Dakota State Univerity

Network Security at the K-12 Level

Network security at the K-12 level is becoming increasingly important, as more and more teachers, administrators and school staff use computer networks to store tests, grades, disciplinary action, and payroll. According to Matt Gowen, in Florida authorities said that five high school students used a computer virus to get into a school’s network and invade teacher and student files. The students had been at it for three months until the school’s technical support personnel who were upgrading the school’s protective software discovered the virus. The students deleted grade files and found exams in teacher files. All students faced felony charges for crimes involving computers and for crimes against computer users. An example like this shows us how network security is extremely important in the K-12 environment.

According to Palmer, the security aspects of Windows 2000 Server are contained in the Active Directory. There are different levels of security in Windows 2000 Server. The account logon security involves making sure that the computers that access network severs have an established account to be authorized to be on the network. This is what happens when a person types in their login name and password and the computer checks to see if that matches an established account. The object security involves providing a list of the accounts that can have access to a particular object, which could be a shared folder or a printer. It also involves the type of access that is permitted by the account, whether it be read or full control. Object owners, the user account that creates the object, have full control when the object is first created. The services security provides access to specific accounts and defines the extent of the access.

As Palmer states, "The first line of defense for Windows 2000 Server is password security, but it is only effective if users are taught to use it properly." So many times teachers make up passwords that are for student hackers to figure out, such as the name of a family member, their birthday, favorite sport, etc… Some teachers have their passwords inside a desk drawer or even out in their open by their workstation. Network administrators have the option of using some Windows 2000 built-in features to make people more conscious of password security. Administrators can put on a minimum length requirement, a password expiration period, and account lockout. The minimum length requirement makes it harder for people to put in a short password that would be easily guessed by someone trying to gain access to a specific user account. The password expiration period makes users change their password on a regular basis, such as monthly. By changing their password monthly, users should become more aware of how important it is to keep their password confidential. Account lockout is set up so users will not be allowed on the network for a set period of time after a certain number of unsuccessful login attempts. This prevents people who are trying to guess a users password more than just a few tries before network services to that computer will be disabled for a specific amount of time, such as thirty minutes.

Accessibility is a big key to setting up a network. Allowing the right people to have access to the appropriate areas takes planning. Sometimes certain people have too much access and at other times some people have too little of access. In an article by John Woolfolk, in 1999 at a private honors high school in Santa Cruz, California, a student got into the schools network and erased all of its files. The student had been expelled from the high school for poor grades and had got access to the server over the Internet through a computer lab in his new school. The students at the honors high school were given access on the server to create their own websites. In the article it did not disclose how the student got enough access to delete file. He may have figured out the administrator’s password or the network administrator did not set up the correct permissions for the groups of students to do their web publishing. According to Palmer, a permission is the privilege to access and manipulate resource objects, such as folders and printer.

A quick way of setting up security privileges in Window’s 2000 Server is to set up groups that users get assigned to. Specific groups need enough access to certain network areas to make the network useful. If a group student does not have the ability to gain access to certain programs and files that they need to use for classes, having a network in a K-12 environment is useless. Allowing the group of users too much access can cause many headaches, as students can sabotage the system. Network administrators must be careful in setting up groups and assigning the appropriate privileges.

In conclusion, a network is only as secure as its least secure user. Network administrators must plan for possible security problems and train users on appropriate use of passwords, as the system may be corrupted if they don’t follow appropriate procedures. Without the appropriate forethought, a network is doomed for problems and possible breaches of security.

Bibliography

Gowen, M. (1999). Five arrested for hacking into high school system. [Online]. Available:
        http://www.infowar.com/index.shtml?http://www.infowar.com/hacker/99/hack_052899a_j.shtml.

Palmer, M. J. (2000). MSCE guide to Microsoft Windows 2000 Server. Cambridge, MA: Thomson Learning.

Woolfolk, J. (1999). Teen hacker erased school files, police say. [Online]. Available:             
        http://www.mercurycenter.com/svtech/news/indepth/docs/078400.htm.