Why Are Students Liable for School Insecurity?

yamamushi asks: "Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity? Why are they punishing so many students for something that should be handled from the district's end? I know at the time I was going to school there, I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. They refused to update any of the computers and as such I was using the same tactic till the day I graduated." While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?

Re:Three months? For proxies?

[rilian4]

I speak as a school sysadmin. I am not lazy, I am overwhelmed. The same goes for my district admins. I cannot possibly close every last security hole in the over 600 computers I am ultimately responsible for. The task is too large. Either way, the rules were written and most likely(as is the case in the school where I work) students signed off on a form or booklet that said they would agree to abide by these rules. These rules include appropriate network use. The fact that a security hole is not patched, does not negate the signed agreement by said student(s) who signed an agreement that they would not do it and said agreement lists punishments (at least at my school) that will be meted out in response to breaking of said rules. Therefore the fact that a security hole is there does not give a student the right to breach it or use it to their own advantage.

At my school, we encourage students to report such breaches to us that they discover (and they are guaranteed not to get in trouble for the discovery) so we can improve our security. We like to try and keep the kids who are good at this stuff on our side in this way but if any student should use such a breach to their advantage in the way this article describes and they get caught, there will be consequences...not 1 month suspensions generally but still a message needs to be sent.

As an earlier poster in this thread said, part of being in school is teaching students how to respect boundaries. Same poster also said correctly that similar actions as an adult lead to far more serious consequences such as loss of job or worse.