How a Catholic high school secured its STEM learning environment.
GUEST COLUMN | by Kevin Sweeney
Network security is a tricky business. You’re walking a fine line between ensuring systems, information and people are secured from threats and making sure people can use the technology tools they need to do their jobs. It’s easy to put the digital equivalent of barbed wire, thick concrete walls and a moat around a network — it’s much more challenging to implement that level of security while maintaining easy access for verified users.
We are constantly updating and upgrading technology tools, software and classroom facilities to help students learn better.
Central Catholic High School walks that line every day. We have nearly 1,000 students, teachers and staff who need to use our wireless network on a daily basis. We have teachers showing online videos as part of classes, a floor of “Classrooms of the Future,” with technology heavily integrated to make teaching and learning easier, and we are currently building a dedicated STEM learning building on campus. We have a focus on and dedication to STEM learning because our students must be prepared for college and the world beyond.
And we have a very intelligent and technically-savvy student body. That means that they are not only interested in—and expecting—a secure wireless network, it also means they are pushing the boundaries. They are probing the network, looking for weaknesses. It’s not to do anything malicious—they just want to see if they can breach our defenses for “street cred.” It’s a different challenge than most organizations face. We are constantly on the lookout for both internal breaches and external breaches.
It hasn’t been easy, but we’ve found an integrated approach to network security that is working for our STEM-focused environment.
We started by getting to know our network. One of my axioms is that you can’t manage what you don’t know. We hired a vendor to do a complete network analysis that revealed various issues. Before this January, our wireless network was slow, dropping connections and pretty much useless. We had too much traffic and no insight into what was clogging the network. The network analysis showed us that there were wiring issues that were easily fixed (once we knew about them). We got rid of a bunch of security tools and consolidated with one Fortinet FortiGate next-generation firewall that combined a high-performance firewall with spam and web filtering and helps manage the quality of the network so we can ensure its speed. It also allows us to see what’s going on with the network so we can troubleshoot and close gates that are open.
Various students have tried to hack our network and they have not succeeded because we are able to see what they are doing. We can block the intrusion and we make a point of talking with them to tell them we saw what happened. Thus far, our security measures have done their job and protected our network, people and information.
That’s the security side, but we also use a variety of tools to manage network traffic. SolarWinds lets me see at a glance what’s happening on the network—the top 10 endpoints, top five apps, who is using bandwidth and what kind. If there is unusually high bandwidth usage, we can use the firewall to check it out and shut it down if needed. We use AirWatch to monitor iPad usage and Aerohive to manage wireless access points. All of that combined helps us keep the network secure and sensitive data safe.
We also set some standard procedures for network access. Students are allowed to bring their own laptops to use on campus but they must be checked out by the IT department before they are allowed to access the network. Devices must have antivirus installed—no exceptions. There are approved and unapproved websites on the school network and we must review and release an unapproved site before a teacher can use it in class, for example.
Another thing we’ve done is to harness student interest in IT by creating a mentorship program in the IT department. We’ve had a number of students take advantage of the opportunity to gain knowledge and experience they wouldn’t otherwise have. We teach them useful skills and they help us—being aware when something is going on with the network and also performing tech support in their classes if issues arise. It’s a win-win.
The benefits of all of this have been huge. There have been cost savings, of course, but more importantly there has been a reduction in the frustration students and teachers used to experience. People can actually use the wireless network and it just works. We are constantly updating and upgrading technology tools, software and classroom facilities to help students learn better. And our teachers really embrace and support these efforts, which is great. Their tireless energy and appreciation, along with the success of our students, makes it all worthwhile.
I firmly believe that you must solve the problem, not the symptom. If you just address a symptom, like students trying to hack the network, the problem will pop up again. If you address the problem, with an integrated approach to network management, security and student mentoring, the problem is solved.
Kevin Sweeney is Director of Information Technology at Central Catholic High School in Pittsburgh, PA. Write to: [email protected]