13 Steps to Shape & Secure Your 1:1 Chromebook Program

chromebooks, web filtering chromebooks, 1:1 chromebook, filter chromebooks at home, chromebook filter

The following tips will help maximize the online safety and productivity of your students.  We will demystify the Google Apps for Education Admin Console, providing you with the tools to successfully optimize your school’s 1:1 program and edtech experience.  Taken from Best Practices to Shape & Secure Your 1:1 Program for Chromebooks.

The Google Apps cloud-based policy, simplified:

  1. Device Settings (Steps 1-3)
  2. User Settings (Steps 4-13)

>Chrome Device Settings

1. Enroll Your Device

To enroll a Chromebook into the school policy, make sure the device is first enrolled into the enterprise policy by keeping the “Allow devices to enroll automatically” setting turned ON for organizational units requiring admin management.  Students can then login without admins needing to individually login to each of these devices.  

chromebooks

 

2. Deactivate Guest Mode

Restrict Guest Mode to better audit student activity.  Otherwise, through a guest account, students can use the Chromebook without the district user policy in place.

chromebooks, 1:1 chromebook

 

3. Limit Sign-in Access

This allows students to use only their given school account for browsing the web, ensuring thorough auditing.

chromebooks

 

>Chrome User Settings

4. Display Acceptable Use Policy (AUP) Upon Startup

Via “Pages to Load on Startup” in settings, schools can set their Acceptable Use Policy  as the first thing students see upon opening a browser.  This serves to remind students of proper online conduct, digital citizenship best practices, and any other school policies they are bound by.

acceptable use policy, chromebooks, digital citizenship

 

5. Set Policy Refresh Rate to 30 Minutes

Select the minimum 30 minutes for time between policy refreshes to guarantee your students’ Chromebooks are updating with each new admin console change.
1:1 chromebook web filter

 

6. Enable Safe Browsing & Malicious Sites Protection

Choose “Always enable Safe Browsing” and “Prevent user from proceeding anyway to malicious sites” to protect your students from phishing and sites that involve platform independent vulnerabilities (identity theft, financial theft, password theft, etc).

chromebooks, online safety

 

Take Home Policy –  If the Chromebooks leave school with the students, there are two ways to secure the devices: a web filter proxy or a Chromebook extension.  Both solutions intercept and police network traffic to and from the devices.

 

7a. Change Proxy Settings for Take Home Policies

Arrange settings to point to your filter’s Proxy Autoconfiguration (PAC) file.  The PAC files allow you to control what traffic should be proxied.

home web filter, chromebook filtering at home

 

7b. Deploy Pre-installed Apps and Extensions

Using the “Manage pre-installed apps” wizard, search for the filtering extension of your choice on the Chrome Web Store, and deploy it to the organizational units that will take the devices home.

chromebooks, filter chromebooks

 

8. Block Apps and Extensions

Blocking all apps and extensions will prevent students from later installing games and other time-sinks.

chromebooks

 

9. Auto-authorize Plugins

Certain plugins require authorization from the students before they install or initialize.  However, in accordance with the whitelisting approach of only letting admin-installed plugins run, admins can auto-authorize requests so they are never presented to students.

chromebooks

 

10. Save Browser History and Disable Incognito Mode

Keep browser history turned ON for a complete report of online student activity.  Disallow incognito mode – it bypasses pre-installed security apps and can be used to evade the district filtering policy.

chromebooks, safe search

 

11. Turn Google Safe Search ON

If your district’s web filter does not support Safe Search for Google, apply this setting to enforce safe search directly via the Chrome policy.  Note: this safe search setting only applies to Google.  However, a variety of safe search websites are available for student use and some web filters are capable of enforcing safe search on multiple platforms.

chromebooks, google safe search, safe search, google image search

 

12. Disable Developer Tools

Developer tools can be used to circumvent district policy or gain unfair advantage over other students by reverse engineering of edtech applications that transmit insecure data or have confidential information hidden away in the code.chromebooks

 

13. Restrict Chrome:// URLs

Disable chrome://extensions and chrome://settings.  Chrome://extensions allow students to start/stop extensions.  Chrome://settings and other chrome://addresses provide settings or information unnecessary to students.

chromebooks

For more security tips and best practices, sign up below:

"Subscribe

Emerging Trends in EdTech

The rise of ‘1:1’

In recent years, schools around the globe have been increasingly adopting 1:1 initiatives, programs in which each student is issued a personal device to facilitate learning.

While there are a number of different devices being used in the classroom, all with their own merits, the clear leaders up until now have been Google’s Chromebook and Apple’s iPad. Each of these devices consists of its own avid supporters, which has led to countless ‘iPad vs Chromebook‘ debates over the last few years.

Although iPads were initially the popular choice for many schools, Chromebooks surpassed iPads as the market leader in late 2014.

A recent Gartner study projects that worldwide Chromebook sales are expected to reach 7.3 million units by the end of 2015, with the education sector accounting for 72 percent, 69 percent, and 60 percent of sales in EMEA, Asia/Pacific, and the U.S., respectively. Regardless of the school’s device of choice, it seems almost a given now that it will in some capacity use Google Apps for Education, a cloud-based suite of Google tools such as GMail, Calendar, Drive, and Classroom that are available for free to schools.

Common Core State Standards Initiative

A big catalyst for the rapid growth of 1:1 programs has been the Common Core State Standards, an initiative adopted by 48 US states that provides over $10B of funding to help schools teach students important 21st century skills.

As described in the ‘Recommended Digital Literacy & Technology Skills‘ handbook for the state of California, students must be able to ‘Use online tools (e.g., e-mail, online discussion forums, blogs, and wikis) to gather and share information collaboratively with other students, if the district allows it.’ The initiative has given rise to the number of student-produced blogs, YouTube videos, Wikipedia articles, and numerous other mediums by which students use online content to enhance their learning experience.

It is through this focus on technological innovation that the concepts of blended learning and the flipped classroom have been able to flourish. Blended learning provides a balance between traditional classroom instruction and online learning. Often considered a type of blended learning, the flipped classroom challenges the traditional pedagogical model by encouraging students to learn new content at home and use classroom time for collaborative, hands-on activities. Perhaps one of the best known examples of this practice is witnessed in schools that have adopted Khan Academy’s math curriculum.

Increased device use in homes

The proliferation of devices is not unique to schools. Whereas most American families owned just a single computer throughout the 1990s and early 2000s, most US households now contain 5 or more mobile devices. Moreover, it is increasingly common for students in 1:1 programs to take their school devices home with them throughout the school year or even during the summer break, further contributing to abundance of technology within the walls of their home.

Challenges

There’s a significant shift in the challenges that educators and parents face with kids using the Internet. The risk of exposure to adult websites is now not the main worry. Instead, the focus is now on the 21st century threats of social media and social networking’ specifically, schools are perplexed by cyber-bullying and parents are concerned by lost productivity and unsafe user-generated content on otherwise safe sites.

Sitting behind a computer screen, adolescents often have no filter on what they say to and about their peers. This has led to increased prevalence of depression, self-harm, or even suicide due to posts made on Ask.fm or Facebook like social networking sites. Parents find their kids from a very early age spending hours of time watching related videos on YouTube wasting time and potentially watching unsafe content along the way.

Student Data and Privacy

With the abundance of data being generated by the scores of K-12 service providers, these types of questions are becoming easier to answer. EdTech companies like Bright Bytes have been successfully using school data to measure the impact on student outcomes and are helping schools make better choices about where to invest their technology dollars. Understanding that students consume more data on mobile than any other medium, Remind 101 has been able to take school data and deliver it an easy way (e.g., text messages, SMS alerts, and others.) to help parents, students, and teachers to stay connected.

Because student data is being produced at a faster rate than ever before, it becomes imperative to have safeguards in place which protect students and families from identify theft and other online security risks. The first step in realizing this goal is to hold the EdTech companies themselves accountable for using their data in a safe and responsible manner. To that end, The Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) formed the Student Privacy Pledge, an initiative to ‘safeguard student privacy regarding the collection, maintenance, and use of student personal information.’ As of this article, 157 K-12 service providers have signed the official pledge, which was given recognition by President Obama and the White House in late 2014.

This article was published in Silicon India Magazine. To read the original article, please click here.


For more posts like this one, sign up for our newsletter below:

"Subscribe

5 Reasons Why K-12 Schools Are Abandoning Web Filtering Appliances

K-12 K12 schools choosing cloud-based web filtering solutions over hardware appliance web filtering, best appliance web filter, best web filter for schools

Until recently, K-12 web filtering has been dominated by hardware solutions.

Prior to the enactment of the Children’s Internet Protection Act (CIPA) nearly 15 years ago, schools had little need or opportunity to change a system that was considered to be acceptable and the norm.

However, given the shift towards cloud computing in the last few years, schools are finding more reason to abandon traditional web filtering options in favor of other, hardware-free solutions.

Here are the five reasons why appliance-based web filtering is dying in K-12:

1) They don’t have school-focused features

Yes, general enterprise solutions are built with plenty of add-ons that are intended to increase security – yet these services don’t address school-specific issues like classroom management, safe social media, and cyberbullying.

Some filtering solutions cast a blanket ban over video streaming sites like YouTube, which can be a very helpful educational resource. In an effort to protect students from the unsavory side of the site, they block all content instead of building upon features like YouTube Safety Mode or YouTube for Schools in order to create a safe YouTube.

2) They’re too expensive

These add-ons add up. Even though schools don’t need the extra features that enterprise solutions provide, they are required to pay the price.

A 2014 article by KQED showed that school web filters can cost as much as $40 per student. Large corporations are able to pay these fees, but schools often cannot.

Moreover, with hardware solutions, schools must pay for the web filtering box in addition to annual per user license costs. As their 1:1 take home programs scale, schools may need to purchase additional boxes to support their program’s expansion, as one appliance often can only support a few hundred devices at a time.

3) They’re not designed to filter students at home

One big distinction between businesses and schools is that the former has no interest or requirement to enforce off-site web filtering.

On the other hand, schools are increasingly adopting 1:1 take-home programs, an arrangement in which each student takes a school-provisioned device home to use for school assignments. Naturally, a big concern for schools is being able to manage what students are doing on the device when they are away from school.

This is an area in which appliance web filters once again come up short. When the 1:1 device is at home with the student, all traffic needs to be routed from the student’s home to the the appliance on school grounds and then back out to the Internet. This imposes limits on at-home browsing speeds, as the device is often limited by the school’s bandwidth uplink.

4) They require nontrivial setup and maintenance

So a school has decided to buy the service. Then what? With an appliance-centered web filtering approach, IT admins have to wait for the box to be shipped (days later) and then start the set-up process (days later).

These admins are also responsible for network uptime even outside of school hours. For instance, if the web filtering appliance is impacted by a storm, the admin needs to make an on-site visit to get everything back up and running, if they even can.

5) There are alternative solutions!

With the advent of solutions like safe web browsers, Chrome extensions (for devices running Chrome OS and/or the Chrome browser), and cloud-based web filtering, schools now have the freedom to depart from traditional appliance-based solutions.

Typically used for iPads, schools can enforce the use of safe web browsers so that students can only access a subset of pre-approved content on the Internet.

For schools using Google Apps for Education (GAfE), IT Admins have the ability to manage devices and push out Chrome extensions from a central console.

Cloud-based web filtering allows schools to enjoy the granularity of an appliance while getting set up in minutes and managing all students’ devices and reporting in the cloud.

To learn more about cloud-based web filtering for schools, you can subscribe to our blog (above) or to our newsletter (below).


Securing GMail for Google Apps for Education

Monitor the safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications.”
– Excerpt from the Children’s Internet Protection Act, or CIPA (Source: fcc.gov)

The CIPA law is clear in its intent. E-mail sent by students needs to be policed. Since most web-filters lack the ability to do this, schools normally end up blocking e-mail and chat. However, this is no longer an option with many schools turning to the free Google Apps for Education (GAfE) suite as the foundation on which they base their 1:1 initiatives. Part of GAfE is of course GMail, which students will need to use for a truly collaborative experience. The challenge here is that permitting students to use GMail allows them to log in with their consumer, or personal (as opposed to Google Apps) account. Consumer accounts cannot be policed and this opens the school up to liability. The problem is complicated by the fact that all GMail traffic is over SSL. Very few web-filters support the ability to decrypt SSL traffic. Securly recommends the following steps to secure GMail:

  • Intercept and decrypt GMail related SSL traffic. Achieving this normally involves pushing out root certificates provided by your filter vendor out to your end hosts.
  • Add the HTTP header X-GoogApps-Allowed-Domains, whose value is a comma-separated list with allowed domain name(s). Include the domain you registered with Google Apps and any secondary domains you might have added.
  • Archive GMail using an application like Vault (now free for schools). This makes all of the mail sent over your network searchable and keeps your school compliant.

To learn more about blocking consumer/personal GMail, check out our other post here.