Photo via Flickr, Brian Lane Winfield Moore.
The final installation of this two-part series explores how to protect school networks from viruses and student misuse by screening outside devices, blocking inappropriate content and ensuring network visibility.
Student-Owned Devices Can Affect Your Network
Students aren't the only ones who are vulnerable. School and university networks can be victims too, especially when student-owned devices are allowed on the network.
"Due to budget cuts, we're seeing more and more that districts can't supply enough devices for students and faculty," says Frank Andrus, co-founder and CTO of Bradford Networks. "They are allowing students and faculty to bring in their own devices, and once they do that [the school network] really becomes a huge guest network."
Anaheim Union High School District in Anaheim, Calif., recently received requests from some of its parent councils asking that students be able to log into the district's network using their own laptops, cell phones and other devices.
Related Article: Your Ultimate Guide to Student and School Internet Safety: Part 1
"Students want to have more opportunity to use the tools that their parents have given them to do research and homework during passing periods, during lunch and after hours if the student is engaged in extracurricular activities," explains Erik Greenwood, the director of education and information technology for Anaheim Union.
The district already allows faculty to log into the network using personal devices, and Greenwood believes it is only a matter of time before students can too.
"I think there will be increasing pressure on the technology staff to make sure that the school district's infrastructure can facilitate those devices," he concludes.
Devices Must Be Screened Prior to Access
If a district allows students to access its network on personal devices, it is vital that those devices are screened accordingly.
"The issue with personal devices is that the settings are not maintained in a manner consistent with best practices," says Denis Kelly, an expert on identity theft prevention and chairman of the Identity Ambassador Commission. "Generally, you can use an airlock type approach. When a device connects to the network, it's placed in a holding area where [the student] doesn't have any access to resources. Then a security scan can be performed to verify the...readiness of the device."
Frank Andrus, co-founder and CTO of Bradford Networks, says that schools are increasingly allowing student-owned devices to access their networks.
Bradford Network's Network Sentry products allow districts to ensure that the devices connecting to the network are equipped with up-to-date anti-virus and anti-spyware software
They can also be used to "look for prohibited or acceptable applications," Andrus explains. "If a district doesn't want peer-to-peer applications on their end stations, we can look for the peer-to-peer applications themselves. If a station has those, we can tell the student that they have to remove them in order to gain access to the network."
Network Visibility Is Key
Having the ability to monitor student Internet activity is important for districts looking to ensure that students are not bypassing content filters.
Earlier this year, the New York Department of Education was forced to install new Internet filters in the city's schools after a group of third graders from Public School 85 were able to view inappropriate photos by searching the phrase "hot girls" on Google.
Using a network solution, devices can be registered to specific students or faculty members. In addition, students are given their own log in credentials. Under this system, school officials will be able to tell whose device is being used to access inappropriate content, as well as who is using the device even if that person is not the owner.
"[Districts] can actually use the information not only to have a secure environment, but also to see what the behavior of their student population is," Andrus says. "Typically, students aren't doing something bad; they just may be connecting something to the network that's bad [such as a computer with a virus]."