School computer networks are extremely vulnerable to the types of coordinated hacker attacks the brought major web sites to a standstill in mid-February, computer security experts say.
Computer consultants say that schools should consider the attacks of high-profile sites such as eBay and Amazon.com as “a wake-up call” about the potential for challenges to their system. The attacks, coordinated by as-yet unknown computer hackers, used a new technology that bombards an individual site with millions of information requests in a short period of time, thus rendering it frozen.
Schools regularly face individual attempts by outsiders to gain access to sites, but they have become fairly adept at defending against these hackers. A network administrator in the Onandaga County (N.Y.) School District said he sees about 20 attempts per month. However, the only breach of the system so far has been by a person who obtained the login and password of a person with access to the system, then logged in and changed some teacher comments on students, the administrator said.
While the New York experience involved actions that were fairly easy to detect, a school system that is maintaining records on students’ medical conditions, for example, faces far more dire consequences if information is changed or deleted. “People tend to think of personnel information and grades, but you get into real safety, health, and legal issues,” said the technology director of one Kansas school system.
One security measure that school systems should take is to make sure all ports that allow a user to change information on the site are carefully monitored to detect unauthorized usage. Using a series of security firewalls also is recommended, as the layers of defense will often discourage a hacker who has to figure out how to break multiple, different protective layers.
For information on developing security measures, visit the Department of Education’s guide to school data security at http://nces.ed.gov/pubs98/safetech.