Comment I am a school district. This is my input. (Score 1) 480
Hello.
When I was younger and more naive, I used to hold the same beliefs that yamamushi does. Now, however, I a) work in the IT department for a school district, and b) know a bit more about formal security policies, and as such my perspective has shifted a bit.
Our district has 10,000 (unique) users and about 4000 computers. We have a staff of five people. We have hundreds of kids every day actively looking for holes in the system. Legally, we have to prevent students from accessing proxies, but you and I both know that proxies pop up all the time... and there's a lot of kids looking for open proxies. No automatic blacklist filter can stay ahead of that, and we're not going to have the staffing resources to go through all the logs and trace where people went.
So we have policies. Any security person will tell you that written Acceptable Use Policies are an integral part of an organization's plan for dealing with insider threat (read: you). I see your district has its AUP posted on the website, so presumably you read and signed the AUP. I see no room for whining after getting suspended. Granted, our district would suspend you for three days rather than three months, but I can't fault the idea of district suspending you after you signed a contract saying "if I circumvent the logon system, I will be suspended."
Kudos to you for telling the tech people how to disable devices, and shame on them for not fixing it. But at the same time, I've known about security holes for years that still havn't been fixed -- because they're not big gaping holes, and I haven't had time to fix them. So they go to the bottom of the list, and we trust you, the user, to use the system responsibly and play by the rules.
Hardened systems are good, but they're no replacement for responsible student behavior. Let's switch the analogy. We don't have a technological mechanism in place to prevent a DoS of the grading system if you're in a specific spot. Nor do we have a technological mechanism in place to keep the wrestling team from kicking the shit out you in the bathroom. But we shouldn't need to, because we expect students to behave. Granted, they don't always... which is why people get suspended.
When I was younger and more naive, I used to hold the same beliefs that yamamushi does. Now, however, I a) work in the IT department for a school district, and b) know a bit more about formal security policies, and as such my perspective has shifted a bit.
Our district has 10,000 (unique) users and about 4000 computers. We have a staff of five people. We have hundreds of kids every day actively looking for holes in the system. Legally, we have to prevent students from accessing proxies, but you and I both know that proxies pop up all the time... and there's a lot of kids looking for open proxies. No automatic blacklist filter can stay ahead of that, and we're not going to have the staffing resources to go through all the logs and trace where people went.
So we have policies. Any security person will tell you that written Acceptable Use Policies are an integral part of an organization's plan for dealing with insider threat (read: you). I see your district has its AUP posted on the website, so presumably you read and signed the AUP. I see no room for whining after getting suspended. Granted, our district would suspend you for three days rather than three months, but I can't fault the idea of district suspending you after you signed a contract saying "if I circumvent the logon system, I will be suspended."
Kudos to you for telling the tech people how to disable devices, and shame on them for not fixing it. But at the same time, I've known about security holes for years that still havn't been fixed -- because they're not big gaping holes, and I haven't had time to fix them. So they go to the bottom of the list, and we trust you, the user, to use the system responsibly and play by the rules.
Hardened systems are good, but they're no replacement for responsible student behavior. Let's switch the analogy. We don't have a technological mechanism in place to prevent a DoS of the grading system if you're in a specific spot. Nor do we have a technological mechanism in place to keep the wrestling team from kicking the shit out you in the bathroom. But we shouldn't need to, because we expect students to behave. Granted, they don't always... which is why people get suspended.
