Documentation for testing center staff

Security of testing centers

Security of testing centers

The security model for PrairieTest exams in testing centers restricts students in a testing center to only access the exam they are supposed to be taking in the LMS (Learning Management System), while allowing students outside of the testing center to access any non-exam content in the LMS.

To make this more precise, we consider two students:

  • Student inside the testing center: This student should be able to access the LMS to take the exam, but should not be able to access any other content in the LMS (either other exams, or non-exam content). They should be blocked from accessing other sites on the internet.
  • Student outside the testing center: This student should not be able to access any exams on the LMS, but they should be able to access any non-exam content. They should also be able to access the general internet.

We consider three types of content:

  • General internet content: should only be accessible to students outside of a testing center.
  • Non-exam content in the LMS: should only be accessible to students outside of a testing center (the same as general internet content). This includes reference materials and non-exam assessments like homeworks.
  • Exam content in the LMS: should only be accessible to students inside of a testing center who have explicit permission to access this exam.

To implement this security model we use two cooperating mechanisms:

  1. The testing center firewall blocks all access to the internet from the testing center, but allows all traffic to and from the LMS.
  2. The LMS itself blocks access to non-exam content from students inside of a testing center, and only allows access to an exam if a student is inside the testing center and has explicit permission to access the exam at a particular time.

This is illustrated in the following diagram:

Security model

Testing center firewall setup

In the ideal configuration shown above, the testing center firewall blocks all access to the internet from the testing center. This setup needs to be completed by an IT person responsible for the testing center space.

When firewall configuration is not possible, we recommend a larger ratio of proctors per student, so that proctors can visually inspect if students are using prohibited sites (outside of the LMS). This can be a first step towards the implementation of a fully secured testing center.

Testing center network filtering

If the IP addresses of the machines inside the testing center are known, they should be entered in PrairieTest, so that this information is sent to the LMS. This allows the LMS to determine whether a given student is currently inside or outside the testing center and thus to appropriately restrict their access.

To enter the IP addresses in PrairieTest for each testing center location, follow the steps below:

  • Go to the testing center under Testing centers where you are staff from the homepage.
  • Go to the Locations tab from the top menu bar.
  • Go to the Networks tab.
  • To activate network filtering, click the edit button, select Network filtering active, and click Save.
  • Click Add network.
  • Enter the the network address block, and click Add network to confirm.

If the testing center administrators cannot complete this step (for example, they don't have access to the IP addresses), it is crucial that the exam is only available to students who were checked in at the testing center. At any time a student leaves the testing center, they need to be checked out so they don't have access to the exam outside the testing center. Moreover, students will have access to both "Exams" and "Non-exam" content while inside the testing center, since the LMS is not able to determine whether the student is inside or outside the testing center.