes that surround it. You have, for example, to fly an airliner a certain way or else bad things happen, but the provision of ICT resources to aid the learning of young people is not in the same mission-critical space... no matter how hard your sys-admin or senior management tries to convince you otherwise.

Firstly we need to create the right “space” in which the young can learn about computers. The premise for which will be on creating a safe but exciting environment.

Safety First

To explain what I mean by school-safe, by way of an analogy I would cite the chemistry laboratory. A well run school chemlab is at once an exciting place and a relatively safe one. It mimics a “grown up” lab in many ways not least in that it is a safe place only if treated with respect and expertise.

The level of expertise required however to make a laboratory which handled fluorine a safe place is above that of even a student at college let alone a child at school, so it’s no place for kids. Clearly the level of risk (to children and the institution) must be commensurate with what skills and behaviour can reasonably be expected of both.

Thus a web-enabled computer system or network which is designed for the adult world with its associated risks of infection, data-protection laws, personal security and risk of expensive damage is no place for the inquisitive child allowed freedom to explore even under supervision. So why then do we attempt to teach children about computers in the electronic equivalent of a fluorine lab where in order to be safe the best advice is to keep very still and touch nothing?...clearly this is a nonsense and we should not be in this place.

Let’s start to make life safer, less restrictive and more fun, starting with the Internet.

Internet and Schools

Access to the Internet is an issue in every school I have been in and can be summarised by debates over the desirable and undesirable.

The bad things:

Firstly, content provided by a school via the Internet must accord with the Law and the dispositions of the community that support the school.

Content brought in from outside the school (i.e. from home or a personal 3G link) is subject to the normal rules and sanctions of the school. It is as hard to stop little Johnny downloading porn on his 3G i-phone in the playground as it was to stop his granddad smuggling in smutty magazines in his satchel. The latter did not cause schools to ban either magazines or satchels.

Secondly, selfish behaviour, (inevitable in any large community) has to be limited. The kindest way of doing this is to limit opportunity for greed. Thus “hogging” of resources such as the whole school’s bandwidth would be an unsocial inevitability unless it was limited by user bandwidth quotas.

Thirdly net-abuse, which reflects badly on the school and community, has to be minimised by design especially if private computers are allowed to access school net resources. This is especially true with privacy issues and viral conditions such as spam relay by zombies.

The good things:

Content access needs to be as non-restrictive as is possible (for a given cohort) and facilities should include the ability to message, file share and download.

As wide as possible range of devices, personal and institutional, should be able to access the Internet.

The question is of course “how best to square the circle describing the limits to net-freedom?”

First a few basic “musts” for a school

  • Control of own Web-Filter, Proxy and Firewall.
  • Control of user bandwidth
  • The ability to detect and block infected devices connected to school Internet

Tools for the above can allow a school to create a safe-enough Internet space for children. Some schools have already done this for themselves; it is not expensive if it uses free software so below are some suggested HOW-TOS.


DIY: Buy a shiny new low energy server and call it a nice name like Herbert. Stick three instances of your preferred OS on it and virtualise the lot using your favourite virtualisation software. (Tip this can be done entirely with free software or you can buy a bespoke box where someone else has done it with free software). This computer will go between you and the big bad world.


May I suggest on one OS you install the free filter called DansGuardian? This is excellent and comes with auto-updating black, grey and white lists but allows you to fine grain config by user group and to locally block or unblock sites or phrases.

At the same time setup a joint parent-student body to discuss endlessly what should be allowed and what should not!


Lots of companies offer proxy bandwidth control (e.g. CC Proxy, Barracuda) to stop employees and students downloading endless movies and throttling the entire network. Many come in painted logo festooned boxes, most are coy about what software is in them. Dare I suggest they all use the free software known a Squid? Squid will let you control per user bandwidth for Internet access as well as squillion other things. I suggest Squid goes on one of your OS instances.

Alternatively you could make sure your router has QoS (quality of service features) which is fine for prioritising high bandwidth (such as media studies!) users and setting aside resources for say Video-VOIP. It can even be used for spam-zombies.


The idiot onsite that connects to your network (using that misguided open access policy) and starts on his or her zombified ways is a menace and it won’t be long before your ISP either complains or cuts you off.

Fortunately you have already throttled their bandwidth (above) but you have been on the firewall and blocked the IRC ports needed to “phone home” to their masters.

For extra comfort zone control you can install the excellent free products SNORT (to detect dodgy packets of data) and monitor your wireless access points using free nagios based Opsview Community edition.


It may sound complicated but it’s not really. To provide a safe inner-space for children using the Internet within your school you only really need one device with a few modern tools installed. And if you wish they can all be based on free open source software.

Setting up and supporting this device is technically demanding and I think this is the area where school support services and technicians will find their talents in demand in the Post PC era.

It’s not perfect but I think the above gives us a safe-enough Internet for schools. It allows diversity, tackles bad behaviour (intended or otherwise) and provides protection for the individual and the school.

Goodness knows what I have got wrong, hopefully someone will point it out.

The next post will consider further the topic of creating a safe space by concentrating on personal security and data-protection.

"Recommended For You"

The Future of ICT in Schools Can ICT earn its keep in schools... using Open Source?