EMBC Portal

User Organisations will be able to access web sites on the internet through proxy servers sited in the embc CSF. Direct access to internet web sites from work stations inside the embc Network is not allowed.

The work stations on the User Organisation’s LAN will be able to talk to DNS servers in the embc CSF.  This will allow DNS name resolution for all sites inside the embc and over the internet

Work stations and servers on the internet can browse web sites hosted at the CSF and on ‘Internet Visible Servers’ hosted at User Organisations and other edge sites.  User Organisations can host websites at the CSF either by sharing a web server provided by embc-pl or by having their own server hosted there.

The embc Network operates as a single network with all sites being behind either the embc or Lincolnshire (NETLinc) Firewalls.

Embc-pl operates a regional wide IP structure which enables certain IP address ranges to be allocated to Videoconferencing.

Embc filters all Internet access using NetSweeper.  This system provides sites and users with a choice of profiles. NetSweeper is a worldwide filtering service which checks and classifies all sites accessed by its users automatically on a 24hr by 365 days a year basis,

User Organisations can set their own profiles based on the embc profiles and can add specific websites to their own ‘White and Black Lists’. User Organisation profiles and White and Black lists are held at the embc CSF and changes are noted.

Embc portal controlled filtering requires the IP address of a workstation to be visible at the CSF to enable individual user assigned filter levels. User Organisations that have a local firewall or proxy may not be able to use all of the embc services, including user level filtering.  User Organisations firewalls or proxies will also result in a restricted video conferencing service.

Logs are kept of all Internet traffic.

Embc webmail is fully filtered.

SMTP mail relay servers at the core handle mail between the internet and the SMTP mail servers on the User Organisation’s LANs inside the embc Network. All incoming and outgoing mail as well as inter-User Organisation mail is filtered by EMF.

Embc provides anti spam protection.

For store & forward and POP emails, all email routing information including ‘To Address’, ‘From Address’, Message Size and Subject will be retained for 28  days by the SMTP mail relay servers.

The servers making up the embc CSF have antivirus protection to stop the spread of viruses across the network. However it is the User Organisation’s responsibility to ensure that they have appropriate anti-virus software on the User Organisation network.

Management and backup of the core servers are regularly undertaken by Synetrix Limited.

High quality H323 Video conferencing is enabled through the JANET Video Conferencing Service (JVCS) using an embc VC Gatekeeper. Webcam based video conferencing is enabled through “Click to Meet” and external access is controlled through the embc VC Gatekeeper.

Only videoconferencing traffic from embc IP addresses is allowed to other workstations or servers across the network. All other direct traffic between sites is blocked.

Embc provides Quality of Service (QoS) across its network to support high quality videoconferencing for User Organisations that support the embc Standard Network Build (SNB) and have implemented QoS on their internal networks.

Management access to User Organisation networks for third party managed service providers can be enabled over the network. Such providers will need to demonstrate that they are either Becta approved or authorised by a User Organisation and the Local Authority to provide such access. Providers will need to demonstrate their provenance as qualified managed service providers and be committed to supporting User Organisations to implement the embc SNB, AUP and Security Policy. 

Security Configuration

The general principles of this security policy are as follow

• No traffic shall enter or leave the embc Network without being explicitly permitted by the firewall
• No traffic shall route directly between establishments unless having been explicitly allowed do so.
• All browser-based Internet access will be filtered and logged
• All email traffic will be filtered and logged.

RIPA Procedures

Synetrix has developed a policies and procedural document “Synetrix RIPA Procedures” that outlines how they will undertake their responsibilities in working with those Local Authorities in relation to the Regulation of Investigatory Powers Act 2000. All information is to be treated as confidential and only released to named authorised person identified by the requesting LA within the authorisation request.