Education networks - a conundrum of connectivity and security

Greg Kovich
October 23, 2018

As BYOD becomes a reality on campus, a multi-layered strategy that secures networks from within is key to protecting data and devices.

It’s a digital explosion of devices and things, and it’s happening all around us. The question is, are you ready for it?

In recent years, the education sector has become not just a target, but rather a lucrative target, for nefarious network activity. Tens of thousands of students, staff and network administrators have been put on high alert, and institutions have been disrupted due to threats as extreme as a murder, or exorbitant demands for ransoms.

The sheer number of devices that flood a campus network on any given day can overwhelm most IT departments. Plugging the holes of vulnerability and devising new methods to protect against attacks from hackers and outsmart criminals is a full-time job.

Man holding phone with cyber-security app for blog

One of the reasons that cyber attackers target schools is that the networks are easy to crack. In fact, school districts often set up wireless systems to make connecting easy for students. Unfortunately, it also makes it easy for those with bad intentions. With free Wi-Fi in school buildings and students glued to their devices, there are thousands of opportunities for hackers to gain access to school networks.

And, if deliberate malicious attacks are not enough to deal with, what about the unwitting student who finds a USB drive left on a desk in the school library and plugs it into a computer unleashing a virus that takes down the school’s network. These are the realities faced by network administrators every single day.

Tackling the security challenge

Where do you even start? Well, it starts with an institution-wide security strategy. Most institutions have adopted the best practice advice of ‘defense in depth’ – meaning that there are multiple security layers which persons of ill intent would have to thwart.  In the era of GDPR, defense in depth has been expanded to mean securing both data and devices. It’s no longer about just setting up a firewall to protect a campus from exterior threats at the network perimeter and between servers. It’s about having a multi-layered strategy that protects the network from within by creating policies and procedures at the user, device and application layers.

IoT containment is one example where you can create virtual and segregated environments. These environments are known as ‘containers’, and exist within a single converged network. With IoT containment, specific connected devices can be isolated and managed using a set of policies. This strategy lets you group together a common set of devices, which only a defined group of users and servers can interface.

One example of this strategy would be in a college campus environment where only authorized security staff could access the IP security cameras. The cameras would be grouped in a ‘container’ and only able to communicate with the application that controls them. Defining a specific set of cameras in the group to only transmit video data would protect them, and prevent them from sending unexpected data, in the event of a compromised camera. Policy management lets IT staff see the complete network, which gives them the power to restrict or limit the privileges of devices and users to prevent deployment of unauthorized devices. You may recall the 2016 DDoS attack on the DNS provider DYN – if the compromised IoT devices had been containerized, the attack would not have happened. As you can imagine, this containment strategy is quickly being adopted to ensure a cybersecure network.

Are you ready?

So what happened when the student plugged that wayward USB into the library computer? Well, it would depend on the network equipment. Some network devices can automatically detect known threats and isolate or quarantine them.  Even if your equipment doesn’t have those features, with defense in depth, eventually your IPS, IDS, NMS or Firewall will detect the anomalous traffic and alert you.

The reality is that students are going to continue to bring their devices and the campus network is going to continue to increase the number of devices and things that need to be managed. The good news is, a solid security strategy that creates policies and procedures at the user, the device and the application layers are ready to take on today’s security challenges.

Learn more about how the education sector is digitally transforming to ensure a secure environment for students, staff, devices and things. Visit: http://onf2.gxitma.net/en/company/news/ale-expands-its-mobile-campus-solution

Greg Kovich

Greg Kovich

Global Sales Lead, Education Vertical

Greg Kovich leads global sales for ALE’s Education vertical.  Greg has overseen or created several Education solutions including “The Fundamentals of Communications” – a vendor neutral course on digital network communications; “Safe Campus” – a solution uniting emergency alerts with first responder collaboration and mass notification; “Secure Campus” – a solution that allows instructors to limit student network access to determined sites; and “Pandemic Education Continuity” – a solution that enables classroom instruction in the event the institution is closed due to health or environmental crisis. 

He is a 1992 graduate of Indiana University with over 20 yrs experience in Information Technology.

About the author

Latest Blogs

NIS2 EU Cybersecurity Directive: EU-wide legislation.
Security

NIS 2: ALE takes action on cybersecurity

ALE implements effective measures to protect critical operations and ensure compliance with EU cybersecurity regulations.

a man and a woman looking at a phone
Digital Age Networking

Preparing for Wi-Fi 7: Five Key Steps for a Smooth Transiti…

Is your network ready for Wi-Fi 7? Here are five steps to help prepare.

woman using mobile phone with tall buildings in the background
Government

Creating a better world through sustainable architecture

Smart buildings use IoT, OT and IT to minimize environmental impact and make our lives more convenient and pleasant.

a person holding a phone
Rainbow

How certifications create transparency and protect your data

Certifications are good indicators to understand how your data will be protected

Chat