Kids’ science kits could take hit from new safety ruling

Science kit makers say the items in the kits aren't harmful to children and would be too costly to test.

Science kit makers say the items in the kits aren't harmful to children and would be too costly to test.

One of the tools that teachers often use to get kids jazzed about science—hands-on science kits—could face an uncertain future amid a debate over safety.

The Consumer Product Safety Commission has been mired for weeks in deliberation as it writes guidelines on what makes a product a “children’s product”—and consequently which products would have to undergo more stringent safety testing. Caught up in the debate are those classroom science kits and some of the items they contain, such as paper clips to show kids how magnets work.

The science kit makers had asked for a testing exemption for the paper clips and some other materials. The commission declined to write the waiver they sought into the guidance it approved Sept. 29 on a split, 3-2 vote.

The guidance is supposed to help sort out which products have to be tested under legislation passed by Congress more than two years ago that requires rigorous safety checks for lead, chemicals, flammability, and other potential dangers.

The science kit makers argue the paper clips, rulers, and other items in the kits aren’t harmful to children, would be too expensive to test, and shouldn’t have to be tested because they are everyday items found in homes and schools that don’t have to be tested if bought separately at retail. A requirement to test, they say, would force them to refocus and market kits to older children instead of the 12-and-under crowd the law targets.

After the vote, CPSC Chair Inez Tenenbaum sought to reassure people that “there is nothing in this rule that bans science kits.”

While it doesn’t ban the kits per se, manufacturers say it might crimp the supply of kits for elementary school children.

“If the first introduction a student has is seventh or eighth grade, you’ve lost them already,” said Steve Alexander, business manager for the Hands On Science Partnership, based in Denver. The costs associated with “the testing requirements would far exceed the value of the materials in the kits,” he said.


Top-notch security a must to remain in compliance, gain grants

Investing in procedures, training, and equipment that can make networks more secure is well worth the expense for higher-education institutions, and not only for the savings to bank accounts—and reputations—that can result from avoiding costly security breaches.

“In a time of increased national security concerns, pressure is mounting for colleges to gain better control of their computer networks—or risk losing federal grant money for research,” Michael A. McRobbie, vice president of information technology for the Indiana University system, recently told an audience at the annual meeting of the higher-ed technology advocacy group EDUCAUSE.

James Webb, chief information officer at West Texas A&M University, agrees. For example, he says, “if your institution deals with credit cards—and almost all of us do—the Payment Card Industry now requires quarterly scans by a PCI-approved scanning vendor. We [also] have Texas Administrative Code 202 at the state level, which requires institutions of higher education to adhere to well-defined information security standards. TAC 202 also requires vulnerability testing to be conducted on an annual basis.”

Recent additions to TAC 202 now require an independent review of an institution’s information security program.

“The penalty for not keeping up with such requirements could include financial penalties or loss of funding,” he says.



How four institutions manage security threats

IT managers at Stanford University were concerned. As security threats to colleges and universities increased, Stanford needed to keep private matters private—but at the same time, the university’s IT staff wanted to ensure that its wealth of information resources remained widely available to students, faculty, and researchers.

Yet, each academic department and school was responsible for its own network security measures, leaving this vital layer of protection an “incomplete patchwork,” school officials explained. The university needed an organization-wide firewall service that could accommodate a highly decentralized environment.

Stanford divides its campus network into eight operational zones, with each zone partitioned into multiple virtual firewall or security zones. Each security zone needed a unique set of security policies, virtual private network (VPN) access controls, and administrators.

To solve this challenge, Stanford deployed more than 20 Juniper Networks NetScreen-5000 Security Systems at the network perimeter and data center to protect the academic, administrative, and residential networks against malicious attacks and intrusions. Stanford now offers a baseline firewall service at no cost to all departments, and additional firewall services are available by request.

The Juniper Networks firewalls are deployed in redundant pairs to maximize resiliency and uptime. Full-mesh configurations allow for redundant physical paths, which also maximizes resiliency and helps the university protect its IT resources in the event of a campus emergency.

The firewalls reduced Stanford’s risk exposure and improved security compliance by offering a consistent level of firewall protection that meets the individual needs of its departments—and Stanford IT executives say the virtualized security service was deployed quickly and without disruption to IT operations.

Stanford integrated the NetScreen-5000 line of firewalls with its NetDB database, which offers a way of registering a unique name and IP address for each networked computer, to create a decentralized, self-service model in which firewall policies can be implemented hourly. The university also gained operational efficiencies by standardizing on Juniper Networks firewalls, as its IT staff no longer must manage and maintain firewalls from multiple vendors.

Northwestern University also constructs its security network in layers. “Juniper supplies our campus network border routers—the ones that connect us to the outside world, other research institutions and networks,” says Julian Y. Koh, Northwestern’s manager of network transport, telecommunications, and network services. “That’s the first place you want to start applying security filters.”

The university also uses Juniper security at the firewall layer. “We have dedicated firewall appliances in front of our data center to protect the data center and enterprise applications from attack, not just from the outside world but also from anyone on campus,” Koh says. His department gives schools within the university the option to contract with IT for their local firewall services. If a given department or school has a small number of machines to protect, IT might deploy a low-end firewall. If a school has greater demands, such as the need to protect a high-speed computing cluster or a larger number of machines, Koh can ramp up the capabilities to meet its needs.

In addition, Northwestern uses Juniper for secure remote access. The university deploys Juniper SSL VPN technology to provide secure access to sensitive data and restricted applications. With this technology in place, says Koh, it has been easy to define various roles and give users different levels of access depending on who they are.


Network Security Glossary of Terms

ACL (access control list): A method of keeping in check the internet traffic that attempts to flow through a given hub, router, firewall, or similar device. Access control is often accomplished by creating a list specifying the IP addresses and/or ports from which permitted traffic can come. The device stops any traffic coming from IP addresses or ports not on the ACL.

Address space probe: An intrusion technique in which a hacker sequentially scans IP addresses, generally as the information-gathering prelude to an attack. These probes are usually attempts to map IP address space as the hacker looks for security holes that might be exploited to compromise system security.

Agent: A computer program that reports information to another computer or allows another computer access to the local system. Agents can be used for good or evil. Many security programs have agent components that report security information back to a central reporting platform. However, agents can also be remotely controlled programs hackers use to access machines.

AH (authentication header): An IPsec header used to verify that the contents of a packet have not been modified while the packet was in transit.

Alias: A shortcut that enables a user to identify a group of hosts, networks, or users under one name. Aliases are used to speed user authentication and service configuration. For example, in configuring a firewall, a user can set up the alias “Law School” to include the IP addresses of every network user in a university’s law school.

Auto-partitioning: A feature on some network devices that isolates a node within the workgroup when the node becomes disabled, so as not to affect the entire network or group.

Backdoor: A design fault, planned or accidental, that allows the apparent strength of the design to be easily avoided by those who know the trick.

Block cipher: A procedure that translates plain text into coded text, operating on blocks of plain text of a fixed size (usually 64 bits). Every block is padded out to be the same size, making the encrypted message harder to guess.

Blocked port: A security measure in which a specific port is disabled, stopping users outside the firewall from gaining access to the network through that port. The ports commonly blocked by network administrators are the ports most commonly used in attacks.

Botnet: A collection of computers that are infected with small bits of code (bots) that allow a remote computer to control some or all of the functions of the infected machines. The botmaster who controls the infected computers has the ability to manipulate them individually, or collectively as bot armies that act in concert. Botnets are typically used for disreputable purposes, such as Denial of Service attacks, click fraud, and spam.

Certificate: An electronic document attached to someone’s public key by a trusted third party, which attests that the public key belongs to a legitimate owner and has not been compromised. Certificates are intended to help you verify that a file or message actually comes from the entity it claims to come from.

Certificate authority (CA): A trusted third party (TTP) who verifies the identity of a person or entity, then issues digital certificates vouching that various attributes have a valid association with that entity.

CHAP (Challenge Handshake Authentication Protocol): A type of authentication where the person logging in uses secret information and some special mathematical operations to come up with a number value. The server he or she is logging into knows the same secret value and performs the same mathematical operations. If the results match, the person is authorized to access the server. One of the numbers in the mathematical operation is changed after every login, to protect against an intruder secretly copying a valid authentication session and replaying it later to log in.


Manage IT

iconJust as students need more access to technology and web services, you have fewer resources with which to provide them. We’d like to help you manage your school network-providing users with more services and doing it all with less money.

You’re IT. Get the information you need to Manage IT. In this guide, you’ll find out how you can deliver more services on your school network with less money and fewer resources.

See Page 2 for the full guide.


Lawmaker’s net neutrality compromise: Solution or last gasp?

As House Commerce Committee Chairman Henry Waxman, D-Calif., prepares to release his legislative proposal for new rules to preserve an open internet, a leaked version reveals that it would limit the FCC’s authority to enforce net neutrality, Ars Technica reports. According to the leaked draft, internet service providers (ISPs) would be forbidden to “unjustly or unreasonably discriminate in transmitting lawful traffic over a consumer’s wireline broadband internet access service.” But the proposal would not apply to wireless broadband, and the FCC would be given no new rulemaking authorities regarding ISPs. If that sounds familiar, it should: It bears a very strong resemblance to the Google/Verizon “compromise” plan on net neutrality released to great dismay from public-interest groups in August. How did we get from FCC Chairman Julius Genachowski’s proposals for clear net-neutrality enforcement and ISP transparency rules to this? First, factor in massive pushback, threats of lawsuits, and Capitol Hill lobbying from ISPs. Next, plug in a bitterly partisan midterm election year, which seems to have scared the daylights out of the Obama administration. Various D.C. folk have said they believe the FCC’s reluctance to carry out its own agenda is a by-product of pressure from the White House itself…

Click here for the full story


Rutgers freshmen charged for using hidden camera on a student

In a case of video voyeurism gone high-tech, a pair of Rutgers University freshmen secretly placed a camera in a dorm room earlier this month and broadcast a live feed of a fellow student’s “sexual encounter” on the internet, reports the Star-Ledger. It’s unclear how many people saw the intimate images of the unsuspecting 18-year-old on the Piscataway, N.J., campus online, law-enforcement officials said. But someone eventually tipped off campus police. Dharun Ravi, 18, and Molly Wei, 18, were charged with two counts each of invasion of privacy for using the camera Sept. 19 to view and transmit the live sex scene, said Middlesex County Prosecutor Bruce Kaplan. Ravi is also charged with two additional counts of invasion of privacy for unsuccessfully trying to capture a second scene involving the same student two days later, Kaplan said. Rutgers officials said the students also might face discipline on campus for the alleged invasion of privacy. “The university takes these matters seriously and has policies to deal with student behavior. Under federal law, the university cannot comment on specifics involving student conduct,” said Sandra Lanman, a Rutgers spokeswoman…

Click here for the full story


Mobile device boom sparks U.S. web address shortage

A telecommunications official on Sept. 28 warned that the United States could run out of unique internet addresses to assign to new devices by the end of next year, Reuters reports. Internet Protocol version 4, known as IPv4, provides the dominant architecture for the internet. It requires devices to have unique identifiers, known as an IP address, but it only has space for 4.3 billion of those addresses. The recent profusion of mobile devices like Research in Motion’s BlackBerry and Apple’s iPad, and the expansion of internet services to more homes, have quickly depleted available addresses. An upgrade to the internet’s main communications protocol with more space, called IPv6, is available—but adoption in the United States has lagged behind Europe, China, and other countries. “We now face an exhaustion of IPv4 addresses,” Lawrence Strickling, administrator of the U.S. National Telecommunications and Information Administration, said at a meeting of government and industry stakeholders. “Fortunately, IPv6 will support 340 trillion trillion trillion addresses,” Strickling said, and he urged organizations to deploy and integrate IPv6 widely. But the transition might not be easy. It could cost enterprises a lot of money, and the new technology might not work well with the technology they use now…

Click here for the full story


New tool helps explore path to more tech grads

Policy makers and philanthropists have a new resource in the effort to increase the number of graduates in science, technology, engineering, and math, reports the Associated Press: An online tool developed by the Business-Higher Education Forum with help from Ohio State University debuted Sept. 27. The new tool allows people to see what combinations of policies might create the most interest in such degrees and careers, such as retaining more teachers or starting an elementary science club. More than 200 research variables are included in the model, which was developed by Raytheon Co. A national push is on to double the number of graduates in the STEM fields by 2015. The new tool is available free of charge, and state-level data will be available for the first time for Texas, Arizona, California, Maine, and Florida…

Click here for the full story


Amazon launches ‘Kindle for the Web’

Amazon has unveiled a program that allows Kindle electronic books to be sampled in a web browser, AFP reports. “Kindle for the Web” is featured on the online retail giant’s web site,, and book samples can be embedded on other web sites or shared through Facebook and Twitter. Users can click on a “Read First Chapter Free” button on selected Amazon books, and a browser window opens featuring the sample chapter. The eBook also can be purchased directly from the browser. “With Kindle for the Web, it’s easier than ever for customers to sample Kindle books—there’s no downloading or installation required,” Amazon Kindle director Dorothy Nicholls said in a statement. “Kindle for the Web is also a great way for bloggers and authors to promote books on their web sites by letting visitors read a chapter without leaving their site.” Bloggers or web site owners who sign on to “Kindle for the Web” can earn referral fees from Amazon when customers buy books using the links on their web sites, Amazon said…

Click here for the full story