Safe at Home
- By Charlene O’Hanlon
- 10/01/09
Combining high-tech safeguards with face-to-face user education is a must
for schools whose laptop programs allow students to take the computers off-site.
FOR A CAUTIONARY TALE on the consequences of
rolling out a take-home laptop program without any regard to
security, talk to Lloyd Brown, director of technology at Henrico
County Public Schools in Richmond, VA. Brown saw a failure to
plan for the mischievous browsing of student users threaten
his district's 1-to-1 effort in its first year out of the chute.
"Kids being kids, they loaded anything they could on them,
and that put our network at a big risk," he says. "It hit us like
a ton of bricks in two months." The network began to tie up as
viruses and malware infected the machines after students
inadvertently downloaded poisoned programs. "We hadn't
really given security a lot of thought," Brown says.
That lack of forethought forced the district to recall and
reimage all 14,000 or so laptops over the winter break. The
devices were then returned to the students-- lesson learned
and Norton antivirus software in place. "What was done was done," Brown says.
"We just had to take our processes and fix them."
Today the district protects its laptops on- and off-site with an "image management control" plan, Brown says. A Lightspeed web filter blocks inappropriate
sites and the latest antivirus software is on constant watch.
Students are kept from loading unsanctioned applications
onto the machines without permission from above. When a
student wants access to an unauthorized program, a "software
request" flows upward from the student to the teacher, on to
the department chair, and then to the district office for review.
"We have to be cautious of what we let the kids get to on
the internet," Brown says. "It's for our protection as much as
it is for theirs."
PC, Phone Home
The IT team at Battle Ground Academy, a private K-12 school
in Franklin, TN, takes similar measures to protect its takehome
laptops, using Sophos antivirus software
to prevent unauthorized apps from running. An even more
critical part of its defenses is Kbox, a desktop
systems management tool from Dell KACE. The system regularly inventories
all the school computers and undoes
any installations of programs that have
been flagged by the school's administrator
of technical operations, Andrew Peercy. If
any forbidden software is found, it is automatically
uninstalled the next time the user
turns the machine on. "I don't even have to
know," Peercy says.
Putnam Valley Central School District lasers its name onto all
of its PCs, reducing their resale value on eBay to zero.
If the shame of being caught by Kbox isn't
enough of a deterrent, improper installations
come at a price: a stack of demerits
from Peercy. Each demerit brings an hour
of Saturday detention for the offending
student. "If you get too many a semester,
it begins to hurt your grades," he says.
"Being a private school, we can do that."
Putnam Valley Central School District in
upstate New York doesn't stop at monitoring
student use; it stays on top of the physical
device itself. Should a machine go missing, a sophisticated tracking system is used to hunt it down. The
technology acts much like a GPS, sending out a signal when
the laptop is turned on, which administrators can use to find its
whereabouts. Michael Lee, the district's network administrator
and CIO, says the system is "a 'phone-home' solution built inhouse." The custom application, developed using technology
from Skyhook Wireless, is buried
within each laptop and enables "pretty accurate" location information
based on WiFi positioning.