This page outlines what needs to be considered when thinking about the firewalling and internet filtering needs of New Zealand schools. Firewalling and internet filtering, along with an effective digital citizenship strategy, are the primary means by which schools ensure the digital safety of learners. The rapidly evolving nature of technology means that schools should consider how firewalling and internet filtering can promote ethical and responsible digital citizenship of students and staff both in and out of school.
Firewalls are specialised computers, placed at the edge of a computer network, that control and monitor the internet traffic that enters and leaves the network. They often have additional functions to allow remote access to the network (for example, a Virtual Private Network (VPN)) or provide IP addressing functions (for example, DHCP and DNS ). Firewall functions are usually combined with routing functions and the terms "Router" and "Firewall" are used interchangeably. In simple terms, firewalls prevent unwanted internet traffic from entering a computer network while simultaneously allowing permitted traffic to leave. Firewalls should be configured so that the allowed/not allowed internet traffic meets the needs of users.
Web filters work by routing internet traffic through a specialised device that inspects what internet sites are being requested by the user. The filter checks each request against a set of policies that have been defined for each school (or group or user if group/user filtering is in place) and accordingly allows or rejects the request. This process is usually invisible to the end-user. Web filtering allows schools to monitor, and accordingly restrict or allow, what users can access when browsing the internet. Web filters typically have the ability to filter sites based on:
Schools implement internet filtering for two main reasons:
Schools have a duty of care toward students. Internet safety could be seen to be an area of school activity covered by National Administration Guideline 5 – “provide a safe physical and emotional environment for students.”
The New Zealand Curriculum’s Key Competencies are also relevant to how schools approach this topic. Additionally, the Code of Professional Responsibility and Standards for the Teaching Profession requires teachers to “Manage the learning setting to … maximise learners’ physical, social, cultural, and emotional safety”.
Schools have a responsibility to ensure that students are safe when using the internet. How individual schools do this will vary but requires a combination of two complementary approaches:
Web filtering must be balanced with strategies that promote:
In the past, schools were confident that once at school, students’ access to the Internet was always through the school’s connection. This connection was often faster than the connection that students had at home. Typically the school firewalled and filtered the connection. This ensured the students were protected while at school. It also gave the school a degree of protection: it was clearly seen to be proactive and acting responsibly.
Recent advances and availability of mobile data connectivity mean that this approach is no longer effective, particularly in secondary schools. A smartphone can access the Internet at speeds similar to or faster than the speed offered by the school’s network and the connection may be shared with others by creating a wireless hotspot. In almost all cases, the mobile data connection will be unfiltered.
Schools have a responsibility to ensure students are safe while at school and this responsibility extends to student use of mobile Internet connections. Additionally, unless it is clearly endangering the emotional or physical safety of other students or detrimentally affecting the learning environment, school staff cannot ask to search a student-owned device, nor ask for the password to any device to access the content (for more information, see the Ministry’s guidelines about the Safe and Responsible use of Digital Technologies in schools ).
This means that the school cannot easily monitor the use of cell phone Internet access so the only way to ensure the school meets its digital safety obligations is to implement a comprehensive digital citizenship strategy. This is because effective digital citizenship:
An appropriate level of internet filtering can help students develop Key Competencies and be a useful part of a digital citizenship strategy by:
In the context of digital technologies, a student who is able to manage themselves will be able to:
Older learners should be able to manage themselves more effectively than younger learners, and be more discerning about what self-management means for themselves in different contexts. Using your filtering reporting tools to inform conversations with learners about how they manage themselves can be a useful technique to allow students to increase their ability to be discerning digital citizens.
Since 2004 the Ministry has given schools the option of a funded firewalling and web filtering solution. In 2013 the Network For Learning (N4L) started to roll out Ultra Fast Fibre (UFB) connectivity including a hardware firewall/router. The N4L solution includes a web filter that can be customised to fit the needs of schools. It has the ability to filter based on individual sites, categories of sites (for example, gambling) and IP addresses. These filters can be applied to individual or groups of devices and individual or groups of people.
The N4L firewall is fully managed at no cost to schools. This support includes configuration changes and software and hardware upgrades. N4L has expertise and experience in working with schools to ensure their internet and firewalling needs are met and that they support teaching and learning. The N4L service, because it is a managed service, has some unique advantages that a custom firewall does not have:
Schools may make requests of N4L to change firewall rules. For example, a school may require an on-site server to be capable of being accessed from the internet. N4L actions these change requests quickly, but also audits them to ensure they achieve their intended purpose securely. N4L is keen to work with schools that may require custom or specialised firewalling and will work to ensure the N4L service meets their needs.
Alternatively schools are able to procure their own firewalling and web filtering solutions.
Schools are able to use the N4L connection, but to substitute N4L’s firewall and filter with their own firewalling and filtering solutions. If a school is considering whether or not to provide their own firewall and filtering solution, the key question to consider is: “given it is provided at no cost, will the provided N4L solution meet our needs?”. To help to answer this, the N4L firewall should be evaluated against any alternative firewall using criteria such as:
It has been increasingly common for websites and internet-based services to use encryption to ensure that communication between the user and the website or service is secure. This is commonly called HTTPS (the "S" stands for secure) or SSL (Secure Sockets Layer). A detailed explanation of how SSL works is available for those who are interested. The impact of HTTPS/SSL on school internet filtering is significant. This is because of how the encryption prevents web filters from inspecting the contents of web communication. In practice, encryption prevents filtering systems from reading any part of a URL (internet web address) beyond (to the right of) the initial site address.
For example, a Google search for “cars” sends the following URL to Google:
Ordinary internet filters cannot read any part of the URL to the right of https://www.google.co.nz/
This means that the filter cannot know if the user is searching for “cars” or for anything else. So, students could search for, and access, inappropriate content without detection or being blocked by the filter.
Search engines like Google and Bing provide "safe search" options. These are enforced by the N4L filter by default. They provide an additional level of filtering of the results that a particular search will produce. However, they are by no means completely safe: search results can still include images or links that are inappropriate.
Filtering HTTPS sites is possible if you wish to block the whole of a domain. For example, it is very easy to block the whole of facebook . Unfortunately this is not very useful as most students need to use HTTPS sites for learning.
An alternative approach that allows both inspection and filtering of HTTPS sites is by deploying certificates. Certificates are digital fingerprints that identify a computer and are used to decrypt and encrypt communications. Adopting a certificate based inspection and filtering system allows the filter to work with HTTPS sites. Using the example above, the filter would be able to see that “cars” were being searched for, and apply (probably allow) filtering policies to the request. N4L is able to support such Secure Website Inspection . Contact N4L if you wish to enable this for your school.
Subscribe to the newsletter.
Note: You can manage your email subscriptions using the links provided in the email footer.
Quickly access ideas and resources to teach with, through, and about digital technologies.
Join these groups to participate in topical discussions with other teachers/educators.