Printer Friendly

Strengthening the first line of defense: here's how administrators can combat threats to their networks.

There's a good reason school networks are so hard to protect. They are remarkably diverse. A typical K-12-network could easily include laptops, desktops, a lab, Apple and Intel platforms, wireless and wired components, and on-site and remote access. Throw in a large number of users and an unavoidably high turnover rate, and it becomes hard to see how these networks are ever safe.

Securing these complex campus and district networks can seem daunting. But just as technology creates opportunities for mischief, so too does it deliver new tools to prevent Here's advice on how to keep your network safe.

First, update existing filtering methods, virus software and patches. This can't be stressed enough. Fortres Grand, N2H2, Norton, Power On Software, SurfControl, Symantec and other vendors continually enhance their products and technologies to handle new threats. Indeed, subscription-based services are increasingly popular partly because they eliminate update concerns.

Second, stay informed. Subscribe to security e-newsletters, especially those from hardware and software vendors used by the district. Apply patches and updates quickly. To automate patching tasks, large districts might look at Shavlik Technologies' HFNetChkPro package, which has an impressive ROI.

Third, explore newly developed solutions. For instance, packet-filtering and signature-based blocking both scan data-packet protocols on the fly to block unauthorized P2P activity and more regardless of source.'s NetSpective WebFilter network appliance uses signature-based blocking. Palisade Systems' ScreenDoor software will block access by protocol, port or server address.

Wide reach also characterizes Vericept's VIEW Filter. It monitors all TCP/IP traffic--Internet, intranet, email, attachments, chat, IM, P2P and more--for out-of-bounds activity plus it has adaptive URL blocking. Spector-Sort's Spector Pro software similarly tracks e-mails, chat, IM and even keystrokes via "stealth recording," sending an alert when suspicious activities or banned topics are detected.

Security Solutions Get Sneaky

Clearly, to protect networks from both smart programs and the clever people behind them, the newest breed of security solutions employ some deviousness as well.

Decoy servers, for example, simulate active servers with faked data and email traffic to attract any attacker. Once there, all activity is recorded for tracing back to the culprit. These are a class of intrusion detection systems (IDS). Symantec offers a robust Decoy Server. So does Palisade Systems, whose SmokeDetector program can mimic up to 19 server operating systems on one box. Also, IDS and/or filtering are built into some firewalls now, such as those from 3Com or Cisco Systems.

Detours are another approach. WebSense has Web-page requests pass through some control point (firewall, proxy server or caching device), where it checks them against a customizable set of parameters before sending along. NetSweeper transforms this "detour defense" into a turnkey solution by adding the router/proxy server Being hardware-based, this system's filters mad rules are extremely hard to circumvent.

Dedicated network-security appliances, in fact, have emerged as a trend. Decoy servers are one distinct type; others are more hybrid in nature. Most of this hardware dovetails with optional subscription-based services too, resulting in a comprehensive defense.

Symantec's Firewall/VPN Series, for instance, fits nicely with their filtering and virus software. VPN, for Virtual Private Network, basically creates a "tunnel" within the Internet for remote secure access to LANs. SonicWALL's Education Editions are tailored just for mixed platform K-12 networks. These security appliances include a firewall, VPN capability plus a free year of their content-filtering service that was just enhanced to Version 2.0. Add-ons include virus protection and a management module.

Plug-n-Play Security

A new and elegant solution to remote-access security is the IVE, Instant Virtual Extranet. Introduced to K-12 schools this spring, security vendor Neoteris describes the network appliance as an "extranet in a box."

The IVE sits between an internal LAN and all outside users, intercepting all requests. After authenticating them, the IVE then spawns a second, separate and encrypted session with the LAN to pass along only copies (proxies) of the request and return results. Remote users never actually connect to the LAN, only to the IVE.

The IVE employs the same Web-based encryption--SSL--as banks and online shops do for transactions. This supplies secure access to e-mail, internal LAN resources, Web resources and more from any remote computer. Plus, for secure messaging, standard Windows programs like Microsoft Outlook mad Lotus Notes work fine, eliminating costly VPN client software and all of its hassles.

Uniquely, the IVE controls LAN access at the application layer, enabling highly granular control. One can restrict incoming access to a single server or certain files and applications, for example, or limit outgoing requests to specific domains.

Finally, it's a real plug-and-play appliance. No DNS changes; no additional security configuration; no patches to Microsoft IIS servers. Just plug the 1VE into the network for an instant school extranet portal.

"It took me 10 minutes to set up and zero maintenance since," confirms Julio Velasquez, director of information technology for Somerset Area School District in Pennsylvania. Needing to provide secure remote access to the district's Windows network for hundreds of teachers, staff and administrators--with a minimum of administrative headaches--the former CTO turned to Neoteris' IVE.

It was a good decision. "Teachers manage their own computers with it in place," he explains. "They can change their own passwords and more, and the IVE just handles it."

After a successful pilot with district faculty and staff, Velasquez says he'll open the IVE up as a secure portal for students and parents, too. "The beauty is it creates secure access for any remote computer, so it's perfect for our situation with constant student and parent turnover." Neoteris was not the "cheapest solution" at the outset, continues Velasquez, "but when you figure in the personnel costs, man-hours and more it saves, the ROI became pretty compelling."


AdSubtract ad-blocking software

Bugnosis free bug-spotting software

Carnegie Mellon CERT Center threat updates

Cisco Systems

Federal Trade Commission Advisory closing open relay on servers

Fortres Grand

GuideScope pop-up and ad-blocking

Filtering Info

MAPS Transport Security Initiative securing e-mail servers


National Infrastructure Protection Center threat updates & new tools



Palisade Systems

Power On Software

Shavlik Technologies







RELATED ARTICLE: Help for human habits.

The best network security is easily compromised by everyday human habits. Professionals are after data these days, and they have both online and off-line tricks. School staff, parents and students must understand how their personal safety and privacy is at risk if they are careless with passwords and other access codes.

After awareness, comes process. Lock computers when not in use by using password-protected screen savers. Publicize that network usage is being monitored to prevent temptation. Have punitive measures spelled out for breach of acceptable use policies.

Terian Tyre is a contributing editor.
COPYRIGHT 2003 Professional Media Group LLC
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Special focus: security
Author:Tyre, Terian
Publication:District Administration
Geographic Code:1USA
Date:Nov 1, 2003
Previous Article:Are script kiddies hacking your system? How to fight the onslaught of cyber attacks.
Next Article:Self-defense in Texas.

Related Articles
Littoral combat ships will help U.S. forces gain access. (Commentary).
Pentagon defining homeland security role. (Security Beat).
Transforming the United States global defense posture.
Building an effective hemispheric counterterrorism strategy.
Northern Command not directing enough attention to maritime defense.
American forces press service (Feb. 7, 2005): budget emphasizes present, future warfighting capabilities.
Transforming the Department of State to meet the challenges of the 21st century.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters