What they are and how to deal with them
How They Handle It
DWAYNE ALTON, Director of IT School District of Lee County, Fort Myers, FL. 107 schools (including charter schools), 80,000 students. Alton has spent seven years as director, moving up from positions as systems analyst and technology support manager.
Wireless security: Again working with Cisco, the district has installed an intrusion detection system, which alerts IT staff when someone creates their own access point. The location of the point can be triangulated and jammed if necessary. "The first people we caught bringing in their own access point were state auditors," Alton says.
Staff: The biggest threat to security comes from employees, and Alton is looking at ways to limit access to internal staff so they can't use inside knowledge to compromise the system after leaving the system's employ. This hasn't happened yet, and Alton hopes that it never does.
Portable devices: Smartphones and cellular air cards allow users to bypass filtering software. Alton says, "We're looking at methods to keep unapproved devices off the network."
Disaster recovery: The system has used tape backup and a secure facility, but it's looking to real-time replication to a third-party site.
LENNY SCHAD, CIO Katy Independent School District, Katy, TX. 52 schools, 56,000 students. Schad has been with the Katy district since 2002 after a career in the oil and gas industry. The fast-growth district adds 3,000 students a year, opening four schools this fall.
Remote access: The district has implemented a solution from Citrix Systems Inc. for remote access to monitor and track usage. "We feel we have a good handle on this," Schad says. "We allow a small group of tech people access to our (virtual private network)."
Password security: The district has taken several steps to increase control of passwords. Procedures include prompting employees to change passwords every 60-90 days, quick removal of user IDs from former employees, and individual tracking of system administrators.
Desktop/laptop security: Tech staffers are developing sticky notes with a cute saying to increase awareness about logging off.
External storage devices: The district has partnered with other ISDs in the area, working with vendors as Trend Micro, CDW-G, and Cisco on a software solution to alert support staff when unauthorized devices are connected to the network.
Use policy: Schad is the executive sponsor of a cyber security task force to set clear guidelines concerning hacking and appropriate-use issues.
SLADE JAMES, IT Director Coronado Unified School District, Coronado, CA. Four schools on six campuses, 5,000 students. James has been with the district for four years and in the IT field for 13. In his former job, he was under a U.S. Navy contract to hack into its systems to unearth security flaws.
Viruses: "I implemented NOD32 antivirus software from ESET in the first year I was here," James says. "They have exceeded expectations."
Spam: The district uses antispam software from Sophos Inc., which he says is largely effective.
Content filtering: The district uses iPrism from St. Bernard Software, which has been in place since James started. "We're still looking for better service," James says. "We think we can find something better, but cost remains an issue."
Unauthorized applications: The district is using Windows Active Directory to prevent the unauthorized use of software applications such as the Firefox web browser, which can be loaded from a thumb drive and circumvent the district's filtering technology. "It's a little annoying, to be honest," James says of the continued infiltrations. "We've got a good handle on it, though."
SCOTT GUTOWSKI, CIO/director of IT Lyford Cay Intl. School, Nassau, The Bahamas. One school, nursery through 12, 320 students from 35 countries. Gutowski's decadelong career in IT has included working on the Hopi Indian Reservation in northeast Arizona before arriving in The Bahamas nearly three years ago.
Proxies: The school has a 1-to-1 laptop program, and is configuring those computers to go through the school's proxy services. "We had an incident this summer, where a parent found questionable material on a student's machine while it was home," Gutowski says. "Parental user inexperience is becoming the unspoken responsibility of the school."
Outgoing traffic: Traffic is routed through a proxy server, then through SonicWALL's content filter.
Machine accountability: The school uses the PowerSchool SIS, a Web-based program for student records, report card information and other data so that information is not placed on a desktop or laptop that could be hacked into or stolen.
TWEENS in TROUBLE
Just as student Internet use skews younger every year, so does the age of those victimized online. Over 40,000 K-12 kids were surveyed last year by The Cyber Safety and Ethics Initiative (CSEI) at the Rochester Institute of Technology. Among other surprises, they discovered significant amounts of students in middle school dealing with issues many think don't become a problem until high school—offenses such as inappropriate requests or chat. Another myth buster: a majority of these crimes are committed by a peer of approximately the same age and grade level, not some unscrupulous adult.
For the full report, go to: http://www.rrcsei.org/research.html