IT Infrastructure

Attacks on Web Sites Put Technology Officials on Alert

By Andrew Trotter — February 23, 2000 5 min read
  • Save to favorites
  • Print

The tremor of fear that rippled through the “dot-com” community this month after computer hackers attacked and shut down several popular commercial Web sites also buffeted officials who watch over school data networks.

“I certainly asked my network expert about it,” said Lee G. Peters, the superintendent of the Onandaga Board of Cooperative Educational Services, an agency in Syracuse, N.Y., that provides data services to more than 50 area school districts.

The attacks were carried out by individuals who used the Internet and some commonly available software tools to gain access to computers at various organizations, including at least two U.S. universities. The hackers instructed the computers to bombard the World Wide Web sites with bogus requests for information, overloading their systems to the point of temporary collapse.

The incidents have raised concerns that school district computers linked to the Internet could be used to create mischief in the same way, or that similar attacks could be launched against school Web servers.

“School districts are in the same state of unpreparedness as businesses, but only worse. They have a fence without a lock on the gate,” said Winn Schwartau, the president of Interpact Inc., a security-awareness consulting firm in Seminole, Fla.

“It’s a wake-up call to educational institutions,” said Allison Taylor, the director of marketing at PGP Security, a division of Network Associates, in Santa Clara, Calif.

Constant Assaults

School data networks already face constant low-level assaults by hackers, Mr. Peters said.

“We average 20 attempted attacks a month,” he said. “They come from all over,” including Europe.

To date, no one has been able to crack Onandaga’s system without an official identification number, Mr. Peters said.

But in August, the system suffered a major breach when someone who had stolen a legitimate ID number and password logged on and altered data records.

The changes were detected after teachers at Ithaca High School noticed vulgar language appearing in the teacher-comment section of student report cards. From an outside computer, the intruder changed more than 1,000 records, including students’ grades and possibly some health records, officials said.

Last week, New York state troopers arrested a suspect in the case, a 17-year-old Ithaca boy who dropped out of school.

School Web sites have also become a frequent target for electronic graffiti artists, several administrators said.

The Rockford, Ill., school district’s site was defaced last April, said Jim Jennings, the district’s communications director and “webmaster.” A student whom Mr. Jennings called “a bright young man with too much time on his hands” got into the district Web server and changed about a dozen Web pages.

Since that incident, the 27,000-student district has added security equipment and made sure that all ports, or entry points, that can be used to change data on the server are closed unless they are needed for a legitimate purpose, Mr. Jennings said.

Increasingly Vulnerable

For now, most districts are probably less likely than businesses to be struck by the massive “denial of service” assaults that temporarily crippled the Web sites of Yahoo!, CNN, eBay, and Amazon.

That’s because online retailers depend on Web servers much more than schools do, school computer experts say.

But schools’ vulnerability will grow as they link more computers and networks to the Internet and move more functions to their Web sites, the experts add. “The whole idea is to make sure you make information available 24-7"—meaning round-the-clock, all week long—"and to make sure you receive information,” Mr. Jennings said. “We’ve got hits from all over the world on our programs and [class] reunions.”

In other districts, Web-based information systems already have become vital.

Bob Moore, the director of information and technology in the Blue Valley district in Overland Park, Kan., said his district’s network distributes to staff members sensitive information that would be sorely missed if it were unavailable because of a hacker attack.

“Many of our students have to take medications throughout day and have serious health conditions. All that information is on the computer system, and a nurse and other key people in the system have to have access to it on demand,” Mr. Moore said. Another feature gives school personnel immediate information about who is authorized to pick up a child from school.

“People tend to think of personnel information and grades [being on the school network], but you get into real safety, health, and legal issues,” he said.

While school districts have been expanding their data networks and linking them to the Internet, many have not made matching upgrades to security, experts say.

The level of data security “vastly differs from district to district,” Ms. Taylor of PGP Security said. Though districts place a higher priority on data security and planning than the business sector does, she said, “the challenge in the education sector is the budgetary constraints.”

Layered Approach

A “firewall,” which selectively blocks communication between the network server and the Internet or computers on the network, is the first line of defense against hackers.

But districts shouldn’t rest easy just because they have one, Mr. Schwartau, of Interpact, said. “People say they think they have a firewall and are safe. That’s one of the most naive things they could say,” he said. “There are so many ways to get around it, so many hacks.”

The best defense is to wrap the network in layers, Ms. Taylor said. That way, a hacking technique that penetrates one defensive layer may be caught by the second layer, or the third.

Unfortunately, Ms. Taylor said, districts tend to omit some layers when their budgets are tight.

School districts generally first buy anti-virus software, then invest in firewalls for their networks, she said. But they usually omit what is termed “active security,” a system that orchestrates a whole range of security measures in an automatic response to attacks. Such a system, which Ms. Taylor described as “high end,” would shut down communication with an external computer—or seal off a group of internal computers—if it detected an attack.

Equally important to the technical tools, experts emphasize, are the human tasks of planning the level of access to be allowed eacsh type of user of the system, teaching users not to give out passwords, and supervising and updating the security system regularly.

Related Tags:

A version of this article appeared in the February 23, 2000 edition of Education Week as Attacks on Web Sites Put Technology Officials on Alert

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Well-Being Webinar
A Whole Child Approach to Supporting Positive Student Behavior 
To improve student behavior, it’s important to look at the root causes. Social-emotional learning may play a preventative role.

A whole child approach can proactively support positive student behaviors.

Join this webinar to learn how.
Content provided by Panorama
Recruitment & Retention Live Online Discussion A Seat at the Table: Why Retaining Education Leaders of Color Is Key for Student Success
Today, in the United States roughly 53 percent of our public school students are young people of color, while approximately 80 percent of the educators who lead their classrooms, schools, and districts are white. Racial
Jobs January 2022 Virtual Career Fair for Teachers and K-12 Staff
Find teaching jobs and other jobs in K-12 education at the EdWeek Top School Jobs virtual career fair.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure Privacy Group Cautions Schools on Technology That Flags Children at Risk of Self-Harm
Software that scans students’ online activity and flags children believed to be at risk of self-harm comes with significant risks, a new report warns.
6 min read
Conceptual image of students walking on data symbols.
Laura Baker/Education Week and Orbon Alija/E+
IT Infrastructure School Districts Seek Billions in New Federal Money for Connectivity, FCC Announces
The Federal Communications Commission received $5.1 billion in requests for new funding to purchase devices and improve internet access.
2 min read
Image shows two children ages 5 to 7 years old and a teacher, an African-American woman, holding a digital tablet up, showing it to the girl sitting next to her. They are all wearing masks, back to school during the COVID-19 pandemic, trying to prevent the spread of coronavirus.
iStock/Getty Images Plus
IT Infrastructure School District Data Systems Are Messed Up. A New Coalition Wants to Help
Organizations representing states and school districts have teamed up with ISTE to help make data systems more user-friendly and secure.
3 min read
Conceptual collage of arrows, icon figures, and locks
Sean Gladwell/Moment/Getty
IT Infrastructure More Families Have Internet Access. So Why Hasn't the Digital Divide Begun to Close?
A new study says low-income families’ access to the internet has soared in the past six years. But there are other barriers to connectivity.
3 min read
Glowing neon Loading icon isolated on brick wall background. Progress bar icon.
Mingirov/iStock/Getty Images Plus