Network Security


Network Security represents one of the most essential features of a school network. The majority of the users in a school are students. Much of the data shared on a network are student personal and academic records. These files need to be protected. It is therefore essential that a computer network be deemed secure. Securing a school network may seem like a daunting task, but there are many tools and applications available to help ensure appropriate levels of security. There are many aspects to consider when securing a school network, but perhaps the most important area to focus on is a school's connection to the outside world. Network administrators must strive to find a balance between keeping students and their information secure, while allowing enough freedom for students to explore educational resources. Three applications that help fine tune this balance are firewalls, network intrusion detection systems, and anti-malware programs.

This section will be divided into 3 major categories. Within these sections, network security programs will be discussed.

  • Firewalls

  • Network Intrusion Detection Systems

  • Malware Detection and Removal

Firewalls

A school network must have a firewall in order to protect files from external threats. You can think of a firewall as a traffic cop. It controls what type of information is allowed to enter or leave a network. More specifically, a firewall inspects packets of information to determine where it is from, where it is going, and sometimes even what it holds in order to "decide" whether to let the information through or not. By blocking known vulnerabilities, a firewall reduces a network's exposure to the internet. (Fryer)


A firewall performs several functions in order to succeed in protecting a network from unwanted intrusions. First, it must hide the IP addresses of the network systems from the Internet by using Network Address Translation (NAT). This prevents a hacker from obtaining a real IP address and thus finding vulnerabilities. Next, a firewall allows for port filtering, or port blocking. This is important because it prevents packets from moving through ports other than the ones chosen by the system administrator. Without this measure in place, a hacker could exploit open ports to enter the network. Packet filtering works in a similar fashion to port filtering, except in this case packets are blocked based on their IP addresses. Lastly, MAC filtering is used by some firewalls in order to allow or deny access to the network based on the MAC address of the client. (Myers, 469)

Network Intrusion Detection Systems


Network intrusion detection systems (IDS) are used to detect if something managed to intrude a network. You can think of this type of application as a detective because it inspects incoming packets, looking for active intrusions. These intrusion detection systems use sensors that target questionable packets by forwarding them with an alert message to a server which logs them and analyzes them for trends that could become potential security threats. (Schaelicke et. al.) Intrusion detection systems usually use port mirroring on a network switch to send a copy of network packets seen on one port to the sensor on another port. There are two tools that are used by an IDS: network based or host based. A network-based IDS is set up with several sensors placed around the network, often alongside the gateway router. These sensors then report to a central application that will detect anything that could be potentially dangerous. A host-based IDS runs on individual systems. This software monitors system file modifications as well as registry changes. IDS is a key player in securing a network because it actively stands on guard protecting the network 24 hours a day. (Myers, 329)


Malware Detection and Removal Tools


Malware includes a range of programs/codes that are made to do something to a system or network that you do not want to have happen. If we continue with our metaphors from above, you could think of malware as the burglar because it intrudes and often wreaks havoc on a system or even a network. There are several types of malware that system administrators should be acquainted with. A virus is a common example of malware; it copies itself and activates. Upon activation a number of things can happen depending on what the virus is written to do, however, they often damage a system. A worm is similar, except that it replicates through networks. This is especially dangerous because it can spread to many systems very quickly. A Trojan is a type of malware that acts as if it is made to do one thing while it instead performs an undesirable function in an infected computer. Adware is designed to monitor what types of websites a user frequents and then uses that knowledge to generate targeted advertisements. Spyware is even worse than adware because it sends information about your system over the Internet. All of these nasty things that fall under the heading of "malware" need to be combated in order to ensure that a network is secure. Systems should run anti-malware programs in order to detect and erase any malware that may be encountered. Keeping such systems up to date, as well as training all users to recognize suspicious code are important things to keep in mind while implementing anti-malware programs. (Myers, 460)

There are many measures that a network administrator must put in place in order to ensure that a network is operating securely. Setting firewalls, implementing intrusion detection systems, and running anti-malware programs are three major aspects to consider when securing a network.

About Us

We are a group of current or aspiring teachers currently studying at Pace University in Westchester County in New York State.



Research Sources

Fyer, A. W. (2003). A Beginner's Guide to School Security. Retrieved February, 16, 2010 from http://www.techlearning.com/article/13824

This article by Fyer is a beginners guide to school security and the necessary steps that need to be taken by a network administrator to secure a school's network, files, and firewall, etc.


Myers, M. (2009). Managing and Troubleshooting Networks.

This is the book we used during on Troubleshooting Network course (TS643) at Pace University. This book includes an entire chapter on Network Security and is continually discussed throughout the whole book.


Schaelicke, L. et al. Characterizing the Performance of Network Intrusion Detection Sensors. Retrieved April, 12, 2010.

This article discusses Network Intrusion Detection sensors and specifically what they do and why they are important to securing a network.

Ad-Aware by Lavasoft

Lavasoft has developed a great anti-malware application that removes spyware and adware off of a client's computer. Free, PLUS, and PRO versions are available.

Spybot- Search and Destroy

Spybot- Search and Destroy is an excellent free application for use to elminate spyware that shares your information on the internet without your permission.

Understanding Windows Firewall

Windows Firewall is a protective boundary that monitors and restricts information that travels between your computer and a network or the Internet. This sit provides the reader with a good base knowledge of Windows Firewall and firewalls in general.

Creating Intrusion Detection Signatures Using Honeypots

This article describes a system for automated generation of attack signatures for network intrusion detection systems.