The incident involved a teacher at a San Diego-area high school who received an anonymous death threat from a student via his school e-mail account. Due to the life-threatening nature of the e-mail, and the fact that the student had imposed an actual date that the violence would occur, it was critical that the student be identified immediately and handled accordingly. The e-mail was forwarded to the high school's Network Technician, who then brought in Grant Gutstadt, the District's Security Administrator, to help him work the case.
Using data procured via the district's Enterprise Reporter, Gutstadt was able to obtain the exact time stamps of when the Yahoo user logged in and sent the threatening e-mail in question, and the internal IP address of the Cisco content engine through which the sender was connected. From corresponding log information in the Cisco caching engine, the specific Yahoo user's host IP address was obtained. A network scan of the IP address revealed it was online and fingerprinting identified the configuration as likely a student computer. With its subnet belonging to one of the site's internal wireless networks, the search focused on one of ten computers currently in use in that class. "Our Enterprise Reporter was key in collecting the exact data we needed in a very short amount of time. Within 24 hours the information procured helped narrow the number of suspected students to less than a dozen," Gutstadt explained.
Armed with the data Gutstadt was able to collect using the 8e6 Enterprise Reporter, the site technician was able to isolate the exact computer used to e-mail the death threat. Under the supervision of a police officer, the specific computer in question was identified by matching the wireless network card's MAC address to the information provided by Gutstadt. Finally, by using the physical computer checkout records from the day and time the e-mail was sent, the site technician was able to identify the student to whom that machine was checked out that day. The suspected student was then apprehended and arrested, and will be legally punished accordingly.
"Our Enterprise Reporter server has provided us important data on critical occasions such as this one, which is invaluable to any school system," Gutstadt said. "With more than 50,000 users, 8e6's solutions afford us excellent protection for students and staff, and allow us to maintain a single policy across our 200 school sites. This simplifies our support needs and we are able to allocate our resources - which are always in short supply - to other critical support needs."
"Fortunately these kinds of incidents don't happen very often at this particular school, but with violence in schools being an ongoing issue throughout the U.S., it is important for schools to take the proper precautions and be prepared to react quickly when these situations arise. All schools should have a solution in place like the Enterprise Reporter, which was the critical element in preventing a potentially fatal tragedy at our school," Gutstadt added.
San Diego City Schools serve approximately 136,000 students. It is the second largest district in California, and eighth largest urban district in the United States. The district's mission is to improve student achievement by supporting teaching and learning in the classroom.
