Printer Friendly
The Free Library
14,506,614 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Weaving a safety net: go beyond firewalls and content filters to soup up network protection--without busting your budget.


Thanks to growing reliance on technology and increasing sophistication so·phis·ti·cate  
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates

v.tr.
1. To cause to become less natural, especially to make less naive and more worldly.

2.  on the part of digital miscreants, security issues are uppermost in the minds of many districts. To fend off Verb 1. fend off - prevent the occurrence of; prevent from happening; "Let's avoid a confrontation"; "head off a confrontation"; "avert a strike"
deflect, forefend, forfend, head off, avert, stave off, ward off, avoid, debar, obviate  the worms, viruses and hack attempts that happen every day, many IT managers and superintendents have implemented firewall-based security systems that give them at least some shelter from the storm.

But, as networks become more complex with the addition of wireless and other components like VoIP, firewalls might not be enough. Security experts emphasize that to create a truly effective barrier between bad guys and a district's network, it takes a multi-layered strategy that addresses threats at a number of levels.

For districts that have already sunk tens of thousands of dollars in firewalls and other products, the realization that more is needed may feel disheartening dis·heart·en  
tr.v. dis·heart·ened, dis·heart·en·ing, dis·heart·ens
To shake or destroy the courage or resolution of; dispirit. See Synonyms at discourage. , but it's not the groan-inducer it might seem. Souping up network protection is sometimes just a matter of perspective change, more training or vendor consolidation. Here are some tactics for getting the most out of what you've already got.

Think like a business

When trying to keep up with security issues, it's easy to feel overwhelmed o·ver·whelm  
tr.v. o·ver·whelmed, o·ver·whelm·ing, o·ver·whelms
1. To surge over and submerge; engulf: waves overwhelming the rocky shoreline.

2.
a. . It seems that the e-wolves are always at the door, huffing huffing,
n the inhalation of common household products such as glue, solvents, hair spray, or gasoline to obtain a temporary euphoria. Specifically, huffing refers to soaking a rag, toilet paper, or sock in the household substance and inhaling.  and puffing An opinion or judgment that is not made as a representation of fact.

Puffing is generally an expression or exaggeration made by a salesperson or found in an advertisement that concerns the quality of goods offered for sale. , and that many districts are continually scurrying scur·ry  
intr.v. scur·ried, scur·ry·ing, scur·ries
1. To go with light running steps; scamper.

2. To flurry or swirl about.

n. pl. scur·ries
1. The act of scurrying.  to put more protections in place. But rather than taking a reactive stance, which calls for addressing threats as they occur, it's often more effective to employ a more proactive strategy, says Keith Krueger, chief executive of the Consortium for School Networking.

"In general, K-12 administrators have sometimes been unclear about what they need to do to address the wide range of cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual.  security concerns," he notes. "Since 9/11 there's been a heavy focus on vulnerability of networks. But having anxiety and knowing what to do are two different things."

One important step in creating stronger networks is to assess a district's computing environment in the same way that companies look at their architectures. Rather than aim for complete lockdown--and buy more products in the process--many businesses realize that there is no such thing as 100 percent protection, and that it's more important to create a risk management plan than to try and plug every minor network hole.

Taking such a high-level view of what the district is trying to achieve and how it can use existing security controls can lead to creating a plan that includes writing new policies for teachers, staff and students, tweaking tweaking Vox populi Fine-tuning to produce optimal results  technology like firewalls and content filters, and building in more IT time for security efforts. Krueger recommends that superintendents and IT directors meet on a regular basis, and discuss not just spending and nifty new security hardware, but also security management of both resources and personnel.

Discussion topics should include the district's level of risk, realistic assessments of trouble spots, and how users are handling security tasks.

"Security is a leadership issue, but some schools are still seeing it from a purely technological standpoint," says Krueger. "That's very limiting to their long-term power, because it makes the challenge black-and-white. They think the district is either secure or it isn't. But there are different levels of what can be done, and not all of them have a technology component."

Because data protection has become so vital in the business world, increasingly IT departments are meeting with presidents and CEOs to hammer out broader strategies around Internet use, employee training and risk analysis. The same should be done at districts, with administrators, school board members and network support staffers coming together to think more strategically and creatively about security.

"At a school, unlike at most companies, the focus is on learning," notes Krueger. "But the goal is the same for districts as it is in the corporate world: to ensure collaboration without putting information at risk."

Play traffic cop

Although higher-level strategy is crucial for bringing together all of a district's security pieces, it's also useful to tweak To make minor adjustments in an electronic system or in a software program in order to improve performance. See calibrate.

1. tweak - To change slightly, usually in reference to a value. Also used synonymously with twiddle.  everyday tactics as well.

A good place to start is in monitoring the Internet traffic Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks.  going in and out of the network. Most districts already have this ability in place, either through software that comes with their firewalls or from an Internet service provider Internet service provider (ISP)

Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. , but some might not take the time to actually go through usage logs or look for broadband spikes.

"Many times, there are reporting tools that aren't used as effectively as they could be," notes Scott Cummings
    Scott Cummings (born January 18, 1974) is a former Australian rules footballer who played in the Australian Football League.

    Cummings was drafted to Essendon in the 1992 National Draft from Swan Districts as a strong goalkicking full-forward.     , president of Excalibur Technology. "People are just glancing at logs without trying to find trends, or they aren't really paying attention Noun 1. paying attention - paying particular notice (as to children or helpless people); "his attentiveness to her wishes"; "he spends without heed to the consequences"
    attentiveness, heed, regard      to what's in the spam filter A software routine that deletes incoming spam or diverts it to a "junk" mailbox (see spam folder). Also called "spam blockers," spam filters are built into a user's e-mail program. ."

    Increases in broadband use might indicate the start of a denial-of-service attack "DoS" redirects here. For other uses, see DOS (disambiguation).
    A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users.     , which hackers use to jam a network so it can't send and receive messages properly. They can also be a tip-off that students are trying to download bandwidth-eating files like those containing music or videos.

    One advantage to paying more attention to traffic patterns is that internal security risks can be detected with greater speed. If a district's security controls are mainly centered on keeping people outside of the network from getting in, it might be missing a huge security risk, says Jim Hirsch, associate superintendent of the Piano Independent School District in Texas.

    "Our greatest security threats are inside our own network," he says. "We found ourselves doing protection in both directions, and it became a bottleneck A lessening of throughput. It often refers to networks that are overloaded, which is caused by the inability of the hardware and transmission lines to support the traffic. It can also refer to a mismatch inside the computer where slower-speed peripheral buses and devices prevent the CPU  because of older firewalls and fighting on two fronts."

    The district replaced the multiple firewalls with a simplified software and appliance approach that specifically addressed both internal and external security without affecting bandwidth.

    In addition to helping the district track traffic, making a change in the technology has also reduced the amount of time that IT staff members have to combat spam E-mail that is not requested. Also known as "unsolicited commercial e-mail" (UCE), "unsolicited bulk e-mail" (UBE), "gray mail" and just plain "junk mail," the term is both a noun (the e-mail message) and a verb (to send it). . Since large volumes of unsolicited e-mail brings with it nasty critters like worms, viruses and Trojans, putting in better spam-fighting technology has helped Plano to shift IT resources and use them more effectively.

    "When looking at security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
    security     , like better spam control, you have to factor in people's time because then you see how much sense it makes financially to put better procedures and products in place," says Hirsch. Before employing stronger anti-spare measures, Plano was spending about $450,000 per year in staff time just to deal with the e-mail, Hirsch estimates. After implementing stronger anti-spare software, Plano will have a return on its investment in months, rather than years, Hirsch says.

    Consider tech streamlining

    With the array of software and hardware available to filter content, kill spyware, block spam and detect intruders, many districts may find themselves with multiple applications or appliances that might be creating too much complexity in the IT environment. Some may even be discovering redundancies, as a firewall works to block spare, even though spam-stopping software is also in use.

    In response to such an embarrassment of technological riches, districts like Piano are deciding that rather than buy more protection, it's better to bolster security by streamlining their environments.

    At the Moscow School Moscow school

    School of late medieval Russian icon and mural painting. It succeeded the Novgorod school as the dominant school of painting when Moscow rose to a leading position in the movement to expel the Mongols.      District in Idaho, there's an effort underway to get rid of several of the district's many security-related devices in favor of an all-in-one approach. Moscow has chosen a device from Lightspeed Systems, which will provide content filtering See Web filtering and parental control software. , spam control and network monitoring The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms.  in one device.

    "We found that when we were running all of our devices together, it took us more time to figure out reporting with each one than it would if we just got one device and depended on that," says Chanc Hiatt, the district's lead network specialist. "It's good bang for the buck for tight budgets."

    The district is also in the middle of a major project to centralize cen·tral·ize  
    v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es

    v.tr.
    1. To draw into or toward a center; consolidate.

    2.      administration of the entire network, so that its wireless setup is not building-by-building as it is now. The ability to manage security issues from a central point is compelling, Hiatt notes, because it will further streamline how the network is handled.

    "We're proactive in our approach to security, so we keep up with the latest products," he adds. "But we also recognize that the best defense doesn't always include a huge blend of hardware and software. Keeping the technology simple, and managing it from one spot, will allow us to be more efficient with time and resources."

    Teach the educators

    In addition to getting a handle on what can be improved from a technological standpoint, it's also vital to address the non-technology aspects of security. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke"
    put differently     : it's 10 a.m.: do you know what your users are doing?

    Even with monitoring controls in place, users are often the weak link in the security chain. Some might take their school-owned laptops home or on trips and hook into other networks that don't have effective protection established. Others could tinker with security settings to use coffee shop hotspots, and then forget to change the settings back before they log into a district network.

    It isn't just educators or students that lean toward such habits, says Cummings. Corporate employees, home users, high-level executives, and even IT staff members have all, at some point, employed unsafe practices when opening e-mail or surfing online.

    "People within an organization will be your biggest asset or your biggest liability when it comes to protection, especially from things like spyware," says Cummings. "Once you have a technological border set up, most infections can't come through without some human help."

    Perhaps the strongest booster shot Booster Shot

    The name given to the first formal recommendation report issued by an underwriter for an IPO. It is presented in the process of the public offering.

    Notes:
    The booster shot acts as a way to reinforce attractiveness of the new issue.      for security a district can employ is to do more in-depth training and create awareness programs, and make that education easy to follow and continually refreshed. A bit of lighthearted light·heart·ed  
    adj.
    Not being burdened by trouble, worry, or care; happy and carefree. See Synonyms at glad1.


    light      writing--in the form of tips or short tactics--can also make lessons stick.

    At Mankato (Minn.) Area Public Schools, the district has created a set of guidelines for teachers that is a mere two pages long, so they don't feel bogged down by numerous security rules, but are still given the information they need. The district's security policy is 70 pages, but Director of media and technology Doug Johnson The name Doug Johnson may refer to the following people:
    • Doug Johnson (Loverboy): Keyboardist for the Canadian rock group, Loverboy
    • Doug Johnson (American football): NFL quarterback
    • Doug Johnson (meteorologist)
     knew that giving such a tome to educators would be counterproductive coun·ter·pro·duc·tive  
    adj.
    Tending to hinder rather than serve one's purpose: "Violation of the court order would be counterproductive" Philip H. Lee.     .

    "We've taken a gradual approach with our communication efforts," says Johnson. "We have the standard guidelines, and then we also send out tech tips every month that includes some tactics on best practices."

    In its short guideline, Mankato stresses main areas for security, including passwords, data backup procedures and privacy controls. The district also reminds teachers to keep physical security in mind, by using cables to lock laptops to desks, and listing computers with a homeowner insurance policy in case it's stolen.

    More than just adding an extra layer of security for the district's technology, including the educators in the protection efforts makes them feel more invested in keeping the network safe, Johnson has noticed.

    "Every district has to convince users that it's in their best interest to make sure networks are uncompromised," he says. "They're happy to know that they can take a role in creating a reliable, security infrastructure that lets them get their jobs done."

    Education Industry: No. 1 Target

    Researchers at the Internet security ''This article or section is being rewritten at

    Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software.      company, Symantec, have found that between January and June 2005, education was the most frequently targeted industry by malicious hackers.

    Security experts say this is likely due to the nature of networks in educational organizations. In addition to providing large numbers of public terminals, a single educational institution must facilitate remote access for tens of thousands of users requiring numerous different services. This can make it difficult for network administrators to actively defend against threats.

    Also, the volume of computers that are connected to the network, along with the network resources they possess, makes them very attractive targets for attackers both inside and outside of the network.

    Adequate Protection

    Scott Cummings, president of Excalibur Technology, suggests that districts make sure they have multiple layers of security protections in place. Here are his suggestions for the basics:

    * Border firewall that allows for lock down of multiple ports

    * Web site blocking and monitoring software

    * An action plan for turning off unneeded network services

    * Regular security patch A fix to a program that eliminates a vulnerability exploited by malicious hackers. See vulnerability and patch.  update procedures

    * Anti-spyware software, ff it's not included in the firewall

    * Secure guest access strategy

    * User policies that are straightforward and enforceable

    Locking Down, Literally

    With so much focus on internal threats, open ports. Wi-Fi issues and other security challenges, some IT departments are overlooking an obvious source of concern: simply locking the right doors.

    "It's understandable that school districts would concentrate on protecting their data. but much like companies, they have to make sure that their actual equipment is secure, too," says Joseph Kim, senior consultant for The Biometric Group, a firm that advises organizations on how to secure data centers.

    Beefing up network security through a number of controls, no matter how creative or cost-effective, will ultimately mean little if someone is able to just pick up a server, unplug it, and walk away. Districts don't necessarily have to build fortresses with iris scanning Noun 1. iris scanning - biometric identification by scanning the iris of the eye; "the structure of the iris is very distinctive"
    biometric authentication, biometric identification, identity verification - the automatic identification of living individuals by using      akin to a James Bond film, Kim notes but investment in some simple technology like fingerprint readers A scanner used to identify a person's fingerprint for security purposes. After a sample is taken, access to a computer or other system is granted if the fingerprint matches the stored sample. A PIN may also be used with the fingerprint sample.  or proximity cards Proximity card is a generic name for contactless integrated circuit devices used for security access or payment systems. It can refer to the older 125 kHz devices or the newer 13.56 MHz contactless RFID cards, most commonly known as contactless smartcards.  can add an extra layer of protection. "Even just being aware of physical security and putting policies in place about who has keys can prevent disaster," Kim says.

    Elizabeth Millard is a freelance writer based in St. Louis Park, Minn. 
    Targeted attacks by industry
Percentage of attackers classified as targeted

Education                  .223%
Small Business             .212%
Financial Services         .109%
Local Government           .016%
Health care                .011%
Information Technology     .006%
Accounting                 .003%
State Government           .001%

Source: Symantec Corporation

Note: Table made from bar graph.
    COPYRIGHT 2005 Professional Media Group LLC
    No portion of this article can be reproduced without the express written permission from the copyright holder.
    Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

     Reader Opinion

    Title:

    Comment:



     

    Article Details
    Printer friendly Cite/link Email Feedback
    Title Annotation:SAFETY & SECURITY
    Author:Millard, Elizabeth
    Publication:District Administration
    Geographic Code:1USA
    Date:Nov 1, 2005
    Words:2249
    Previous Article:Changing education--for real: summit gathers state and local education leaders and legislators to transform education to compete in a global society.
    Next Article:Preventing sudden cardiac arrest in schools.(Security Trends)
    Topics:



    Related Articles
    Resellers nationwide tap SofaWare's security solutions to deploy comprehensive security services to small businesses.
    Take control of Wi-Fi security: when it comes to Wi-Fi hotspots, such as those offered by coffee houses, hotels, and airports, "public" usually means...
    Forum Systems and Captus Networks partner to provide Web Services Intrusion Detection and Prevention solution.(Forum Sentry 1500 series)
    Proventia all-in-one protection.(Security)
    Proventia all-in-one protection.(Security)
    eSafe V4.(Security)
    Firewalls: keeping the big, bad world out of your firm.(Media And Technology)
    Using SPAM firewalls.(Security News & Products)(Barracuda Networks SPAM Firewall)
    Keep kids from Internet dangers.(Columns)(Column)
    Cyber-democracy or cyber-hegemony? Exploring the political and economic structures of the Internet as an alternative source of information.

    Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles