|The Internet is a wonderful resource for schools and colleges, but it brings new problems to worry about. Stories about viruses, hackers and porn websites have become increasingly frequent in newspapers and on TV. For those in the education world, it can be difficult to separate the hype from the true risks, and to make decisions about how to tackle this problem.|
The reality is somewhere between the extremes of the doom-mongers and those who don't see a problem: yes, Internet security threats can cause major problems and need to be taken seriously, but with some basic planning and a reasonable level of investment, they can be kept firmly under control.
Educational establishments today often have IT demands that are greater than many private companies, and schools and colleges may have 200 or more PCs networked together. With this level of IT systems, it's essential that there is the right level of Internet security in place to protect from hazards such as viruses, "spam" and inappropriate website content. However, schools and colleges have additional concerns to the private industry:
- A duty of care to protect pupils from offensive material.
- Students' often reckless attitude towards security.
- Lack of time for the person in charge of IT - particularly if they are a teacher with an already heavy workload.
- Lack of financial resources.
Considering all this, it's a difficult job to keep Internet security protection up to a sufficiently high standard. The most common threats that need to be countered are:
- Viruses: these are small computer programs that can be inadvertently transferred by email from other Internet communications, like file sharing, or on floppy disks or CDs. They may be harmless, or can cause serious damage like erasing files or sending out malicious emails from the infected machine.
- Spam: this is a general term for junk or unsolicited email. The latest figures estimate that up to 90% of all email is spam - as well as the time it wastes for people to read and delete it, it uses up IT resources, and can be unpleasant.
- Intrusions and hackers: computers outside the school's network can try and 'hack' into the network if there is no protection. This can give them access to files on the school's PCs, potentially including confidential and sensitive information.
- Inappropriate website content: Internet users at the school or college could be looking at pornographic or other unsuitable material on websites - this is obviously particularly important to control for an educational establishment.
So, how to block these threats? Many different solutions are available on the market, including hardware, software, and managed services. At a basic level, most educational establishments have some form of firewall to block unauthorised Internet access, and anti-virus software.
Unfortunately, configuring them is far from easy. Once configured, they need to be updated every day to protect against new threats: a task that is time consuming, boring, and often ignored. The resulting lapses in security are frequently only discovered after a problem occurs.
Offensive material on the Internet can be filtered out, and various software or hardware tools are available to block spam emails. Intrusion detection and prevention is also an essential to block against attacks since firewalls in themselves cannot block many intrusion attempts without also blocking legitimate traffic), and further security measures are required if schools want to enable staff to work remotely.
Another issue to consider is how to handle teachers and students taking laptops home and then bringing them back onto the school network - possibly with a virus infection they've picked up away from the school. Here, the best approach is to put in place strict controls over which machines are allowed to be connected, and to ensure that all staff machines (and ideally those of pupils as well) have the latest anti-virus software installed, and that it is updated regularly. In practice, it's almost impossible to keep this level of control, and some level of protection is needed for the network and at the gateway from the school to the Internet.
While the update for Microsoft's Windows XP operating system (called Service Pack 2) has made positive strides to improve security, it is no substitute for the security protections described above. Furthermore, many schools will still have PCs running older versions of Windows (2000, ME or 98), which don't offer the same safeguards as the latest Windows XP version.
All of these security solutions require time-consuming monitoring and configuring, an investment in time to understand the systems, and in some cases further hardware to run them effectively on. Not something that your average IT manager, let alone teacher, has time for. In fact, the most costly part of Internet security is the IT expertise and time to configure, update and maintain the systems and software.
Virus writers are also getting smarter at exploiting the human weaknesses of ICT managers. It's no coincidence that several recent major viruses have been released on Friday evenings, giving them the best chance of causing havoc with unprotected systems over the weekend before the harassed ICT staff can update their anti-virus software.
To solve these issues, it's worth considering outsourcing Internet security. This provides fast, expert response to security threats, and updates against new dangers can be automatically provided. Costs are known up front, and outsourcing allows IT staff or teachers to concentrate on their core tasks - and to take holidays and weekends without the risk of leaving the school vulnerable!
In conclusion, Internet security is a threat that educational establishments must take seriously, and must allocate sufficient resources to deal with. There are different threats that must all be blocked to ensure the establishment is complying with its legal and moral duties to protect staff and students.
However, by putting in place the right combination of hardware and software tools, or by investing in an outsourced managed service or all-in-one security appliance, schools and colleges can tackle the security threat, and ensure their teachers and pupils can safely take advantage of the many benefits the Internet brings to education.
About the Author
By Simon Heron, Technical Director at Network Box UK (www.network-box.co.uk)