Security considerations in the classroom

Posted: January 14, 2009 in Endpoint Management, Posts

As NCP has recently been selected to provide end-point security solutions for California-based Marin Montessori School, we thought we’d take today’s post to examine the unique IT security challenges for networks in educational environments.

In addition to the risks of compromising organizational data and IT assets, educational institutions have to worry about a growing list of illegal activities students can engage in online, for which schools are legally accountable. Certainly, there are budgetary considerations as well. Adopting too complicated a set of policies and technologies will result in inconsistent and ineffective implementation and enforcement – something most schools at the primary and high school level simply do not have the IT staff to manage.

For more on security in educational institutions, check out this article from Jim Carr in SC magazine:
IT security and education: Schools around the country find the right technology to protect networks

Comments
  1. Richard Burr says:

    I don’t think there’s a “one-size fits all” answer to this, but since one of the goals for many classroom situations is keeping students focused on the lesson (rather than going surfing), the SycnronEyes product from Smarttech, might be worth checking out. As an instructor, you can block un-block of Internet access, view thumbnails of student desktops, and force your PowerPoint slides (or whatever you want) onto their desktops.

  2. Sandip Wadje says:

    Please check unisog@lists.dshield.org . This list is specifically dedicated at University Securities. You can find a lot of discussions here on cost effective ways to manage security at educational institutes.

  3. Hal Logan says:

    K-12 is a difficult environment because in a large school district you have all the challenges of an enterprise network and nowhere near as much of a budget. Neither security systems nor security people come cheap.

    My local school district arranged for a partnership where the county government’s security team functions as the security team for the school district. The security team got one extra position added to it, and the members of the team have the resume bullet that they handled security issues for two enterprise networks. Considering the current economic climate, that move gave the security team additional job security as well.

    The key to an effective partnership in this case was the agreement that both networks would use the same security solutions where possible. What adds to a security team’s workload is more the number of security systems they support than the number of workstations. In this case, it worked out to everyone’s advantage.

  4. Martin Hoz says:

    I agree that “one-site-fits-all” does not work on the education vertical. Still, there are a number of challenges that are shared among mid-to-high education institutions:

    * Production network (for “business” objectives) and academic network (research, tests) share infrastructure

    * Staff is known but constantly changes (academic exchange) and it is not possible to always control access

    * Valid reasons for one group to access some resources are not valid reasons for others (psychology or sociology students looking at “Pornography” for academic reasons vs engineering students looking at “pornography” for “entertainment” reasons).

    * Myriard of technology: On the enterprise you can dictate your laptops will be X, will run Y operating system, etc. On the School, alumni and academic staff may bring whatever they want as platform technology they want, running whatever Operating Systems/Applications they want – and no, they won’t allow any specific piece of code running on their equipments.

    So, some guidelines to align a strategy and perhaps choose some technology:

    – Security plan must separate (As much as possible) academic/research network from production network: If possible, any traffic related to production (human resources, alumni databases, etc.) should be made “invisible” to the academic network, and networks should be split: VLANs, VPNs, firewalls…

    – Access to production and sensitive databases should be controlled from specific sites and use access control as much as it can be.

    – The non-academic (administrative) staff, regularly can be secured the same way as it would be on a corporation: using standard technology/OS to ease patching duties, updates, backups and technology-specific protection (IDS/IPS, Antivirus,)

    – Have RBAC (Role Based Access Control) whenever possible for shared resources (i.e. computer labs) and those locations should be separated (VLANS, firewalls, etc.)

    – Public access networks (free HotSpots for students), should be ID-controlled if possible (LDAP, RADIUS, etc.) and have outgoing controls (Especially IDPs) to avoid attacks to other parts of the infrastructure. Consider that anybody can connect there and these public network segments should be treated as untrusted (as if they were outsiders, because in some sense, they are).

    – Border Internet access must be secured not only for incoming, but especially for outgoing attacks: universities are specially prone to be source of DoS/Worms/malware attacks. They should avoid liability by protecting outgoing traffic and trying to internally identify/isolate the source of attack.

    On the technology side, nowadays UTM (Unified Threat Management) story is specially great, because it allows to have commonly-used tools such as Web Content Filtering, IPS, Antivirus and Firewall, to be deployed using fewer boxes. As you mentioned the “cost-effective” part, is worth to mention that licensing schemes for Schools scenarios (where in some cases the amount of “users” is not easily predictable for the next academic cycle) can be prohibitive. However, there are vendors that do not charge per-user, but on a per-appliance basis, and this is something to take in account when choosing technology brands…

  5. […] By vpnhaus 0 Comments Categories: Posts We’ve posted before about security considerations in the classroom, and wanted to point readers toward further reading in that […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s