FAQ for Teachers
Home > 
FAQ for Teachers
< back

FAQ for Teachers

1. How do I know if my students are using their computers / Internet properly?

Listed below are some guidelines on proper use of computer / Internet that your students should follow:

1.
Update the latest patch / version for web browser.
2.
Don't save password into PC. Else, anyone that has access to their PCs can logon their account!!
3.
Scan all downloaded files before opening. And, don't download file from doubtful sources.
4.
Don't disclose / submit personal information unnecessarily, such as credit card no., personal identity no., personal and family details etc.
5.
Don't disclose / share Internet account and password to others.
6.
Don't believe everything they find on the Internet. Many sites are personal websites with the author's personal opinions.
7.
Disable active content options (e.g. Active X, Java, JavaScript) in the browser to prevent malicious code attack, except from a trusted source.
8.
Encourage them to let you or their parents know if they find something online that seems strange to them, or makes them feel angry or uncomfortable. Remember: it's not their fault!
9.
Be wary of people that they meet online. Don't meet their online pal in person unless a parent or guardian is with them, at least for the first time. Remember: a person can pretend to be anyone or anything and perhaps they are being nice because they want something.
10.
Don't order anything online without first getting permission from their parent or guardian. Order only at reliable websites and with security protection (e.g. SSL)
11.
Disconnect from Internet when not in use.
12.
Don't visit pornographic, violence and online gambling sites.
2. Can you tell me some of the ethics of using computer and accessing the Internet?

Here are some ethics that students should follow for your reference:

Should not use a computer to attack other machines / networks.
Should not download unauthorised copyrighted material e.g. MP3 music, video and software.
Should not copy materials found from the Internet directly to their assignment or treat them as their own research.
Should not create or propagate untrue message through the Internet.
Should not use a computer to steal.
Should not use a computer to harm other people.
Should not use other people's computer resources without authorisation.
Should not use or copy software that they have not paid for e.g. pirated software.
Be respectful to others.
3. I have heard that some students could steal information from the PC of teachers. How could I prevent this from happening to me?

You should first strengthen the security protection of your PC to keep the information inside safe. Here are some hints :

1.
Install anti-malware software and scan PC regularly using latest malware definition file.
2.
Scan all email attachments, downloaded files and floppy disks before use.
3.
Keep PC operating system and software up-to-date with the latest security updates and patches.
4.
Choose passwords that are difficult to guess and change passwords regularly.
5.
Don't save password into PC or disclose passwords to others.
6.
Don't open or forward emails and attachments from unknown sources or enable automatic processing of email attachments.
7.
Perform data backup regularly.
8.
Don't grant unnecessary file sharing / access rights.
9.
Enable screen saver and power-on password.
10.
Disconnect from Internet when not in use.
4. I notice that some students are not aware of the importance of information security and are not using their computers properly. I would like to develop some security guidelines or policies to regulate the use of computers in my school. Is there any guideline for me?

You are recommended to develop IT security guidelines or policies for the students to follow. The rules are documented so that they know what are the things they should or should not do.

You may find a sample of IT security policy in schools at the following location:

https://www.edb.gov.hk/en/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-edu/information-security/information-security-in-school.html

5. How do the intellectual property rights concern the students?

The Internet contains a huge variety of useful information and resources. You should encourage your students to do research on the Internet. Nevertheless, they should be aware of the importance of intellectual property rights. They should notice that it is illegal to download and save files from the Internet without the acknowledgement from the owner. They should not copy the material they found from the Internet directly to their assignment, including article, photo, image and programming code.

You may refer to the following location for copyright related ordinance.

6. How about downloading MP3 and movie? I notice that it is quite easy to download them from the Internet?

Same as other files, you should teach your students not to download MP3 and movie from the unauthorised source or without getting permission from the owner, though it is quite easy to do so.

Moreover, they should not publish or distribute music or movie that do not belong to them or are not authorised to do so. It is considered as breaking the law.

7. Some news reported that there are some faked websites and fraudulent emails trying to get account and credit card information from us. What should I teach my students to prevent this from happening to them?

There are some faked websites that pretend to be popular shops, trying to get your credit card or other personal information. Moreover, there are some 'spoofed' emails which are sent in bulk with deceiving or fraudulent message. Some may even invite recipient to click the embedded links to some fraudulent websites, and deceive them to enter personal banking information such as accounts, passwords and credit card information.

Here are some tips for your students to follow:

Not to follow URL links from un-trusted sources or emails to avoid being re-directed to malicious websites.
The safest way to ensure the website being visited is the one you are looking for is to type the URL manually or follow the bookmarks you've made previously.
Perform online purchase only at reliable websites and with security protection (e.g. SSL).
Be wary when giving off personal or account information. Banks seldom ask for these kind of information through email.
Ensure that your computer is applied with the latest security patches and malware definition file to reduce the chance of being affected by fraudulent websites or emails riding on software vulnerabilities.

You may find more information at the following locations:

8. What are considered as bad passwords that should not be used?

Following are some examples of badly chosen passwords that can be easily guessed or cracked using password crackers freely available on the Internet. Teach your students not to use any of them.

"password" ~ he most easily guessed password.
"peterchan" ~ logon name or name of a person.
"" ~ no password.
"aaaaa" ~ repeating characters.
"abcdefg" ~ consecutive letters.
"12345" ~ consecutive numbers.
"qwert" ~ adjacent keys on keyboard.
"apple" ~ dictionary words.
"19951231" ~ information easily obtained from you e.g. phone numbers, birth dates, your favorite things, name of street you live on.
"apple12" ~ simple variation of anything mentioned above, e.g. appending or prepending digits or symbols, or substituting characters, like 3 for E, $ for S.
9. What should I teach my students in choosing or handling passwords?

Things to note when choosing or handling passwords:

1.
Don't use a password with fewer than six characters.
2.
Don't reuse recently used passwords.
3.
Don't use the same password for every account.
4.
Don't write down your password, particularly anywhere near your computer.
5.
Don't give out your passwords even for a very good reasons.
6.
Don't select the "Remember your password" option.
7.
Do use a password with a mix of letters and numbers.
8.
Do use a password that is difficult to guess but easy to remember, so you do not have to write it down. E.g. use "ih1vnd" as password from easy-to-remember phrase "I have one very nice dog".
9.
Do use a password that you can type quickly. Without having to look at the keyboard, passers-by cannot see what you are typing.
10.
Do change the default or initial password the first time you login.
11.
Do change your password frequently.
12.
Do change your password immediately if you believe that it has been compromised.
10. How to handle malware?

The first thing to do is PREVENTION. You should make sure all the computers in your school are installed with anti-malware software and updated with the latest malware definition file. Note that: without updating with the latest malware definition file, the computer is not protected against the new malwares. Thus, malware signature should be updated regularly, say about once a week. You may also use a server to automatically apply the updated signature to all the machines.

Meanwhile, you should also teach your students to always scan floppy disk, CD and files downloaded from Internet before using them. Moreover, you and your students should backup programs and data regularly. This is the most secure way to restore the files after a malware attack.

If malware is found, don't be panic! Stop all the activities of the infected machine and disconnect it from the school network to prevent the malware from further spreading. Clean the malware using anti-malware tools or follow the instructions from anti-malware vendors. When the malware is removed, you can then restore the data from clean backup. You may also report the case to the Police when necessary.

Click here for more information related to malware, such as the latest malwares, types of malware, the ways to handle it and some tips on protecting computers from malware attack.

11. There are updates released for operating systems and other software from time to time. I found that it takes me a lot of time in doing the updates and some of the machines are not frequently used. Is it necessary to do the updates?

Yes, you should always keep the operating system and software of the computers up-to-date with the latest security updates and patches, especially for those connected to the Internet.

Very often, an intruder will make use of the vulnerabilities found in operating system and software to launch attack. Software company will release updates or patches to fix the holes. However, if the machines are not installed with the updates, it will give a chance for the intruder to launch attack.

12. There is no valuable data in most of the machines. Is it necessary to do the security updates for all the machines?

An intruder can make use of one machine as a stepping stone to launch further attack to other connected networks easily. If one machine that linked up with the school network is under attack, it may expose the whole network and computer systems to serious security risk.

Though it may take you some time for the update, your effort, time, and money spent should definitely be far more than this if your school network and systems are under attack and all the data are damaged.

13. Do I need to install firewall in my school network?

If your school network is connected to the Internet, you should install a firewall to protect the network. An intruder can easily attack your school network by making use of the security vulnerabilities found in the software. Firewall can filter the unauthorised data traffic and prevent the intruders from accessing the important resource inside your network. However, you should make sure that the firewall is configured properly with appropriate access control, so that there is no false sense of security.