General Security
Revised and Updated by Amy Benish, University of St. Francis, Joliet, IL
Addendum written by Yvette Kelsey, Haines Middle School, St.Charles and
Linda Griffin, West Middle School, Rockford
Original written by Jim Peterson , Bloomington School District , Bloomington, IL
Introduction
Running a complex system of technology equipment that is not only connected to a local network, but also the outside world can be quite a lot for a network administrator to tackle. Now, more than ever before, there are not only dangers of users gaining access to inappropriate places on the internal network, but still others on the outside who are trying to get in. Connectivity is not enough anymore. Vigilance in the study of perfecting both local and wide area network communications becomes more and more necessary as users become a part of that world.
Types of Security Risks
Three types of security risks exist according to Lincoln Stein and John Stewart; including:
- Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:
- Steal confidential documents not intended for their eyes.
- Execute commands on the server host machine, allowing them to modify the system.
- Gain information about the Web server's host machine that will allow them to break into the system.
- Launch denial-of-service attacks, rendering the machine temporarily unusable.
- Browser-side risks, including:
- Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.
- The misuse of personal information knowingly or unkowingly provided by the end-user.
- Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server including:
- The network on the browser's side of the connection.
- The network on the server's side of the connection (including intranets).
- The end-user's Internet service provider (ISP).
- The server's ISP.
- Either ISPs' regional access providers
Issues
Many school-based network discussions start with settling on how much access users should have to the computer in front of them, the local server, the wider network and the rest of the Internet world. Decisions are often made by combining philosophical teaching beliefs and security concerns. One network may house student portfolios, confidential student and grade information, teacher information and everyday student work. With this variety, the presence of a knowledgeable person to protect the network is imperative. Luckily today, there are many software options for security settings. FoolProof, Mac Manager, Novell, Zenworks, and Windows security systems (many discussed in the original Educator's Guide) are expensive yet have already anticipated many of the "bugs" that newer systems may not have. Newer options, such as Freeze are becoming more popular as it has jumped ahead to incorporate new features. Choosing the right security software can pave the way for an effective networked learning experience.
Once a network administrator fully incorporates a computer into the network, complete with drives on which to save, how much access to the hard drive is necessary when that students sits down at the computer? How about teachers? Many security programs like Novell allow administrators to create one security package for students and a separate one for teachers. How should those packages differ?
Minimizing Potential
To avoid conflict and confusion about the security in your school, first think about what you will be using your computer for and what your students will need as well. Familiarize yourself with the security software you are using. Most programs such as Hyper Technologies Deep Freeze will allow you to make changes to your local computer that will be automatically reset when you reboot it. Most programs like this minimize problems with both the server and the computer itself with just a reboot.
Always test everything first. Do not assume your security software will do automatically do something for you. Check it out on your own before you put students in front of it. In addition, if there are places students should not be attempting to get into (through security) tell them that. Being up front with them that there is sensitive information on a network that they do not have access to for a reason will give you an opportunity to lay down the law about misuse.
Legal Implications
Security software systems can provide your school with more accountability both on Internet and Intranet. Nearly all systems have unique logins and passwords for each user which allows a network administrator to track inappropriate use when it occurs. When a user chooses to login, they are deciding to identify themselves to the network and work under the understanding that everything they do can be tracked, including hacking, etc. It is important that all users be aware of this when they are awarded their login and password. Many schools have started using agreement pages like the one shown here at various stages of access to remind users of the appropriate way the resource should be used. This particular example pops when a student chooses Internet Explorer as an option in their application launcher to remind of what the expectations are while they are using it. Users have to check-off and accept the rules to continue use of the Internet. Legally, it may not be binding; however, it does show the school's commitment to appropriate use of the network and puts more of a burden on users to behave appropriately.
Frequently Asked Questions (FAQs)
Who makes decisions about general network security in my school?
Although it varies by school and district, there is usually a district and/or building network analyst or administrator. That person has control over access issues and accounts. Most often however, this person does not make decisions alone. A district technology coordinator/director, technology committee or principal often has a say as to what is available.
What questions should I ask when purchasing new security software?
Start by asking what you want the software to do for you (ie. keep students away from sensitive information, provide students with shared information, etc.). Once you have determined that the software can achieve what you want, check to see if you can vary settings by user. Most will allow your teachers to have access to different items than students. For instance, students do not need access to a grading program. Finally, make sure it is compatible with your current network setup. Know what software you are running, operating systems and server specifications before investigating.
Web Site Directory
The World Wide Web Security FAQ
The Computer Security Institute
Computer security information
Internet firewalls
Freeze: a program which is currently being used at local community colleges with success
Last Updated:
08/02/2005
|