Online Security

Nothing to LOL About

To dodge threats to students from social media, districts are choosing an unfortunate solution: blocking technology that has substantial educational value. New filtering tools offer a better option.

Brunswick County Schools (NC) is no enclave for technophobes. Students in all grades have full freedom to visit instructional websites, construct web pages, experiment with digital media, and participate in online educational activities. School administrators strive to have all students pass the North Carolina Computer Skills Test before entering ninth grade.

Brunswick’s nearly 12,000-strong student population no doubt has many avid social networkers in its ranks. Yet the district’s open spirit toward technology in education pinches up at the sight of Facebook, Twitter, and other social networking sites. “Our county does not use social media,” says Julie Sloup, media coordinator at Brunswick’s Virginia Williamson Elementary School. “They’re pretty much blocked in our school system, pretty heavily filtered.”

It’s not a natural position for Sloup to be in. She is in the technology vanguard, having won a prize for creating an interactive website that includes a “Digital Detectives” section, where students use databases and other online research tools to find answers to questions and then submit those answers through the site. The site also hosts a “Battle of the Books” contest, which invites students to discuss their favorite books on an online discussion board. Other features include fun monthly survey questions, feedback features, and lists of student resources for course assignments.

However, that’s about as far as Sloup wants to go right now with her students. “The site is a way to introduce kids to the educational uses of online media,” she says. “I’m trying to integrate them slowly into purposeful uses of technology. I know some of the kids already have Facebook and Twitter accounts, and for my fifth-graders, before they go to middle schools, we’ll have a lesson about using social media safely.”

Sloup’s conservative approach is the norm in K-12. According to a survey by the National School Boards Association (NSBA), 52 percent of schools block access to and prohibit any use of social media on campus. It’s a move that, judging from that same research, would seem to be counterproductive. The NSBA study found that 96 percent of 9- to 17-year-old students participate in online social networks; of that group, 59 percent use social media to talk about educational topics, and 50 percent talk specifically about schoolwork.


A poll by Common Sense Media ( showed that 51 percent of US teenagers ages 13 to 18 check social networking sites more than once a day. Twenty-two percent make more than 10 visits a day.

But schools fear the predatory behavior that lurks around social networking sites, where the exchange of personal information can make users sitting ducks for hackers, thieves, cyberbullies, and scammers. So they’re caught in what appears to be an all-or-nothing choice: take advantage of the academic opportunities that social networking sites can provide, or prohibit their use altogether in order to avert the security breaches that may result.

For now, the majority of schools are erring on the side of caution and opting for the latter, relying mostly on traditional filtering software to carry out that effort.

New Filters for New Media

But does it have to be one or the other?

There’s an emerging middle ground between a complete blockade and total access—new security technologies that can filter out inappropriate content more effectively than their predecessors can, enabling the legitimate use of social media while warding off attacks.

New content filters can reduce the threats brought by social media considerably, according to Nick Teplan, networking and security specialist at CDW-G.

It’s the Law—or Should Be

Which of the following updates is not safe to post on Facebook?

1) “Just received a job offer. Hooray!”

2) “I’m tired of all the rain.”

3) “Looking forward to the family vacation next week at Disney World.”

If you chose No. 3, you’re correct, according to IT security expert Brad Dinerman. By alerting everyone that you’ll be away for a period, you could tip off a potential burglar. You might as well “[put] a sign on the main road that shouts ‘Empty House’ for passersby to see,” Dinerman says.

In an entertaining and informative white paper, “Social Networking and Security Risks” ( Security/SocialNetworking.asp), Dinerman offers this and other examples of personal information that, if posted online, could expose you to identity theft, spams, hoaxes, and even threats to your physical safety. And while you can employ two prevention techniques—using technical solutions and keeping personal information confidential—the latter is by far the most effective. “Computer security education really, really needs to be changed,” he says.

Dinerman cites a revised information-protection law that went into effect in Massachusetts on March 1. The law requires any company that keeps data on Massachusetts residents to take steps to protect it, and also mandates that employees be trained in methods to secure the information. “I think we need to do the same thing for students,” he says. “Once a year, at the very least, all students should be given information-security training, both on what they should do technically and on what information they shouldn’t publish. If it’s something you don’t want the whole world to know, don’t put it up there. It’s the best way to protect students from others, themselves, and trouble.”

“Unlike other kinds of sites on the internet, social media sites have large amounts of user-injected content, making them uniquely vulnerable to malware,” Teplan says, adding that, while content filters have traditionally focused on blocking traffic, they are now beginning to “take an active role in classifying the content that comes across. A site like Facebook may not be a bad site in and of itself, but some of the content on the site may be inappropriate. The new filtering technologies will scan the web page and allow Facebook to come through, but also block infected or inappropriate sections of the site. With standard filters you cannot get that granular; it is ‘allow’ or ‘deny’ the site as a whole to the user.”

Teplan says the latest firewalls have several capabilities that make them better suited to detect malicious code before it hits a school’s network. Many of them belong to an emerging group of devices that provide unified threat management (UTM) services, which combine multiple security technologies within a single appliance. Unlike their older counterparts, today’s firewalls can detect specific application “signatures” and block them even if the unwanted application attempts to come across port 80—the port that most web traffic funnels through and, consequently, is left open by IT administrators.

“Now, instead of just doing inspection of the traffic as it comes across, these appliances are running antivirus, anti-spyware, and anti-intrusion system scans on all traffic as it hits the firewall,” Teplan explains. “The UTM appliances have expanded application functionality, which enables IT administrators to have greater control over the kind of traffic that is allowed on the network.”

Unlike the software of just two or three years ago, explains Brad Dinerman, founder and president of the National Information Security Group and president of Fieldbrook Solutions, a security consulting firm, a state-of-the-art firewall uses technology known as “deep packet inspection” to analyze all internet traffic, detect intrusions, and block or filter content based on rules that the administrator sets. “It functions like a bouncer,” Dinerman says.

Dinerman urges schools not to allow the price of a new filter—three or four times as much as a traditional filtering tool—to deter them. “Any school is always up against a budget crunch, but the first thing you need to have is a new firewall, not a six-year-old one that only has updated definitions.”

The few hundred dollars it will cost a school to get a basic firewall won’t provide “the granularity to allow enough options for the administrator,” according to Dinerman. “Relying on an old firewall is like protecting a bank vault with a screen door.”

That may well be, but the reality is that K-12 schools rarely have the budget to invest in these next-generation security tools, which involve the cost of upgrades, maintenance, and user training. So blocking social media sites is often their only option.

Natick Public Schools in Massachusetts is among the few districts that have invested in new firewall technology. Dennis Roche, the district’s technology director, has deployed Application Firewall from SonicWall, which goes beyond simply blocking threats to include controlling applications and data. Application Firewall allows IT administrators to set bandwidth restrictions (for example, streaming video sites such as YouTube can be blocked), deny uploads of files to certain servers, and block forbidden files, as well as create policies to define which users get access to what.

Yet the district remains wary of the consequences of opening up classrooms to social networking sites, and isn’t yet ready to allow students to access them.

“On the faculty side, we only block pornography, but on the student side, we filter content much more aggressively,” Roche says.

Roche sticks with moderated social networks such as TeacherTube and The Schools United. He is particularly enthusiastic about the latter, a free global networking site dedicated solely to the educational community and offering a wealth of resources such as teaching aids and multimedia files.

It’s not that Roche doesn’t believe in the collaborative and instructional value of social media. “Education is all about being creative and exploring,” he says. “Social networking sites offer a new set of tools to communicate, and we need to develop those types of skills and get familiar with them. Then we can relax some of the filtering.”

That day will come, he thinks, only when the teachers themselves know how to use social media technology, understand its benefits and dangers, and can guide students in its use. Therefore, Natick, with eight schools and an enrollment of about 6,000 students, has decided to teach the teachers first. Most Natick teachers already use wikis and blogs and are learning to use the open-source learning management system Moodle, which the district recently rolled out.

“Social networking is a new area that they haven’t fully embraced,” says Roche. “We have some high-flying teachers who know and use and love this stuff already, but the average teacher hasn’t mastered it. We’re not there yet.”

Going All Out

One school district hopes to get “there” faster than most. Brad Sandt, director of technology for the Park Hill School District in Kansas City, MO, wants to capitalize on the instructional value of social media sooner than later. He estimates that about 10 percent of the district’s 10,000-plus students use various forms of social media in school, mostly at the high school level. Blogs and Twitter are most popular, with the former in use for the past three years and Twitter gaining users mostly in the last 18 months.

“Twitter has actually proved to be efficient,” Sandt says. “Teachers and students use it for blogging, to post messages and links to content, updates about a class, an upcoming test, etc.”

Sandt’s approach is to welcome a tool that students already use a great deal outside the classroom. In an extensive nationwide survey by the nonprofit group Project Tomorrow, 43 percent of students in grades 9 to 12 said that their main way to communicate with friends online was through social networking sites.

“The fear of these technologies is, and will continue to be, an imposition that limits our students’ potential in the classroom,” Sandt says. “Our students are using these tools as soon as they leave the classroom until the time they return the next day. The focus for me is to take them and turn them into instructional tools and resources for our teachers.”

Although security is certainly a concern, Sandt thinks it can be managed effectively and monitored with traditional logging and filtering software; he uses a program from M86 Security. But he says students must be taught how to protect themselves.

“We don’t typically see any more vulnerability in social networking sites than in any other sites,” Sandt says. “Digital citizenship is more of a problem. The majority of students are very tech savvy today, but it’s still our responsibility to teach them what information they should not give out online.”

Park Hill tries to do that by starting each school year with a “Safety Night,” which allows parents and teachers to share their best practices in internet security. Plus, digital citizenship is part of the district’s computer curriculum from the sixth grade on, and will eventually be taught in Park Hill’s elementary schools as well. Sandt says the digital citizenship unit covers online media sites that the school district uses, such as Twitter and blogs, as well as those it doesn’t use, such as Facebook.

“If you think about it, digital citizenship and web safety are not mutually exclusive,” he says. “It’s critical that these lessons are intertwined with all technology lessons so that digital citizenship becomes commonplace.”

Sandt believes that much of social networking behavior is duplicated in the real world and can be addressed in the same way. Cyberbullying, for example, is no different from its physical counterpart, he says. He points to a Park Hill middle school anti-bullying program that he finds very effective. Although the program is not specific to social media, its effects spill over into the online world, in Sandt’s view. Such principles of courtesy, mutual respect, and civility exist on the web just as they do in person. “Harassment in the hallway is just the same as on a blog or Twitter,” Sandt says. “You can apply the same anti-bullying practices and policies to social media.”

The Park Hill program is modeled after the Olweus Bullying Prevention Program, adopted by many schools worldwide.

“I just spoke with some of our principals regarding their use of [the program] tied to social media, and they mentioned that they have students who will now report incidents that are happening on Facebook to the principal,” Sandt says. “The students will voluntarily come in and log in to Facebook to show principals what is being posted. While the district does not have control over what is happening outside schools, we still notify our parents so they can take action.”

Give ’Em a Good Education

Park Hill is on the right track with its emphasis on user education, most internet security professionals would say. While they champion the use of advanced technology, experts insist that an informed user is the best counterattack against security threats. One of the threats specific to social networking is manipulation. Social media users can easily be led into giving out sensitive personal information that can fall into the wrong hands. That’s a particular danger to children, according to Suzanne Magee, CEO and president of TechGuard Security, whose recently introduced PoliWall security appliances provide stringent application filtering for commercial enterprises.

“Kids have to be careful not to be lured into a false sense of security by someone posing as a student,” Magee says. “They may be asked questions like, ‘Where are your parents? Where do you keep your money?’ Formidable defenses have to be set up.”

For now, Magee believes that using firewalls to shut off access to specific sites may be the only foolproof way to ensure network and student safety: “In my view, blocking is a good thing until we’re able to come up with better [filtering] options for educational social networking. We may be globally connected, but we don’t need to be open to everyone all the time.”

However, even technologists will tell you that the first and best line of defense is the human element. “Parents and students and teachers must educate each other,” says Mary McCaffrey, CEO of SchoolCenter, a provider of web solutions and services for the K-12 market.

“An element of parenting and guardianship must take place; there’s no real substitute for that in the long run. We wouldn’t shy away from teaching our students about physical protection, but we don’t seem to know how to do that for the digital world. In another era, parents were aware of things their children did, such as drinking, coming home late, not getting homework done. Now, with technology in the home environment, there does need to be the same oversight and control.”



Fieldbrook Solutions:

M86 Security:

National Information Security Group:

National School Boards Association:

Olweus Bullying Prevention Program:

Project Tomorrow:


Schools United, The :


TeacherTube :

TechGuard Security:

This article originally appeared in the June / July 2010 issue of THE Journal.