An internet connection is critical to the success of schools, especially during standardized testing. Administrators need the system optimized and running without any bugs, or it could interfere with student testing. Think of the massive backlash from parents and problems for graduating students if a testing center failed. Important days like this can be stressful for school network administrators forced to ensure that nothing from their end disrupts operations. You can monitor the environment to reduce the chance of issues. This article gives you practical advice for monitoring and intrusion detection.

Install Web Content Filters

Web content filtering catalogs the internet into categories. You then blacklist categories inappropriate for students and administrators. School administrators might have access to more categories. For instance, they might have access to local restaurant websites, but students might be blocked. Unless necessary for research or teaching, network administrators can block sites known to host malware or phishing.

Think your IT is in good shape?

Take the free 3-minute readiness quiz

By blocking content, you filter out many of the sites that could introduce malware to your network. Kids and administrators can be tricked by “drive-by” download sites. These sites often have pirated software with hidden malware. For example, a site might promise free gaming currency to kids in exchange for downloading malware. Administrators might download malware thinking it’s legitimate software.

Phishing is also an issue, although mainly for administrators. Kids can be tricked into divulging private information, but administrators can be tricked into divulging network credentials. With these credentials, attackers could gain access to the environment. Good web content filters block these sites and send notifications to administrators if too many requests from malicious content come from a single user.

Features you should consider for an effective web content filter:

• Ensure it follows CIPA compliance regulations
• Allows for category blacklisting and whitelisting of individual domains
• Cloud-based filters should be DNS-based
• Has frequent automatic updates

Configure Firewalls to Block Inappropriate Traffic

A firewall blocks incoming traffic, but outgoing traffic can also be a sign of malware or inappropriate applications. Malware like ransomware communicates with a central server to let an attacker know that a machine is available. Some malware allows attackers to remotely control the local machine. Blocking this type of traffic on a firewall inhibits an attacker’s ability to further disrupt network operations and steal data.

If you have internet at home, your ISP runs a firewall to block all incoming traffic unless you specifically whitelist protocols. The same should happen with your school firewall. Incoming traffic should be blocked, especially from accessing a private network segment for testing. Outgoing requests should be mainly blocked unless an application needs a specific port. Monitor outgoing traffic to detect any anomalies, and some ports might need manual blocking. For example, it might be best to block application ports used for entertainment purposes with no work-related activity.

A few other configurations to consider:

• Use access control lists to configure services for teachers and administrators but block students
• Segment the testing network from any administrator devices with a firewall to control traffic
• Install a router between any guest Wi-Fi and the internal environment

Require SSL/TLS Traffic

Without encrypted traffic, all users are vulnerable to man-in-the-middle (MitM) attacks. A MitM attack can be conducted by a trusted user on the network. The trusted user intercepts traffic using an application like Wireshark and relays it to the intended recipient. All activity is invisible to the user, but any data shared during communication with the third-party server can be stolen. 

Data eavesdropping using a MitM attack requires software and a physical connection to the network, so it often happens from insider threats. Network administrators can monitor for this kind of activity, but trusted users physically inside the environment aren’t often monitored for malicious activity. Insider threats can be from a malicious user or from malware unknowingly installed on a user’s device.

Encrypted traffic doesn’t fully protect from MitM attacks, but it greatly increases the complexity of an attack. Administrators can further protect the testing environment by configuring all applications connected to the internet with SSL/TLS connections. Applications and the remote server must be configured to accept SSL/TLS traffic, but most modern software developers know to work with encryption especially over the internet.

Monitoring Software and Notifications

You have several monitoring applications on the market to choose from. Some applications monitor bandwidth and file usage while others monitor for uptime. Cloud providers have their own proprietary solutions for network monitoring. Logging software keeps track of any malicious behavior on the network, and artificial intelligence is often included to detect suspicious network activity.

Intrusion detection and prevention (IDS and IPS) will actively detect and block malicious threats. Detection is followed with notifications so that system administrators can review the issue. Cloud-based monitoring also has similar features. If you have a third-party managed service provider, they might have 24/7 monitoring and deal with issues when you are not in the office.

Installing a monitoring service requires a professional, so a managed service provider can help. Look for a few features to ensure data protection of your testing environment:

• Background monitoring that does not interfere with regular productivity
• Logging for audits and incident response
• Intrusion prevention to stop malicious activity

Work with a Managed Service Provider

A managed service provider (MSP) can help monitor your testing environment and take a lot of stress away from local network administrators. MSPs install monitoring software, secure the network, configure infrastructure, and work with local administrators on the overall security of the environment. 

Cloud-based platforms have their own monitoring, but you still must configure and manage it for monitoring to be effective. An MSP is also available 24/7 to receive notifications and deal with issues rather than having local administrators receive overnight calls. The latter can have a long delay in remediating an incident.

To have your school testing environment monitored, contact us to find out what Corporate Technologies can do for your security and operations.

FAQs