IT Infrastructure & Management

Attacks on Web Sites Put Technology Officials on Alert

By Andrew Trotter — February 23, 2000 5 min read
  • Save to favorites
  • Print

The tremor of fear that rippled through the “dot-com” community this month after computer hackers attacked and shut down several popular commercial Web sites also buffeted officials who watch over school data networks.

“I certainly asked my network expert about it,” said Lee G. Peters, the superintendent of the Onandaga Board of Cooperative Educational Services, an agency in Syracuse, N.Y., that provides data services to more than 50 area school districts.

The attacks were carried out by individuals who used the Internet and some commonly available software tools to gain access to computers at various organizations, including at least two U.S. universities. The hackers instructed the computers to bombard the World Wide Web sites with bogus requests for information, overloading their systems to the point of temporary collapse.

The incidents have raised concerns that school district computers linked to the Internet could be used to create mischief in the same way, or that similar attacks could be launched against school Web servers.

“School districts are in the same state of unpreparedness as businesses, but only worse. They have a fence without a lock on the gate,” said Winn Schwartau, the president of Interpact Inc., a security-awareness consulting firm in Seminole, Fla.

“It’s a wake-up call to educational institutions,” said Allison Taylor, the director of marketing at PGP Security, a division of Network Associates, in Santa Clara, Calif.

Constant Assaults

School data networks already face constant low-level assaults by hackers, Mr. Peters said.

“We average 20 attempted attacks a month,” he said. “They come from all over,” including Europe.

To date, no one has been able to crack Onandaga’s system without an official identification number, Mr. Peters said.

But in August, the system suffered a major breach when someone who had stolen a legitimate ID number and password logged on and altered data records.

The changes were detected after teachers at Ithaca High School noticed vulgar language appearing in the teacher-comment section of student report cards. From an outside computer, the intruder changed more than 1,000 records, including students’ grades and possibly some health records, officials said.

Last week, New York state troopers arrested a suspect in the case, a 17-year-old Ithaca boy who dropped out of school.

School Web sites have also become a frequent target for electronic graffiti artists, several administrators said.

The Rockford, Ill., school district’s site was defaced last April, said Jim Jennings, the district’s communications director and “webmaster.” A student whom Mr. Jennings called “a bright young man with too much time on his hands” got into the district Web server and changed about a dozen Web pages.

Since that incident, the 27,000-student district has added security equipment and made sure that all ports, or entry points, that can be used to change data on the server are closed unless they are needed for a legitimate purpose, Mr. Jennings said.

Increasingly Vulnerable

For now, most districts are probably less likely than businesses to be struck by the massive “denial of service” assaults that temporarily crippled the Web sites of Yahoo!, CNN, eBay, and Amazon.

That’s because online retailers depend on Web servers much more than schools do, school computer experts say.

But schools’ vulnerability will grow as they link more computers and networks to the Internet and move more functions to their Web sites, the experts add. “The whole idea is to make sure you make information available 24-7"—meaning round-the-clock, all week long—"and to make sure you receive information,” Mr. Jennings said. “We’ve got hits from all over the world on our programs and [class] reunions.”

In other districts, Web-based information systems already have become vital.

Bob Moore, the director of information and technology in the Blue Valley district in Overland Park, Kan., said his district’s network distributes to staff members sensitive information that would be sorely missed if it were unavailable because of a hacker attack.

“Many of our students have to take medications throughout day and have serious health conditions. All that information is on the computer system, and a nurse and other key people in the system have to have access to it on demand,” Mr. Moore said. Another feature gives school personnel immediate information about who is authorized to pick up a child from school.

“People tend to think of personnel information and grades [being on the school network], but you get into real safety, health, and legal issues,” he said.

While school districts have been expanding their data networks and linking them to the Internet, many have not made matching upgrades to security, experts say.

The level of data security “vastly differs from district to district,” Ms. Taylor of PGP Security said. Though districts place a higher priority on data security and planning than the business sector does, she said, “the challenge in the education sector is the budgetary constraints.”

Layered Approach

A “firewall,” which selectively blocks communication between the network server and the Internet or computers on the network, is the first line of defense against hackers.

But districts shouldn’t rest easy just because they have one, Mr. Schwartau, of Interpact, said. “People say they think they have a firewall and are safe. That’s one of the most naive things they could say,” he said. “There are so many ways to get around it, so many hacks.”

The best defense is to wrap the network in layers, Ms. Taylor said. That way, a hacking technique that penetrates one defensive layer may be caught by the second layer, or the third.

Unfortunately, Ms. Taylor said, districts tend to omit some layers when their budgets are tight.

School districts generally first buy anti-virus software, then invest in firewalls for their networks, she said. But they usually omit what is termed “active security,” a system that orchestrates a whole range of security measures in an automatic response to attacks. Such a system, which Ms. Taylor described as “high end,” would shut down communication with an external computer—or seal off a group of internal computers—if it detected an attack.

Equally important to the technical tools, experts emphasize, are the human tasks of planning the level of access to be allowed eacsh type of user of the system, teaching users not to give out passwords, and supervising and updating the security system regularly.

Related Tags:

A version of this article appeared in the February 23, 2000 edition of Education Week as Attacks on Web Sites Put Technology Officials on Alert

Events

Ed-Tech Policy Webinar Artificial Intelligence in Practice: Building a Roadmap for AI Use in Schools
AI in education: game-changer or classroom chaos? Join our webinar & learn how to navigate this evolving tech responsibly.
Education Webinar Developing and Executing Impactful Research Campaigns to Fuel Your Ed Marketing Strategy 
Develop impactful research campaigns to fuel your marketing. Join the EdWeek Research Center for a webinar with actionable take-aways for companies who sell to K-12 districts.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Webinar
Navigating Cybersecurity: Securing District Documents and Data
Learn how K-12 districts are addressing the challenges of maintaining a secure tech environment, managing documents and data, automating critical processes, and doing it all with limited resources.
Content provided by Softdocs

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure & Management Why Schools Struggle to Keep Track of Students' Laptops
Districts should be tracking their technology assets as much as they can, but it's easier said than done, experts say.
4 min read
A multi-ethnic group of elementary age children are in the computer lab using laptops. A little boy is watching a video and is listening to music.
FatCamera/Getty
IT Infrastructure & Management Ed. Dept. Outlines How Schools Can Use Federal Funds to Sustain Tech Programs
School districts can use federal funds to support digital learning programs started during the pandemic.
3 min read
Tight shot of diverse, elementary school children using a tablet in class
iStock/Getty Images Plus
IT Infrastructure & Management A Change in Federal Funding May Make the 'Homework Gap' Worse
With the increase in tech use, it’s important that students have sufficient connectivity to access learning materials while at home.
3 min read
Photo of girl working at home on laptop.
iStock / Getty Images Plus
IT Infrastructure & Management Students Are Viewing Porn at School. How Educators Can Stop Them
Nearly a quarter of teenagers said they have viewed pornography at school, new survey shows.
3 min read
Image of a phone and headphones sitting on a stack of books.
iStock/Getty