Skip Navigation
Weaving a Secure Web Around Education: A Guide to Technology Standards and Security
  Table of Contents and Introductory Material
Chapter 1
  The Role of the World Wide Web in Schools and Education Agencies
Chapter 2
    Web Publishing Guidelines
Chapter 3
    Web-Related Legal Issues and Policies
Chapter 4
    Internal and External Resources for Web Development
Chapter 5
    Procuring Resources
Chapter 6
    Maintaining a Secure Environment
PDF File (1,119 KB)

Ghedam Bairu

(202) 502-7304

Chapter 6: Maintaining a Secure Environment

  • How can an agency assess the threat of a security breach and take appropriate action?
  • What steps can an agency take to secure computer hardware and software on a network?
  • What steps can an agency take to secure the physical network?
  • What steps can an agency take to secure data and maintain data integrity?


Education agencies thrust into the world of computer networks and electronic communications are often unprepared for the related security risks and are unaware of many of the strategies that can protect their system. The agency's technology officers or technical staff working directly with Internet or intranet (i.e., internal networks, as opposed to the outside world of the Internet) networks will most readily appreciate the technical aspects of security presented in this chapter. Nontechnical staff should find the broader discussion of security helpful in understanding the absolute necessity for and value of securing all facets of the agency's network.

Security is a process that focuses on ?CIA?: confidentiality, integrity, and availability.

The recommendations in this chapter are detailed and extensive. Education agencies must be prepared for every eventuality ranging from a careless employee walking away from a computer station that is logged onto a sensitive data site to a hacker trying to break into the agency's system to physical destruction of the network by a tornado, hurricane, or earthquake. An agency involved in maintaining a computer network, especially one with Internet access, should use the information in this chapter to identify and resolve system vulnerabilities and in so doing reduce the risk of liability.

The security recommendations described in the chapter are solid, fundamental business practices that are, for the most part, not unique to the education sector. However, because education agencies are responsible for ensuring the physical safety of children in a stable environment that fosters learning, the obligation to extend security precautions to online computer information systems is especially strong. In addition to student safety, other areas at potential risk include the confidentiality of student, staff, or financial data sent or received through the Internet; the integrity of intellectual property; and the investment in hardware, software, and other resources.

When considering security precautions, education agencies in particular should take note that the greatest exposure to risk comes from within the organization. Internal agency employees perpetrate most network security violations. Malicious, or even unintentional, corruption of data, hardware, or software can be crippling to any enterprise. Illegal acquisition and disclosure of sensitive student information can harm a child and ultimately the school system.

An agency should assess the legal and financial ramifications of failing to make a reasonable effort to secure the network and its many components.

The following key areas for strategic planning organize the discussion of network security in this chapter. The following methods for securing each component of the network, whether a local or wide area network, are presented:

  • security assessment;
  • securing hardware;
  • securing operating systems;
  • securing software (applications);
  • securing the network, including wireless networks; and
  • data security.

Security Assessment

The first question to ask is what needs to be done to provide appropriate security for the agency's network? The total network is only as secure as its weakest link, and, as mentioned, most security breaches occur from people who work inside the agency itself. For this reason, the implementation of very simple security measures, many of which are free or are inexpensive, can provide significant protection for the total network.

The first step is to perform a security assessment. If multiple agencies are connected to a larger intranet (a private network that provides users access within the agency and to the public Internet), the security assessment is ideally performed collaboratively. Common security strategies should be employed throughout this intranet and for all components of the network.

In performing a security assessment, the agency should address each of the topics discussed in this chapter. In assessing the level of security, agency staff should

  • identify each point of potential failure in the system and assess how each failure would affect the agency;
  • prioritize the points at greatest risk or those that would cause the biggest problems for the agency; and
  • ascertain one or more solutions to secure those points and determine the costs associated with each solution.
A security plan should be written under the auspices of the district technology director, but should involve other agency representatives. When developing the plan, the agency should consider the following issues:
  • The plan should be drafted for adoption by the governing body.
  • The plan should take into consideration the information gained during the assessment phase.
  • System users should be educated about the plan and its importance to the agency.
  • System users should be consistently informed of changes to security procedures.
  • The agency should regularly appraise security protocol and should revise or update the plan as needed.

Securing Hardware

Hardware security includes the physical protection of equipment (e.g., computers, printers, monitors, etc.) from both theft and damage. Different types of hardware require different types of protection. Servers and related equipment should be placed in a secure room with limited access. The room should have proper environmental conditioning and fire protection equipment.* (i.e., fire extinguishing systems should be used in areas where water cannot be used).

While this may seem obvious, an asset (inventory) control system will assist with the agency's technology planning efforts. Without an asset control system, the agency will be unable to determine what hardware exists or where it is. This system is also important so that the agency can determine which computers, or other systems, need to be replaced as they become obsolete.

Along with the obvious fact that proper security deters theft of property, effective hardware security bars unauthorized access to the server. Proper security prevents people from tampering with server settings, corrupting data, or gaining access to unauthorized programs and confidential information. Measures for securing hardware systems include the following:

  • allocate dedicated building space to house centralized hardware;
  • maintain controlled entry (e.g., card, key, combination lock access);
  • make certain that a proper fire protection system exists;
  • maintain proper temperature and humidity controls;
  • evaluate the need for adequate electrical power, including power for air conditioning;
  • provide emergency sources of power (e.g., UPS battery backup, alternative electrical generator);
  • arrange equipment placement within equipment racks and on the floor in a way that allows adequate ventilation;
  • monitor the room environment and electrical systems; and
  • use network monitoring and packet-sniffing (see below) utilities that display and log data traffic to detect the installation of unauthorized hardware and/or software applications (i.e., monitor for protocol violations, bandwidth-intensive applications, etc.).

Securing Operating Systems

The operating system (OS) is the underlying computer system on which application programs run. Choosing an OS is a critical decision that directly affects the security measures an agency must take. Some OSs are easy to use but less secure. Others are more complicated to maintain but when properly configured are virtually impenetrable. Whatever the choice, the system must be "hardened," or secured, by removing unneeded functions, restricting access, and tracking changes and processes.

If, for example, a port (i.e., a doorway into a system) is left open unintentionally, it can become the door through which an intruder can enter the network. Conversely, if the system is secure, intruders will have a much more difficult time entering the system.

Many OS options are available, from "UNIX-like" freeware (public domain software offered at no cost) to various Microsoft and Apple products, which vary in acquisition and maintenance costs. Acquisition cost does not necessarily indicate the power of any particular OS. The agency should ensure that the hardware and OS combination is robust enough for the intended purpose. The OS must have the ability to be configured to meet both the service and security requirements of the agency.

The criteria for the OS selection should be based on the agency's needs assessment. The agency should take into account the resources necessary to support the OS. If the agency chooses to run a mixed environment (a combination of hardware and software utilizing more than one OS), it should be sure the support resources required to maintain this configuration are available. A mixed computing environment requires additional expertise and resources in order to maintain proper security.

OS security consists of limiting access to network resources, such as centralized applications, files and directories, network printers, and other such components. Personnel should have network access only for the specific tasks related to their work. An appropriate policy for OS security is a baseline denial of access to all components by all personnel, with explicit access privileges granted on a case-by-case basis. User login credentials identifying the role(s) and profile of the user should "describe" the user's access parameters to the OS. The extent of access to network resources granted to the user should be based on the individual's authorized role/profile.

Different operating systems regulate user access in different ways; however, each provides similar functionality by assigning Read, Write, and Execute permissions on directories, files, network printers, etc., to groups of users or individual users as required. Some access-related security measures that should be implemented are as follows:

  • disable guest accounts;
  • change default passwords;
  • force frequent user password changes;
  • allow only nondictionary passwords, that is, a combination of alpha and numeric characters;
  • deny access by default;
  • restrict off-hour access unless the user requires 24/7 access;
  • for ease of administration, control access based on groups, profiles, and policies;
  • assign users into the smallest possible groups to eliminate unneeded access;
  • designate a system administrator backup to adequately cover leave times;
  • require administrator access through a different login mechanism, not through the normal user login;
  • allow only needed services to run on the network (e.g., Telnet, web, RSH, FTP, NTP, etc.);
  • allow only authorized administrators to install software;
  • allow only needed protocols to run on the network (e.g., IPX/SPX, Appletalk, NetBEUI, TCP/IP, DLC, SNMP, etc.);
  • integrate TACACS+ or RADIUS authentication into the agency's firewall to avoid unauthorized Internet access; and
  • enable firewall, virus, intruder detection, and network monitoring software (see below).

Securing Software (Applications)

As noted earlier, software programs are applications that run "on top" of the operating system. The most common applications are information systems, word processors, spreadsheets, e-mail programs, and web browsers. There are literally thousands of applications available. The purpose of this section is to provide education agencies with recommendations for securing software applications. Security in this area will limit (not eliminate) copyright infringements, assist in the proper licensing of software, and attempt to ensure that only authorized persons have access to software installation media.

Software installation media should be stored in a centralized location with proper documentation of the number of licenses and number of installations. These media should be protected from harsh environmental conditions, such as excessive heat, moisture, and electrical and magnetic fields (EMF).

All software media should be backed up regularly to ensure that no data are lost. Periodic backups stored in a secure off-site location will make it possible to recover quickly from a catastrophe on site. The agency should take into account regional peculiarities when storing backups off site. For example, in areas prone to earthquakes, media should not be stored in high-rise buildings; in areas prone to flooding, media should be stored in a facility away from the flood plain.

Some recommendations for software security are as follows:

  • store software media in a locked cabinet within a proper environment;
  • retain off-site storage for backups of installation media;
  • test the process for restoring software;
  • retain off-site storage of licensing and application documentation;
  • maintain and back up licensing management and related documentation;
  • allow access to applications through the use of network security settings to only those groups/users that require access;
  • implement a software-auditing package to ensure license compliance and to ensure that no unauthorized software has been installed on the agency's system;
  • standardize applications across the agency;
  • use virus-scanning software with frequent definition updates (network-attached appliances are available for e-mail virus scanning); and
  • use spamming prevention or filtering software to prevent unauthorized entry of email (e.g., do not allow web-based e-mail programs, such as Hotmail?). Unauthorized e-mail entry is a serious vulnerability that can lead to the entry of viruses into the network through a "back door."

Securing the Network

The same security procedures in place for server hardware apply to equipment that supports the network, including switches, hubs, routers, firewalls, access points, cabling, etc. Network equipment should be installed in an environment with proper ventilation and power requirements and should be protected from unauthorized access. The agency should place the equipment in dedicated building spaces. Access should be limited to staff that have a key, combination lock, key card, or other security device. Some basic precautions for securing network equipment are as follows:
  • limit access to network equipment to authorized individuals;
  • do not allow users to install unauthorized network equipment;
  • use secure, encrypted passwords for "root" access (access to the "root" enables users to control entire systems or servers); and
  • ensure proper cabling and cable protection by
    • running cabling under a false floor,
    • avoiding running cable over fluorescent lighting fixtures, and
    • staying within cable/fiber length requirements.
A fundamental action the agency can take toward maintaining a secure and reliable network is to hire a qualified individual to serve as the network administrator. Network administration is not a task for the average high school teacher/technology coordinator. Many agencies, however, cannot afford to hire an experienced network administrator for each school and often do rely on faculty for this position. If a teacher/coordinator is to be responsible for a school network, the agency must recognize training and professional development as priorities.

Agency network policies and procedures should be clearly defined. These policies should be made readily available to anyone responsible for maintaining the network. Listed below are some items to consider for agencies managing their own networks. The responsibilities of a network administrator are, for the most part, very technical in nature. This reinforces the point that training is critical for anyone with the responsibility of running a network. Agencies should

  • assign one individual to be responsible for network administration (and one individual as his/her backup);
  • limit access to network equipment console screens by login credentials (either on the piece of network equipment or using an authentication server);
  • limit access to Telnet sessions on network equipment through access lists and/or authorized workstations where only authorized users have access;
  • limit protocols running on the network equipment;
  • configure login banners to warn intruders of possible prosecution;
  • use firewalls to prevent unauthorized access between external and internal systems;
  • use unroutable IP addressing schemes within the internal network [Class A - (10/8 prefix), Class B - (172.16/12 prefix), Class C - (192.168/16 prefix)];
  • utilize intrusion detection systems (IDS);
  • inspect, analyze, and maintain router audit logs;
  • provide ingress and egress access control list (ACL) filtering to prevent IP spoofing; and
  • eliminate unauthorized network resource use by
    • monitoring network traffic and bandwidth usage and protocols to ensure adequate bandwidth for applications;
    • removing the ability to download unauthorized files;
    • restricting remote access to network resources to authorized individuals with types of remote access including dial-up connections, virtual private networks (VPN), and Point-to-Point Protocol (PPP);
    • implementing a multiple-authentication policy for authorized users or integrating into an authentication server;
    • eliminating any "back-door" types of equipment (e.g., user modems installed on desktops);
    • maintaining proper encryption of remote connections to ensure confidentiality; and
    • using VPN technology with proper encryption to gain connectivity through the public networks such as the Internet.

Chart for Securing a Network

Wireless Networks

Wireless communication is a rapidly evolving technology that is becoming increasingly prevalent in everyday life. The built-in security for wireless computer networks, however, is relatively weak. Technology coordinators need to pay particular attention to secure these networks properly, and the network administrator must keep up to date on emerging methods for securing wireless networks. Some security measures to consider when planning a wireless network are as follows:
  • shut off Service Set Identifier (SSID) broadcasting and use an SSID that does not identify the agency by name;
  • select a hardware vendor and software revision that has fixed the problem of randomization of initialization vectors (IVs);
  • utilize applications like AirSnort or BSD-AirTools, which will be less likely to crack the agency's Wired Equivalent Privacy (WEP) keys;
  • use 128-bit WEP and change WEP keys regularly. Select a vendor that provides a tool to rotate the agency's WEP keys;
  • disallow access to resources at the first router hop other than the agency's VPN server, which ensures that the only host available to the wireless segment is the VPN server until a tunnel is established;
  • place wireless access points on a dedicated virtual local area network (VLAN). Do not mix wired and wireless clients on the same LAN segment;
  • implement a policy that limits the amount of connectivity a wireless client has to the agency's network. Assess whether students/faculty/staff need more access than TCP/80, TCP/443, etc.;
  • utilize personal firewalls on the agency's workstations; and
  • disable automatic IP address assignment (DCHP).
If hackers are able to guess or crack the agency's WEP keys, they will not be able to access the remainder of the internal network because VPN and VLAN architecture with access lists will allow only authorized VPN clients to be routed to the network from a wireless VLAN segment. Hackers will be able to attack clients on the same subnet, however, and if one VPN connection is left up, it could be abused to access the rest of the internal network.

Network Reliability

Reliability of the network is a key to daily business operations and to an effective instructional program. Everyone in the school hears about the times a teacher has scheduled a web-dependent lesson only to be unable to access the network. It is imperative that "mission-critical" applications (e.g., financial systems, student information systems) always be available to those who depend on the systems.

Network architecture designed for redundancy, with built-in backups for primary resources, minimizes the incidence of network downtime. When considering this issue, the agency should take into account the extent of redundancy needed.

Where it is possible, consider redundancy in both LAN and wide area network (WAN) architectures during the design phase. The agency should select redundant service providers that use separate infrastructures. Some specific redundancies that can be built into the network apply to

  • the local loop for WAN connectivity;
  • switch management modules with redundant connections;
  • power sources for network equipment backed up by monitored UPS systems;
  • power supplies in network equipment;
  • network management (supervisor) modules in network equipment;
  • cabling, as required; and
  • redundant cabling in redundant conduits, ducts, or poles. Having a second cable running through the same conduit as the first provides little protection. For example, a conduit could be dug up by an "uncaring" backhoe destroying both primary and redundant cables.
Another measure to maximize network reliability is the implementation of intrusion detection systems. Intrusion detection systems are host-based or network-based software that monitors attempts to break into and gain access to the network. These systems watch data packets as they transit the network outside the firewall. They monitor attempted port scans, distributed denial of service (DoS) attacks, and other intrusion attempts. Intrusion detection protocol should include the following tasks:
  • install and configure an intrusion detection system;
  • enable port monitoring outside the agency's firewall;
  • review intrusion detection system log files daily;
  • configure blocking on the router (e.g., "black hole routing" of unwanted data) to head off severe hacking attempts; and
  • contact the organization that owns the address of the attacking IP address. Tools such as nslookup, tracerroute,or the following web sites can help identify the owners of the IP address space from which an attack originated:

Data Security

Data drive the engine of each educational organization. From payroll records to "datadriven decisions" about instructional programs to student information systems, human resources files, transportation information, and student portfolios-data integrity is critical.

Keeping data secure is the primary mission of those in charge of technology. Protecting the agency's data by implementing robust architectures and comprehensive backup and recovery plans is extremely important. The agency must take every precaution to prevent unauthorized users from changing data, deliberately or inadvertently, by way of a "hole" in security procedures. Security holes can occur from outside through the web or internally from within the LAN.

The following recommendations for maintaining data security are based on using Redundant Array of Independent Disks (RAID). This allows the same data to be stored in different places on multiple hard drives. When using RAID, the following steps should be taken:

  • Data files should be stored on separate logical drives consisting of a RAID-5 (stripped set) array of physical devices.
  • Transaction logs should be stored on, at least, a RAID-1 array (mirrored).
  • Applications should be installed on either a mirror set (RAID-1) or stripped set (RAID-5) and should be backed up when installed, changed, or updated.
  • Operating systems (OS) should be installed on, at least, a RAID-1 array and be backed up when they are changed.
  • OS, applications, and data should be stored on separate physical and logical drives (e.g., mirror set 0 to contain the system, mirror or stripped set 1 to contain applications, stripped set 2 to contain data).
  • Consistent backups of data off site should be maintained.
  • Robust network-attached storage (RAID-5) or storage area networks to maintain online or backup data should be used.
  • Clustered server architecture should be considered if the information stored is "mission critical.

Backing up Data

The reasons for backing up data are obvious. However, many agencies (both inside and outside the education community) do not take this task seriously until they lose data. When the payroll information cannot be found or when all the student information entered into the system during the day is lost, people will pay attention to backing up data. It is better to pay attention before a disaster strikes.

A back up procedure will not work if no one follows the procedures.

For years, personal computer users have been told to back up their data files. With a personal computer, backing up data and storing the backed-up data are relatively simple processes—that is, when people remember to do it. The potential consequences for failing to back up education agency data are magnified when dealing with a network of multiple users and applications that could affect the lives of those users.

A comprehensive procedure for backing up agency data is imperative. Of equal importance, staff must follow the procedure. When designing its disaster recovery plan, the agency should consider the frequency of backups (e.g., full, incremental), as well as available hardware, the system configuration, and the amount of data (and its importance) to be backed up.

Agencies located in areas where there might be earthquakes, hurricanes, or other natural disasters will understand the need for developing a backup procedure that uses removable media that can be transported off site. All agencies are vulnerable to some type of disaster. The solution is to have a backup plan and an off-site storage facility. Any of the following media are appropriate to use for archiving data:

  • removable storage,
  • magnetic tapes,
  • CD or DVD devices, or
  • network-attached storage.
Some backed-up data should be available at all times. For example, while it may be critical to have payroll system backups available on hand, the same degree of urgency may not apply to student portfolio information. Creating a clustered server (i.e., a group of servers clustered together and used to back up the data in various ways) environment increases the likelihood that necessary data will be available when they are needed. The following architecture options are available for clustered environments:
  • Load-balancing environments are clusters of servers arranged to share the load of user requests.
  • Hot standby environments require an identical server attached directly to the primary network server (for monitoring) to immediately take over filling user requests in the event of a primary server failure.
  • Cold-standby environments also consist of a secondary server to which data are frequently updated. In this case, the secondary server must be manually put into operation upon a failure of the primary server. One advantage of this option is that it removes the need to maintain identical servers with interlocking hardware.


Documentation of data file structure, metadata, and system architecture design criteria is essential in any data security plan. In the event of a nonrecoverable failure, the need to recreate an identical architecture is much easier with proper documentation. In the world of technology, with staff moving from job to job, having proper documentation will help new employees. They will be able to provide appropriate maintenance much more quickly if they can refer to written documentation.

Often documentation is provided when a network is first installed. It is up to the agency to allocate time so the technology personnel can update the documentation. Otherwise, the old documentation may be of little value.

Documentation = Protection
Out-of-date documentation = Very little protection

Data Integrity

Data integrity is vital for any organization. Having poor data is worse than having no data. Maintaining proper data constraints, validation rules, and application controls, such as those identified below, can help to ensure that data correctly input into the system remain intact:
  • No person, other than the database administrator (DBA), should have direct access to data for input or change. Other staff should use applications or programs designed for data input and update. These programs usually have "edits" and other programmed devices to ensure that data are entered correctly. When data are input or changed directly in the database, this protection does not exist.
  • Data applications must contain validation rules, format masks, and data-checking algorithms to ensure data integrity prior to committing to the database.
  • Online applications must contain the same rules as data applications.
  • Database servers should reside on a secure segment of the network (i.e., behind or inside the firewall).
  • Applications should be constructed to a three-tier environment (i.e., database server, application server, and client).
  • Security should be set so that the user logs into the application server ( not the database), with the application server having credentials to go to the database.
  • Proper database design and implementation are essential for maintaining data integrity. Considerations should include archive log rollback segments and rollback log files.

Database Security

Database security employs similar security measures as those for operating systems. Database security, like OS security, utilizes logons and passwords to authenticate users. Users are assigned to certain types of groups, which in a database environment are called roles. Systems administrators, backup operators, and standard users are examples of roles that can be integrated into the OS, so that, for example, OS administrators are automatically assigned to the systems administrator role of the database system. Database security can be maintained discretely or can be integrated with OS security. The advantage to integration is that the user requires only one logon for both systems.

Security measures implemented at the database system level are only truly effective if used in conjunction with proper security mechanisms implemented at the front-end application, such as dynamic web pages. Additionally, database design must include some security auditing measures, such as those that track when and by whom a particular data element was entered or updated.

As described in the above section on OS security, database security should grant user access to data resources, as grouped by role and profile, based on the respective functions. This profile grouping process is preferable to a method that merely grants access to individual users. As with OS security, the default database access security setting should be to deny access.

Transmission of data should be secured using protocol applications such as secure sockets layer (SSL) or secure shell (SSH), as described in the "Data Exchanges" section below.

Virus Protection

Staff training regarding virus protection is critical.

Software programs are sets of instructions written in various programming languages. These instructions are compiled or translated into binary numbers that enable a computer's central processing unit to interpret and implement actions. Computer viruses are specific types of programs designed to cause damage to a computer system's data.

Virus programs work in different ways and enter the computer via different methods. For example, a virus can be sent as an e-mail attachment, a macro (or mini-program) within a document, an executable program on a floppy disk, or by other means.

Virus protection software is an important component of a security system.

Virus protection software is a necessary system component that minimizes the possibility of data corruption due to a malicious virus by detecting and removing virus programs. Virus protection software can be purchased for individual computers, but it is most cost effective in large organizations to purchase a multi-user site license (an enterprise license) for the software.

Once installed, virus protection software must be updated frequently. People are creating new, and more destructive, viruses all the time. It is vitally important to download and install the latest updates as soon as they are available to ensure adequate protection of computer data.

The Family Education Rights and Privacy Act (FERPA) provides guidelines for the protection of student privacy.

Data Exchanges With Agencies Inside and Outside the K-12 Community

Education agencies have always exchanged data. Schools routinely send student transcripts to each other, and districts send transcripts to colleges and universities. The agency sending data must ensure that any transfer of student information meets the federal, state, and local regulations enacted to protect the privacy of students.

Current standard protocols in electronic data exchange use Electronic Data Interchange (EDI) and Extensible Markup Language (XML) formats. Both are standard electronic record formats that have been approved or are being developed to take advantage of protocols used by businesses and education agencies.

The design of data exchange formats must be carefully considered. Electronic exchange of confidential data, such as individual student records, requires the use of secure communications methods such as data encryption, virtual private networks (VPNs), or leased lines. Hardware-based encryption can be integrated into firewalls to create VPN tunnels over the public WAN. The movement of any private data over the public network requires at least 128-bit encryption. Examples of encryption algorithms include DSA, RSA, 3DES, IDEA, etc. Internet Protocol Security (IPSec) is an industry-defined set of standards that verifies, authenticates, and optionally encrypts data at the IP packet level. Secure sockets layer (SSL) can use various ciphers, including RSA, DES, 3DES, MD5, RC4, etc.

Encryption of Data

RSA public key cryptography, named for inventors Rivest, Shamir, and Adleman, is widely used for authentication and encryption of data. The agency can apply for a Digital Signature Standard (DSS), a digital signature for the authentication of electronic documents, or a general digital certificate through a Certificate Authority web site such as VeriSign®. This can be accomplished by submitting information about the agency and its web server via an encrypted Certificate Signing Request (CSR).

Once the Certificate Authority confirms that the agency is legitimate, it uses the CSR file to generate and validate certificates for the applying agency. The Certificate Authority will then issue the agency a server certificate to be installed on the agency's web server.

People who want to access this secure web server must have the Certificate Authority's root certificate installed on their own browser (VeriSign® is preinstalled on most browsers). Then secure information can be exchanged.

Digital certificates are used by the SSL security protocol to encrypt, decrypt, and authenticate data. The certificate contains the owner's company name and other specific information that allows recipients of the certificate to identify the certificate's owner. The certificate also contains a public key used to encrypt the message being transported across the Internet.

For each user's SSL secured session with the secure server, the user's root certificate creates a unique public key for the browser to encrypt and decrypt messages sent to and from the server. Public keys are discarded once the transaction's session ends. Messages sent from and received by the secure server are encrypted and decrypted using the server's private key.

A public (or shared) key algorithm can be easily utilized to encrypt data files for exchange. This method requires the use of a software package, such as Pretty Good Privacy (PGP), to generate an encryption key pair. The private key is kept within the agency; the other key is given to the party to be granted access. Whenever a key is "compromised" or needs to be changed, the software can create new keys.

Digital Signatures

Digital signatures are digital codes attached to transmitted data that uniquely identify the sender. Digital signatures can be integrated into web applications to ensure that only properly authorized users are inserting or changing data in the application (and subsequently the database). Digital signatures are also used to identify the sender in secure e-mail transmission.

A digital signature consists of a private key and a certificate. The private key is a large number that exists on a user's computer. By using this private key, the computer generates a digital signature that seals a message with information (a series of numbers or a code), affirming the identity of the sender of the message.

In turn, a certificate contains a public key and identification data about the person who holds the private key. Certificates are freely distributed and are used to verify that a digital signature was valid and generated by the person who physically possesses the private key.

Where Are the Security Risks Coming From?

Throughout this chapter, various protocols and policies have been discussed for protecting individuals, data, and hardware. It is ironic that the greatest security risks come from the people these policies are designed to protect.

The greatest security risks come from people inside the agency, not from outside hackers.

The leading security concerns for an education agency come from inside the network-teachers, students, or other staff who engage in unauthorized behavior, either knowingly or inadvertently. These activities may range from administrative staff taping the system password to the desk to a high school student showing off his/her hacking abilities to a student trying to access the system to manipulate his/her grades. As discussed earlier in this guidebook, the agency must develop and disseminate clearly stated Internet/World Wide Web usage policies. These policies will add clarity to the tasks required of the network administrator. They should include:
  • a password policy;
  • an Acceptable Use Policy;
  • anti-virus procedures;
  • an e-mail policy;
  • a remote access policy;
  • an encryption policy;
  • system audit procedures;
  • confidentiality and data distribution procedures; and
  • a copyright compliance policy.


  • The agency should perform a security assessment to determine what measures need to be taken.
  • System security is a complex enterprise that is best left to professionals rather than to high school faculty or technology staff. However, when resources dictate the use of teachers/technology coordinators to implement security, the provision of adequate professional development and written policies is critical.
  • Hardware security includes creating a physical environment in which equipment is protected.
  • Application and operating system software can be protected by using passwords and by eliminating access to those who have no need to use particular software.
  • Many aspects must be addressed to ensure total network security, including the following:
    • qualified individuals must be hired to maintain networks;
    • appropriate tools must be used to monitor networks;
    • intrusion detection systems must be used; and
    • regular inspection and analysis of router audit logs must be implemented.
  • Data integrity and security can be maintained through processes similar to those used for operating system security.
  • Each computer connected to a network should be protected by anti-virus software.
  • The transmission of data from one agency to another creates additional security risks that can be minimized through the use of standardized protocols, various encryption technologies, and digital signatures.


* Halon gas is believed to deplete the ozone and is no longer produced in the United States. Use of Halon has not been banned, and may still be available, but the U.S. Government recommends alternative methods.