October 2007 — Security Supplement
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
School Security Strategy—Simplified
Safety is a top priority for schools, and the best way to manage the risk is to address the top IT security issues for 2007-2008, and anticipate concerns on the horizon.
Much like the stock market and gas prices, the world of IT security is always changing. A virus hits, the world responds. Major threats one year become passing threats the next. Vendors in the space are constantly reinventing themselves to provide customers with the latest and greatest methods for stopping the most pernicious threats first. On the K-12 level, where budgets are slim and staffs are slimmer, simply keeping up with all of it is a full-time job.
The key is focusing on the biggest security issues of the day. Here's a rundown of the top four security concerns for the 2007-2008 school year—proxy servers, content filtering, network access control, and identity management—as well as an inside look at some potential safeguards for 2008-2009.
Proxy Servers
In the world of computer networks, proxy servers are servers that handle user requests by forwarding them to other servers. These proxies exist all over the internet, in many cases free of charge. Because so many districts are cracking down on the websites available in their schools, students have discovered they can use proxies to circumvent blockers and access pages that are otherwise off limits. While students check Gmail or ESPN.com, network security devices think nothing is out of the ordinary at all.
This was the problem this past year at the Boerne Independent School District in Boerne, TX, where IT Director Steve Stewart says students were visiting proxy servers as frequently if not more frequently than they were visiting legitimate websites. Once on the proxies, students would fan out to sites with pornography and violent games. Toward the end of last year, the district used software from 8e6 Technologies to supplement another vendor's perimeter filter and block many proxies from the start.
"It's not so much that we view students as threats, but you never know who's going to use the proxy to get on to our network," Stewart says. "Are we censoring what they can and cannot use? Yes. But it's our job to keep the district safe."
The 8e6 technology blocks proxies using signature-based network pattern detection. The Security Edge Platform from another vendor, DeepNines, uses similar Bayesian algorithms to block a list of known proxies. At Highland Park Independent School District in Dallas, technologists have used this software to eliminate what they had termed a "proxy server epidemic" in which students were using the circumventions to access applications they weren't supposed to use.
Many of these applications were innocuous: peer-to-peer programs, instant messaging, and MySpace.com, to name a few. Still, those programs consume critical bandwidth, negatively impacting network performance overall. Ron Smith, administrator of technical services, says that over a six-week period with the new technology, the district blocked more than 2,200 proxy server attempts, saving 926 kilobytes of bandwidth per second and improving network performance by nearly 22 percent.
"Their deep inspection of each port and protocol prevents unwanted behavior even on non-traditional ports," he says. "Since the [technology] is invisible, even the most astute student is unable to locate or harm it."
