Hacking

Readin’, Writin’ and Web 2.0

The enhanced degree of communication that Web 2.0 utilities enable is changing the corporate world, for good or for ill, as enterprises decide whether to reject or embrace concepts like wikis, blogs, social networks and video-sharing. The trend has touched the academic world in similar ways.

Web 2.0 utilities have raised concerns about security in nearly all IT fields, and educational institutions are no exception. “The biggest worries schools have are hackers getting into the Web site,” Steve Yin, vice president of global marketing and sales for Web security appliance firm St. Bernard, told TechNewsWorld.

For example, consider the experience of Ken Pappas, vice president of marketing and security strategist for Top Layer Networks. He observed this hacking mentality firsthand when he recently took his son to college to start his freshman year. When they entered the dorm room, his son’s new roommate was working on a computer.

“Obviously being interested in computers, I asked the student what he was working on. The kid replied that he was hacking into the finance office computer so he could mark his tuition account as paid,” Pappas told TechNewsworld.

He sometimes hears similar tales from campus IT chiefs. They see the biggest spikes in hacking attempts occurring in the few weeks before classes start, he said.

“It’s a nightmare. The new Web 2.0 apps are giving students more ways to get in,” Pappas warned.

“Part of the challenge is [that] the kids in one school [will] take down the networks of other schools — it’s like having a snow day to them. Schools have become so dependent on technology to run the office and deliver instruction in the classroom. Taking down the networks is equivalent to removing the cash registers from Wal-Marts. Without the technology, people can’t function,” said Pappas.

Bandwidth Load

The use of Web 2.0 applications like online video is also straining bandwidth limits.

A study conducted by St. Bernard found that 44 percent of schools anticipate a growth in bandwidth demand over the next year, with 15 percent expecting an increase of greater than 50 Mbps (megabits per second).

Their figures show that 66 percent of educational institutions saw an increase in online video viewing in the past year, with 47 percent noting the activity doubled. In addition, 44 percent anticipate a growing enrollment, and 89 percent saw as much as a 15 percent increase in enrollment over the past two years.

As capacity rises and streaming media becomes a more integral part of the learning process, schools need effective solutions to match their needs, the researchers concluded. Solutions include preventing network slowdown or overload that can result in a loss of productivity associated with inappropriate online activity.

Rather than creating entirely new security issues, Yin said, Web 2.0 is accentuating existing concerns.

“These include the introduction of malware, the need for effective gateway controls, and bandwidth consumption. We are seeing [a] significant increase in Web 2.0 coming into the schools. These new uses are straining all hardware with bottlenecks. The peaks in demand raise concerns that school networks cannot handle the traffic. Schools have to re-evaluate their networks,” Yin said.

Pushing the Limit

Indeed, the rise in popularity of Web 2.0 applications is presenting new challenges to school IT managers. It’s not just a matter of students using video-sharing and social-networking sites in schools. Teachers have also demanded new types of access privileges.

Jim Culbert, information security analyst for Duval County Public Schools in Jacksonville, Fla., is receiving new access requests from teachers blogging and communicating with their students both in and out of school.

Additionally, teachers now want to do podcasting, he said.

“All of this we didn’t traditionally let them do because of security and bandwidth concerns,” Culbert told TechNewsWorld. “We’ve had to relax our posture to let them all have access. This presents us with an interesting challenge. I can’t say ‘no’ anymore.”

Giving access to these Web 2.0 applications is causing a stir among IT managers and the administration that has to pay the bills. Many school networks are running out of bandwidth.

“At this point, the sense we get from school IT administrators is they are constantly fighting bandwidth,” Yin said.

The use of devices like smartphones further exacerbates some problems associated with increased use of Web 2.0 in schools.

“The growing issue is what should IT managers do with smartphone and related devices,” Dan Dearing, vice president of marketing and product management for Trust Digital, told TechNewsWorld. “When these devices are used, IT doesn’t know it is happening. It presents new issues to us. These devices can be lost and other users have more readily available access. The smartphone has become a (US)$79 laptop.”

Security risks surrounding smartphones are similar to those surrounding laptops. Users can still hack into school networks. Bluetooth access and non-secured WiFi create other entryways.

What to Do

If they haven’t already, school administrators may soon have to make tough decisions on how to allocate network resources. Instructional uses for Web 2.0 may have to meet stricter guidelines.

“We need to push teachers to use educationally sound Web sites rather than blogging sites,” Culbert said. “It is very difficult to separate the good from the bad on these popular general-use Web sites.”

Web 2.0 is also forcing school IT managers to reassess security. Social networking — often a big part of Web 2.0 in the classroom — also offers more chances for students to abuse acceptable use rules.

“Teachers don’t realize that, ultimately, the school district is responsible for any abuses that occur. Teachers have to share that responsibility [for] what their students access in school,” warned Culbert.

New Options

Web-filtering appliances allow IT managers to set policies regarding who can access what at difference times of the day and night. Tools like St. Bernard’s iPrism also can handle antivirus operations and other challenging tasks. Similarly, Trust Digital’s solutions give school IT managers the ability to encrypt data, wipe devices if they’re lost, and restrict the use of programs on the network from those devices.

“Schools have to be current with their use of security technology. One of the biggest mistakes IT people at schools make is putting all their security on the perimeter. Over the last few years, we are seeing spikes inside the networks. Now IT has to harden the network data center — even from its own users,” suggested Top Layer’s Pappas.

School IT managers should follow a four-step plan to combat the latest threats Web 2.0 brings to school networks, according to Pappas:

  1. Don’t rely on any single technology solution. Use various approaches to create a multilayer security plan. Don’t think just about securing the perimeter.
  2. Deploy an intrusion prevention system (IPS) deep into the network.
  3. Use network admission control (NAC). This is perhaps one of the most critical things to do. It allows IT to set up policies for users, control the types of applications that can access the network, restrict certain activities to set times of the day or night, etc.
  4. Use multiple firewalls. For instance, IPS solutions have their own firewalls that work independently of other perimeter firewalls.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Hacking

Technewsworld Channels