Safeguarding school networks

The security of school networks remains a vital concern to educators worldwide. In lower grades, school officials worry that young learners will view inappropriate Web sites. At universities, they fear that unauthorised people will access sensitive research or correspondence. At all higher levels of academia, educators lose sleep wondering if someone could pilfer confidential student records or vandalise school resources.

Two truths exist for schools of any size or level: the risks are real, and there`s no single way to lock down and completely protect a school network.

Networks are complex systems that deliver a variety of services and each component or service presents its own risks. But those risks can be reduced by taking a systematic, layered approach to security.

The surest way is through a three-phase approach: methodically evaluate the network infrastructures and services; pinpoint the inherent vulnerabilities; and then deploy the appropriate measures.

Although Web and e-mail services can greatly enrich education, every gateway to the Internet is a door into the network.

The most useful strategy for eliminating this risk is firewalls. When deployed at every network connection to the outside world, firewalls erect a "perimeter wall" surrounding the network to help ensure that only authorised users enter.

In addition, robust firewalls can defend the network against some viruses, which can corrupt files and applications, and hacker assaults like denial-of-service (DoS) attacks, which undermine network availability.

A full-featured firewall will also provide a by-pass port for the hosting of extranets. This allows schools to post publicly accessible Web pages that share school information with stakeholders, while deterring hackers from violating the network.

School data might be safe behind the firewall, but what happens when information leaves the campus network and traverses the Internet to another location?

If unprotected, messaging among campuses, facilities, or home offices can be at risk for interception, theft, or tampering - a critical concern when communications contain confidential records or proprietary research.

Advanced firewalls offer yet another functionality that safeguards academic institutions called virtual private networks (VPNs).

VPNs allow you to scramble or "encrypt" any communication through a virtual "tunnel" when in transit between locations across the Internet. Transparent to users, VPNs provide a hacker-resistant class of protection for the most sensitive information being sent or received by school officials or governing body members.

Even the best electronic barriers cannot protect an infrastructure if troublemakers are on the inside of the "perimeter wall" using campus computers.

Safeguarding the network`s interior is a major challenge, particularly in the open environments of colleges and universities. To meet this need, administrators can set restrictions through electronic policies that determine which devices can access specific servers and applications.

These policies, for example, will allow anyone in the campus community to access servers containing public information, but deny all but authorised users from retrieving private administrative or business resources.

There are two complementary methods for securing the interior of a school network.

Administrators can deploy switching solutions that support virtual local area networks (VLANs) and access control lists. These functionalities permit schools to segment traffic on a single networking infrastructure, thereby keeping student and faculty/administrator traffic separate.

An even more robust approach is to embed firewalls in every desktop computer, laptop and server. Embedded firewall solutions are essentially firewalls within network interface cards (NICs) that permit devices to access only the servers and applications for which they have authorisation.

Operating similarly to a perimeter firewall, this innovative approach will allow, for example, just members of a research team to access a specific server.

Wireless connectivity is ideal for providing simple, easy-to-expand and pervasive networking throughout facilities, residence halls, or an entire campus.

Yet wireless solutions have been victimised by scare mongering, which conjures up visions of someone sitting in a school parking lot hacking into a wireless network.

In reality, today`s wireless systems offer a variety of hardened security capabilities that can equal the protection found in traditional wired systems.

When based on the widely adopted WiFi wireless standard, for example, these solutions deliver extremely strong encryption as well as techniques like RADIUS authentication to ensure only authorised users access the network.

For additional security, many wireless vendors even offer proprietary safeguards that are layered on top of existing precautions. Simplicity, cost available security makes the addition of wireless capabilities a no-brainer.

In the long run, network security solutions are effective only if they are cost-effective, can grow with the school`s network and are easy to administer and maintain.

Academic institutions, particularly schools, often lack the IT resources to administer complex security systems.

Be assured, numerous risks exist in a school network, but affordable, low-maintenance security solutions are available that will help plug the holes at multiple layers and multiple points.