Google Security Certificate
10th October 2013
I am writing to all schools with regard to a serious e-safety risk that has come to the attention of the Local Authority.
The risk involves the use of Google as a search engine and the potential to bring up inappropriate images. Recently Google made changes to their searching systems which involved moving all traffic to HTTPS circuits - these in effect can bypass filtering systems.
Because of risk to pupils and staff, NCC information Services have been working hard with Durham CC ( our internet provider) and Bloxx (our filtering provider) to find a solution to this vulnerability. Unfortunately neither agency has yet resolved the problem and it is for this reason the Local Authority is taking action itself.
The changes we intend to make, whilst protecting pupils and staff, MAY IMPACT ON YOUR INTERNET CONNECTION. Whilst this is regrettable , it is preferable to a major e-safety incident involving a network user.
What we intend to do:
From Monday at 7.30 a.m. at the latest, NCC will implement a system which generates a certificate and ensures Google Https sites are bypassed. The impact for the user is a screen will pop up when you attempt to visit HTTPS sites asking you to click proceed.
Schools should click proceed and the Google risk will be resolved (See screen grabs attached) Should you wish to avoid having to do this each time you visit an https site, there is information at the end of this email on a permanent solution.
Ideally we would wish to start implementing this from today, however, we are aware that some other school systems may be affected. We are particularly concerned about schools using cashless catering systems which need to connect through the Internet using HTTPS. If you think your school uses this type of system please contact Information Services helpdesk and ask them to notify Allan Smith that your school uses online catering.
If you have no such systems in place , then email the helpdesk a.s.a.p to request HTTPS blocking for your school.
We would wish to implement this for all schools as soon as possible.
What you need to do:
1. Check if you use cashless catering and inform Information Services a.s.a.p.
2. Contact Information Services and request HTTPS blocking a.s.a.p. and preferably before the Monday deadline.
3. Inform your staff that the security pop up will occur and it is o.k. to click proceed.
4. Once you are switched into the "safe searching" mode, inform Information Services immediately if you are having issues with online services such as catering (they can bypass your catering system if alerted).
5. If available, involve your technical support staff in implementing the certificate on devices. Go to ngfl.northumberland.gov.uk for information on installing the permanent solution. This can be found on the front page in the newsletter section.
I am fully aware of the likely disruption this may cause and can only request your support and understanding with this. The change has been implemented from outside the Local Authority and we can only respond in order to ensure pupil and staff safety. Clearly it will help if you inform your staff of the changes and how to proceed.
Lastly, we are aware of cashless catering using HTTPS, but schools may have other system they have instigated themselves - if this is the case and you find they are disrupted, contact the Helpdesk immediately.