October 2007 — Security Supplement
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
School Security Strategy—Simplified
Content FilteringWith the history of spam, spyware, and e-mail viruses, content filtering certainly is nothing new. Nowadays, however, technologists are finding that they must scan internet traffic to make sure students don't put the district in violation of the Children's Internet Protection Act of 2000. This law stipulates that any school receiving funding support through the E-Rate program must filter content that is obscene, pornographic, or otherwise harmful to minors. Failure to do so could put E-Rate funding at risk.
While software from 8e6 and DeepNines also handles content filtering, technologists at the Rochester Central Unified School District in Rochester, IL, instead have turned to iPrism technology from St. Bernard Software to monitor regular web traffic. This technology is a piece of hardware with software built in. According to Tom Woodruff, the district's director of technology services, all he had to do to set it up was check off which types of content he wanted the appliance to block.
"If we find that a group of users or a single user is going to a particular [non-academic] site constantly, we can say that's a site we don't want and manually set the device to enforce it," he says. "What I like about our filter is that we can change it whenever we want."
At the Kentucky-Tennessee Conference, the administration body for 20 elementary schools and two high schools near the Kentucky-Tennessee border, officials recently implemented the NetSupport School tool from NetSupport to monitor and control which web pages users are visiting when they access the internet with campus equipment. So far, according to Richard Stephenson, IT director and educational resource administrator, the product has worked wonders.
Specifically, at Madison Academy, one of the two high schools with a 1-to-1 laptop initiative, the filters are set to monitor internet activity and prevent students from accessing objectionable content even when they're outside of school. Stephenson says that Madison students are divided into three different tiers based upon performance in class, and that as the students score better on formative assessments, they receive privileges to surf the web more freely.
"Our research has shown that the better students are doing in class, the more we can trust them not to abuse the privilege of unfettered web surfing," says Stephenson, who adds that the school uses Microsoft Active Directory to keep track of which students merit access to what. "With the bad kids, we're trying to train them that with responsible use of the internet comes certain tangible rewards."
Analyzing the Study
June marked the release of the annual CDW-G School Safety Index, a research project benchmarking the current status of public school district safety. Based on 14 elements of physical and cyber safety, the survey of 381 school district IT and security directors highlighted the indicators of strong district safety programs, as well as the barriers to school safety.
Overall, the CDW-G School Safety Index revealed that districts are having greater success with cyber security than physical security. Key findings concluded that:
- School districts rely too heavily on technical solutions to protect networks and buildings and need to focus more attention on educating students about physical and cyber dangers.
- Tech-savvy students are putting the district network and themselves at risk by sidestepping IT security procedures through measures like proxy servers.
- Districts rely heavily on the telephone to communicate with faculty and parents during emergencies.
- Lack of budget, staff resources and proper security tools limit a district's ability to protect itself.
Bob Kirby, the company's senior director for K-12 education, says the bottom line is that even those schools that perceive to be safe aren't nearly as secure as they could be.
"To a large extent, security is too often in the eye of the beholder," he says. "From a broader perspective, however, the index shows the potential for schools to do more–especially in the areas of safety education and emerging communication technologies."
Case in point: Acceptable Use Policies (AUPs). While nearly every responding district reported having some sort of policy that outlines acceptable use, a whopping 37 percent of districts said they update these AUPs less than once a year. Experts say this apathy renders the policies virtually ineffective; if policies aren't changing to react to security threats over time, some question the point of having them at all.
Another challenge: Cyber security. Here, many responding districts (81 percent) said that they monitor student Internet activity, but only 38 percent reported having a closed district network to provide more control over communication and content access. According to Kirby, with Internet-oriented security threats increasing every day, more and more districts should consider tightening controls to minimize risk and maximize the learning experience for everyone involved.
"Being safe on the Web requires a commitment," he says. "Hopefully a number of these big-name companies will demonstrate that commitment before it's too late."
