Smart Spider

One school system solved its problem of remotely monitoring network security.

by / November 6, 2006
Security patches appear and change more quickly than many network managers can follow. With young users and hundreds of employees, public schools' IT systems are particularly vulnerable to security problems.

To address these concerns, the DeKalb County, Ga., School System implemented a remote management security application for all computers in the district's 140 schools. Rather than manually patch school PCs and laptops as needed, DeKalb County schools use Securiant's Spider Integrated Security Appliance (SpiderISA).

Unique Needs
DeKalb County schools upgraded its wide area network, and in July 2006, the new network replaced a frame relay service to accommodate the changing technology needs of students and school employees.

Although the network upgrade gave students better access to information, it also spurred new risks.

"Schools worry about protecting students from the Internet," said Scott Pinzon, editor in chief of Watchguard's LiveSecurity Service in Seattle. He cited peer-to-peer file sharing as a major security concern and a threat to bandwidth. Kids love peer-to-peer software, he said, and up to 50 percent of the software they download have Trojans or spyware attached.

"Drive-by downloads [inadvertent downloads] contain malicious code, attacking vulnerabilities in your Web browser," Pinzon continued. "These [peer-to-peer] sites end up being the red light district of the Internet. Many of the high-school kids tend to visit those sites without knowing they are installing malware on school computers."

Corey Nachreiner, network security analyst for Watchguard's LiveSecurity Service, agreed. "You're offering the school network to kids so they can search for information," he said, "but on the flip side, especially in the lower grades, you are also dealing with kids who are naive and curious. Those together can make a dangerous pair."

In addition to worrying about a young and vulnerable population, schools have other unique attributes that dictate their IT security needs. Pinzon explained that schools typically make computer purchases as funds become available, leading to a disjointed network of PCs of varying brands and models. "Many times in school environments," he said, "networks grow organically over time as they buy computers in clusters, with mixed environments, and what students need might differ from what the administrator uses."

Prior to summer 2006, DeKalb County schools' technology department manually downloaded and installed patches on every computer, one at a time -- a time-consuming and inefficient approach to network security.

"We implemented SpiderISA to provide better overall security in the network," said Tony Hunter, director of Management Information Systems at DeKalb County schools. The county schools' technology department has four employees for whom keeping all school computers patched and secure was an overwhelming task. In all, the county's schools have 30,000 PCs, including those used at family technology resource centers.

"We needed a way to identify potential intrusions on our network, and also needed to be able to scan devices when they came into our environment, and this device does both," Hunter said, adding that virus software running on each new computer is automatically updated, which is important for the laptops people take home.

"We also had situations when people came in with their own laptop from home, not a school-issued computer," Hunter said, adding that these machines often brought spyware and outside programs with them. "They would plug into the network, and we had no way to ensure security."

Everywhere at Once
SpiderISA is an integrated security tool that protects network infrastructures, and DeKalb schools deployed 158 of the appliances from Securiant. The school system uses this tool to address widespread security issues, such as worms, Trojans and inappropriate Internet use, and programs downloaded by employees and introduced from outside computers.

SpiderISA reports unauthorized use, spyware intrusion and other security issues to a centralized security office. The appliance gathers basic security data information -- when a computer first logged on, how long it's been on the network, which applications are running -- and checks for the patch levels to make sure they are up to date. "We do a virus scan on every new device that comes in," Hunter said. SpiderISA also automatically scans any computing device that returns to a campus for recently installed software -- including spyware or similar malicious software.

All computers are checked before they are attached to the network, Hunter said. "It looks for any virus software running on the computer. If it's not at the latest patch level, it's quarantined and not allowed on the LAN."

SpiderISA was rolled out at the end of the 2005-2006 school year, and has had some positive effects on the schools' network. "We now have a central infrastructure and security Web department," he said. "The tool saves us a lot in terms of manpower and visibility." After the start of the new school year, he expects more opportunities to evaluate the appliance's impact on overall security and identify possible cost savings.

Don't Patch, Re-Engineer
Richard Campbell, founder of Securiant, developed the product to address growing security concerns. "We've built a platform specifically designed for the mid-size organization," he said. "We've integrated about 12 different security features into a single platform, which helps schools get away from the problem of buying different products from different vendors."

Mid-size organizations don't have time or resources to manage complex security needs, Campbell added. "Usually they have to deploy and manage a number of security products, and pay annual maintenance."

Campbell said the SpiderISA is versatile and comprehensive, and while technology departments might initially only run a few of its available features, the management interface and training will be the same, regardless of how the tool is used -- whether to protect students or prevent spam from coming in.

SpiderISA automatically detects each device connected to the network. "With that information, modules automatically monitor the traffic and track things in the network hour to hour, week to week," said Campbell. "You put it in, configure it and go."

Campbell compared the DeKalb County schools' network to an in-home alarm system. "When you get ready to leave your house in the morning, you punch a couple of buttons, and your entire home is protected using many different sensors. The way security is today, and typically in school networks, it's as if all those individual sensors have a different control panel. That is frustrating and confusing." Instead, the SpiderISA tool integrates all computers on a network.

Campbell provided a real-life example from another school district, where worms were wreaking havoc. "They brought in two vendors to fix the problem, and after two weeks, the vendors gave up and said computers needed to be manually patched. That was impractical," he said. "We brought one Spider with us and it took us about 45 minutes to identify all the computers on the network and another hour to fix the problem."