Nothing is more important when allowing an inmate computer access is the restriction of that access to authorized activities. However, it is in very nature of personal computers is to empower the users. This characteristic can only be countered by a thorough modification of the computer at many levels. And, the systems must be constantly monitored to make sure an inmate has not discovered a new way to hack in to a computer.
Academy uses several lines of defense to secure an inmate network, to summarize:
Physical Level: Academy uses metal system cases whenever possible. When this is not an option, we seal all system openings to prevent the use of any voids or open spaces that could be used for contraband concealment. For unattended or maximum security environments, we prefer to use hardened steel Kiosks.
BIOS Level: Before any program loads, a computer starts up by running its Basic Input-Output Software. All a savvy inmate has to do is interrupt the startup process to access this BIOS, and make damaging changes to it. Academy password-restricts assess to this program.
Operating-System Level: Academy creates restrictive, read-only inmates accounts that only allow access to authorized programs. Restricted computer icons and desktop items are deleted, made invisible, and/or deactivated, depending on what is possible within the Windows program. The password on this account is 10 characters long, can be made unique to each inmate, and must be changed every 90 days, to contain security breaches. The Windows Help function is deleted, since this allows access to many denied features. In all, there are 150 steps to securing a server for inmate use.
Applications Security: Many applications allow, through their own help function or other areas, access to restricted functions. Academy discovers, deletes them, or sends the inmate to a virtual cul-de-sac where nothing further can be done.
Network Security: Academy prefers to design the network to be a completely self-contained system. While firewalled networks could provide online access securely, it there is no outside data connection, there is no danger of electronic escape or chance that inmates will access the staff network. In our networks, all unused network capabilities are removed or disabled to prevent the possibility of an inmate gaining backdoor access. There is a twelve-step terminal lockdown, as well.