If the students have physical possession of the MacBooks, and also "unlimited" time with them at home, some clever student might still be able to bypass your restrictions. It's very much harder to secure a computer not under your physical control.
Can they install software? Is it possible to boot Linux from a CD or other external device? Is it possible to plug the MacBook's hard disk into a different computer and modify some files on it? Is the proxy server only accessible from offsite via an encrypted connection (like a VPN) or could somebody interpose a NAT computer to masquerade as your proxy server? Finally, for a Macbook to have remote access to the school proxy server, there is presumably infrastructure at the home to provide the connectivity. This would imply that the student has access to computers or smartphones at home which can be used to access whatever is desired on the Internet. So why do these Macbooks *need* to connect only through your proxy server, even when the student is at home? Paul Kosinski On Fri, 29 Apr 2016 08:52:37 -0400 Ross Pendleton <rpendle...@perkinsschools.org> wrote: > Guess I should expand a little on my topic. > > We are a one-to-one Mac district, with some 2000 devices. Multiple > grade levels are permitted to take their MacBook Airs home with them > during the school year. > > We use a configuration profile to route ALL their traffic through a > Proxy Appliance on our network and for the most part, it works great. > > I discovered two days ago however, that making one single change to > the Firefox network settings will allow them to completely bypass all > our filters. And I freaked. As I need to. > > > Overnight, I invested some time into using the Firefox ESR in > combination with the CCK2 option and have created an altered bundle > to distribute that at this moment, has all the network settings > locked out and prevents users from changing them. > > I will begin testing this today and if my results are good, I will > pass this new version out in a policy to the remainder of the student > body. > > I want to thank all those who responded. Without some of the reading > I found there, I would not have hit upon the CCK2 option. Thank you > for all your time! _______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"
