School districts across the nation, such as San Dimas High School (CA), Fulton High School(MO), and Comack Union Free High School (NY) have been hacked by their very own students in the past year, which tells us that when it comes to school network security, we need to protect our servers from threats on the inside.
Distributed denial of service (DDoS) attacks are plaguing districts with increasing frequency. For the sake of pure mischief, these attacks saturate servers with so many external communications requests that they can’t respond to legitimate school traffic, such as teachers trying to access online grades or email. These attacks can range from a slight annoyance, such as the single student who brought down Fulton High School’s network for a few hours, to downright disastrous, such as the month-long network shut down at Community Unit School District 303 in Illinois. The scary part is it only took two high school students and their smartphones to launch this devastating attack on the school’s network.
So how do we prevent our networks from becoming liable to DDoS attacks and our most connivingly tech-savvy students?
Teachers aren’t always aware that they can open doors to security risks when they log into school’s network while students are around. Even more dangerous, as teachers access different web apps on the school network throughout the day, it is not unusual for teachers to leave some or all of their accounts logged in at the end of the day.
Properly signing off of each account goes a long way to protect the school network server and database. Allowing the IT department to implement a privacy protocol is a very effective first step towards ensuring digital security, as long as it’s followed by rigorously educating staff on what that protocol is.
Are there more technologically-offensive approaches to preventing DDoS attacks?
- Disruptions are rendered short-lived if a district has a software protocol that shifts unwanted inbound traffic to a separate IP address.
- Intrusion detection software can alert IT staff, who can then shut down DDoS attacks before they cause more disruption.
- Having two data centers is also a foolproof way to sidetrack DDoS attacks. If the first data center becomes flooded with unwanted traffic, IT can switch all users to the second one so that network access can continue uninterruptedly for other school staff.
- Although currently at a very high cost, DDoS-mitigation software automatically shuts down attacks without the second step of manual intervention.
- Storing files in a secure cloud and preventing school staff from downloading files onto personal devices can go a long way to protect sensitive data – as long as staff are taking all the necessary precautions to protect login data. This includes changing passwords frequently, keeping passwords complex, never sharing passwords, and logging off of all accounts when leaving a device.
- Narrowing the amount of authorized personnel from accessing certain information minimizes risk. This can happen on various levels, such as barring almost all school staff members from accessing social security numbers, and limiting teachers’ access to their own students’ information rather than the entire student body.
- IAM (Identity and Access Management) technology lets users access online resources with a single sign-on that meets district security policies. IAM also puts tighter controls in the hands of IT staff. This includes automating when accounts, resources and certain operations should be blocked.