Osage County: Security in a Small School District
- By Dian Schaffhauser
The Osage County R-II School District in Osage County, Missouri, is tiny--600 to 650 students, according to Richard Becker, technology coordinator. Yet it faces the same computer security challenges of larger districts with far fewer resources--a scarcity of resources that includes staffing. Becker himself makes up half of the entire technical team. The district is located in Linn, a rural town of about 1,400 people, many of whom commute the 20-plus miles to the Missouri capital, Jefferson City.
How does a small district stay on top of security matters? The solution consists of one part technology--albeit mostly legacy--one part elbow grease, and one part a "secret weapon" resource provided by the state.
The Current Infrastructure
Osage County R-II consists of two campuses a few miles apart, one with the elementary school and administration offices and the other with the junior and senior high buildings. Recently, it went live with a 1 gigabit fiber optic intercampus network connection to replace the 11 megabit wireless solution. And soon, work will be completed on a fiber optic Ethernet connection delivering Internet access for the district at 5 megabits to replace the existing T1 circuit delivering 1.5 megabits.
Also, in the last 18 months, Becker and technologist Eric Morfeld have upgraded from the Novell NetWare version 4.11 network operating system to Windows Server 2003 and Active Directory. Last year, the district had a "hodge-podge" of old machines including Windows 95 and 98 workstations, Becker sayd. By the end of this school year remaining Windows 2000 machines will be replaced by computers running Windows XP and a newer version of Microsoft Office. The network has about 350 workstations.
Becker, who has been in the job for four years, said the district, which was coming out of several financially stressed fiscal cycles, had no technology budget when he arrived. Money was spent purely to keep systems running. Yet recently voters approved a bond measure that made about $200,000 available for technology improvements. The lion's share of that--$124,000 to $140,000--was dedicated to the installation of interactive whiteboards. But that left sufficient funds to make other upgrades possible as well.
Becker said he realizes his district isn't cutting edge. Video surveillance currently consists of eight cameras that feed into a VCR system at the high school. Every three days the principal swaps out the tape. The maintenance folks have installed interior doors at the main entrance of the elementary school that are locked from the outside and require office personnel to grant access to the building. Fences and locked gates were constructed around the elementary that require a keycode to gain entrance.
But beyond that, Becker takes the layered approach to security because, he said, "like anybody, we have to deal with external threats." He pointed out, "It doesn't matter where you're located. It's not a big city thing. If you have a broadband connection to your network system and surplus storage capacity, that's attractive to hackers, virus/malware distributors, illegal file sharers, and e-mail spammers."
The district has a 3Com SuperStack 3 Firewall as the first layer of security to perform intrusion prevention. That's a product that 3Com stopped selling in 2005. Because he's had good luck with 3Com products, including switches, the phone system, and the legacy firewall, Becker said he's staying with the company product line and deploying a TippingPoint firewall to bring it up to date. (TippingPoint is a subsidiary of 3Com.)
The next layer of protection is provided by Microsoft Proxy Server running SurfControl (now Websense) Web Filter, which restricts Internet access for all but a few of the computers in the district. Becker, who is still evaluating his options, may replace this early edition of Internet Security and Acceleration (ISA) Server during the summer with some combination of an updated version of ISA Server and Cymphonix, a Web gateway solution recommended by Walling Data Systems, one of the software distributors the district works with.
That upgrade is driven by two desires: to do less manual intervention and to gain better management over image-heavy sites, Becker said. For example, his current system can't automatically handle anonymizer or remote proxy sites. Students who attempt to go to MySpace, for example, are blocked from that site at the proxy server. But last year, they figured out that by going through Vtunnel, a Web site that helps users "beat Internet filtering," they could get around the internal security. Becker discovered the ruse by studying his logs. "My current SurfControl doesn't detect that," he said. The kids caught going around the security layers were called in for a meeting with him and the high school principal.
Now Becker checks his logs daily, searching for specific sites the students like to get into--including MySpace, Yahoo, YouTube, and Gmail. He'll watch network traffic real-time if he knows a substitute is working a class. "Sometimes the kids like to see if the substitute is going to be on top of things. I'll just monitor and see what kinds of things they're up to." That type of support activity, he said, would be a "monster" if the district were larger.
Likewise, the current security setup doesn't handle images well. "One thing we haven't blocked is Google images," said Becker. "It's harder for our older security software to pick up problems with images."
The next layer of security happens at the workstation, with the district's use of AVG, an anti-virus program. There, too, Becker would like to upgrade to the latest edition (version 8) in order to protect against malware.
Decision-making and a Secret Weapon
A technical committee composed of teachers and staff from each of the schools, as well a couple of students, Becker himself, and the occasional community resident, such as the person who runs a local computer business, meets on a quarterly basis, when there are new topics to address. Becker said the group has only met once in this school year, since he's been finishing up initiatives, such as the fiber upgrade, that were already approved.
During those meetings, Becker explained, his job is "to say we don't have unlimited resources. There's a thousand things we can spend technology money on. We have to be able to take this forward and say, 'How is it going to help the student learn more or help the teacher? What's our business case?'"
From there, the committee's recommendations go the board of education for approval.
But in the area of security decisions, Becker typically comes up with the projects that should probably be undertaken.
Even there, however, he doesn't make decisions alone. He relies on a resource called "MOREnet." Established in 1991, the Missouri Research and Education Network provides Internet connectivity, access to Internet2, technical support, videoconferencing services, and training to the state's K-12 schools, colleges, universities, public libraries, health care, state government, and other affiliated organizations. "They provide a great service, especially to smaller districts that operate on leaner budgets and staffing," said Becker.
For a yearly fee, the district has access to training (including numerous security-related events) and expertise. (MOREnet helped Becker's district negotiate its latest fiber lease agreement.) Becker relies on the organization's security experts to keep him updated on security threats that are hitting in the state. "They might send out an e-mail: 'Make sure you're applying this patch. If you're seeing traffic from here, take these steps....'"
In fact, said Becker, the director of security for MOREnet actually "used to sit in my chair," as the first technical coordinator for this school district.
Becker also uses MOREnet for professional networking. When he's evaluating different products, he'll use the listserv mailing list to ask others how they're addressing specific security concerns. "Maybe I'm looking for a new firewall. I'll send out a message: 'What's everybody doing for firewalls?' Then I might get a bunch of schools [responding]."
In spite of a tight budget, limited resources and a small staff, Becker said he sees the future unfolding for his district. With the greater bandwidth he said he envisions offering a way to provide classes through distance learning that aren't currently offered. Likewise, a new student information system may be in the works, once a new superintendent is in place. Plus, he said he anticipates going digital with video surveillance. Until then, he has logs to monitor, listserv messages to read, and a bunch of computers to upgrade.
Get daily news from THE Journal's RSS News Feed
About the author: Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.
Proposals for articles and tips for news stories, as well as questions and comments about this publication, should be submitted to David Nagel, executive editor, at email@example.com.
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.