Files from Home - Firewalls, Viruses & Student Work

Posted by Dirk D Dykstra at 10/10/2005 5:34 PM
Categories: Information Technology, Student Work, Instructional Technology
A Colleague's Comments:

How do you secure the network if you allow students access at home? In my district, we have a firewall, filter, and network antivirus/spam. How do you keep students from uploading games, executables, mp3 and other such files and bringing them into the district? Even if I disallowed say, zip files, they are smart enough to figure out they can rename the file and upload it. Last year a mutated network worm crippled us for more than a month. It was awful. The only way to get rid of it totally is to re-image each and every machine, which I am still working on. It was thought this worm was brought into the district via music downloads. I am very afraid this will happen again. How do you stay secure?


My Comments:

All the firewalls, Internet and network security that most districts have are worthless if they allow students access to computers with floppy drives and cd-rom drives. (Actually this applies at all businesses and with all staff, guests, students, etc.) Most of the viruses brought into school districts are on the students' disks. They can copy files to diskettes or burn cds and bring them in with all sorts of garbage. If your district allows students to use diskettes or cds from at home to bring their work to school, then your firewall has already been bypassed. The only thing protecting you is the anti-virus on your desktops and servers.

 
Since students need to bring work from at home, it is safer if it comes in over the network. I can watch the anti-virus updates on the servers and make sure they are updated easier than I can watch all the computers in all of the classrooms. (Although you know we all try.) So that makes the uploads to a separate student server easier to manage than file copies on all sorts of desktops.
 
You are correct about how dangerous things are. So, I keep images of almost all of my computers ready to go. With the Novell Zenworks imaging I can PXE boot a computer directly to the network and download an image to the computer as fast as it will transfer. (Almost all of the imaging products allow this.) I sometimes listen to techs talk about how they spent hours recovering a desktop computer from a virus attack. I try to avoid that - if I think the computer was attacked and that serious damage occurred, I take it off the network and wipe it out. Then I reboot and image. Quick, safe and easy.
 
Of course that only works if people use the network to store their work. By encouraging them to transfer files between home and work using the Internet I am also having them use the network to store their files. Since they are usually inclined to do the easiest ...
 
Now to the spread of nasty viruses. I have dealt with that before also. At one of the districts I worked at we were hit hard and budgets only allowed us the basic desktop anti-virus. When we recognized the problem I had the techs unplug the switches on the campuses. No more spread after that. With a couple of switches in hand and laptops we found out where our "bad" computers were and unhooked them from the network. In hours we had all the critical workstations and servers back up, in a day all the servers, and in a couple of days everything. We had almost 1000 computers and servers to deal with. The hard part was getting permission to take things down. Two weeks later when other districts in our area were still down my boss was very happy with his decision.
 
I hope that helps.
Dirk D Dykstra
 
Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Enter the above security code (required)

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.