Taxing the System

• By Bridget McCrea
• 04/08/08

Eager to comply with the Children's Internet Protection Act (CIPA), which addresses concerns over access to "offensive" Internet content on school and library computers, the Poway Unified School District made a move this year to ensure that its 33,000 students are kept as far away as possible from such content. By beefing up its Internet content-filtering, the San Diego, CA district also put itself in the position to qualify for federal grants not accessible to schools that don't comply with CIPA.

"Our first few filters were software-based and too slow and cumbersome," explained Marc Ludwig, systems engineer for the district, which comprises 23 elementary schools, six middle schools, four comprehensive high schools, and one continuation school. "Students were getting around the blocked Web sites by simply turning the proxy off in their browsers, so we knew we had to look around for something more robust and comprehensive."

When shopping around for a better solution, PUSD learned of a solution being offered by St. Bernard Software, also in San Diego. The vendor presented its iPrism Model 3100, a dedicated Internet filtering appliance that secures organizations from potential Internet-based threats, such as spyware, IM, P2P, and inappropriate content, while also helping to enforce acceptable use and security policies.

"We saw that the filtering would be easy to manage; you could pretty much install the appliance and forget about it," said Ludwig. "So we bought it." The appliance allows the district to block all pornographic, gambling-related, and other sites that district administrators have deemed inappropriate for students. "We have a whole list of categories that we give to our school board," said Ludwig, "which looks at it and decides what it wants blocked, based on CIPA and bandwidth."

In March, the district took its dedication to Web security a step further when it became one of the first to install St. Bernard's new iPrism h-Series Web monitoring appliance. Designed for enterprises of all sizes, the new models are available in five configurations (the iPrism 10h, 20h, 30h, 50h ,and 100h) and target risks associated with Web, instant messaging, and P2P applications.

Starting at $1,200, the iPrisms are hybrid-ready and designed to enhance iPrism Web Filter capabilities now while helping organizations prepare for new features and functionality in the future. Compatible with all supported versions of iPrism operating software, the new appliances provide throughput speeds ranging from 10 Mbps to 100 Mbps, depending on the model.

Steve Yin, St. Bernard's vice president for worldwide sales and marketing, said the appliance stands out from other security options in that it gives school districts a complete package that includes an operating system, applications software, and the necessary hardware. "It's a unified platform," said Yin. The new release also includes the ability to scan Web site elements for viruses in real time and act quickly to avoid any spyware or malware imbedded in the site. About 5,000 organizations are currently using the platform--35 percent of which are in the educational field--and range in size from 50 to 50,000 users.

The upgrade to the new appliance went smoothly for Poway USD, which backed up its existing system, restored it to the new one, and resumed its security operations. "A few quick changes, and we were back in business," said Ludwig. The district utilizes a feature that maintains antivirus protection at the firewall, effectively blocking "everything that tries to come in the door," said Ludwig.

At its simplest, the product tracks who is doing what online while blocking and unblocking sites as its sees fit, based on the criteria set forth by the school district. It also creates an archive, or "trail," of that activity--something Ludwig has used more than once to show parents what their children are doing online. "They can call us and ask what Johnny was doing online between 2 p.m. and 4 p.m. on Thursday afternoon," Ludwig explained, "and we can get that information quickly and present it to them."

The system also allows the district to authenticate its users and enables certain ones (such as teachers or administrators) to override the criteria and access sites that students cannot. If, for example, a health teacher is putting together a lesson plan on breast cancer and wants to view a YouTube video on the topic, he or she can override the system for a time period that ranges from five minutes to eight hours. "This feature saves us a ton of time," said Ludwig, "because I no longer get calls from teachers saying, 'I have a lesson I can't teach because you are blocking me.'"

Along with the initial hardware investment, USD pays about $2,500 a year in subscription fees that cover hourly database updates that are "pushed out" to the appliances, according to Yin, who singles out school districts as very likely candidates for such security options. "Unlike employees, students spend a lot of time trying to get around stuff that they're not supposed to get around," Yin said. "They tax the system the most, and it makes engineers' jobs much more complex than in the commercial environment."

Read More feature articles • Get daily news from THE Journal's RSS News Feed

About the author: Bridget McCrea is a business and technology writer in Clearwater, FL. She can be reached at [email protected].

Proposals for articles and tips for news stories, as well as questions and comments about this publication, should be submitted to David Nagel, executive editor, at [email protected].