COMMENT ON THIS ARTICLE
Institutions of learning harbour the brightest and best, but also potentially dangerous minds.
That's why laying out network security for schools can be a challenge, as one school district in British Columbia discovered.
The IT team at B.C. School District 67 in the Okanagan Skaha area of the province found that some students had installed key loggers on computer terminals they shared with the teaching staff.
If you allow an untrusted user on a computer, that device becomes untrusted.-QuinText
Key loggers are software diagnostic tools that capture a user's keystrokes. The software, which is widely available on the Internet, can pinpoint sources of error in computer systems, but can also be used to obtain passwords and encryption keys.
The IT department that managed some 2,000 desktops, 300 laptops and 350 Citrix-based terminal servers, knew it needed to take extra precautions.
And yet, while tightening security, it could not deny students certain necessary tools and privileges.
For instance, the school district had no intention of restricting over 8,300 students from using USB devices which they have become dependent on for storing assignments and projects.
"Security can't be a one-size-fits-all solution where end users are so restricted that they can't do their work," said Danny Francisco, IT manager for BC School District 67.
The school district's network had a firewall against external threats, but with so many potential hackers on the campus, the IT team was equally worried about security breaches coming from within. Threats included unauthorized use of applications by students and the hacking into sensitive data.
"Schools are perfect breeding grounds for potential hackers," said James Quinn, senior research analyst at Info-Tech Research Group Inc. in London, Ont. "When you allow an un-trusted user to log on to a computer, that device potentially becomes an un-trusted device."
According to Quinn, security risks can be reduced by deploying separate computers for trusted users such a professors, and another set of machines for students.
Under this system, computers used by staff could have greater access to the network, while those used by students would have limited access.
Another solution is to use end-point security applications. "End-point security software acts as a checkpoint between devices and the network," said Quinn.
If the software senses the device is running an unauthorized application or one that could potentially breach security, the system boots out the device and refers it for quarantine, the Info-Tech analyst said.