k-12 web & e-mail content filtering michael i. debakey network and systems administrator...

K-12 Web & E-mail Content Filtering

Michael I. DeBakey

Network and Systems Administratormichael_debakey@l-spioneers.org

Lester S. Stoltzfus

Director of Technologylester_stoltzfus@l-spioneers.org

Michael Boggess

Regional Sales Manager, Lightspeed Systems

michael@lightspeedsystems.com

DeliveringProfessionalResponsiveQualityService

Brian SteigaufSystems AdministratorLancaster-Lebanon IU 13brian_steigauf@iu13.org

District Information

Encompasses Lampeter, Strasburg, Willow Street, and the southeast corner of the city of Lancaster

36.2 square miles

3,225 total students

470 total number of employees

Our Buildings

Five educational buildings (1 HS, 1 MS, 3 ES)

Two non-educational buildings (Administration Building and Maintenance Building)

All on one campus except for one elementary school

Traditional Web Filtering Problems

Obtuse and complex whitelist / blacklist Too much overhead to submission / approval process I.T.’s “fingerprints” are all over the place Non-existent or minimal integration with directory service

A Checklist for Content Management Decisions

CoSN’s (Consortium for School Networking) “Secure District” website:

http://www.securedistrict.org/safewired/checklist.cfm

Some excellent questions to ask on this topic…

CoSN: Philosophical Questions to Ask

Do you want students to be able to direct their own learning or is it more important for teachers to retain control of what goes on in the classroom?

Should different standards be applied, based on the age of the student? Should school employees be subject to the same rules as students, to their

own set of rules or to no rules? Would you prefer to simply monitor how students and employees use the

Internet, rather than blocking their access to sites? Are there other issues that you want to address at the same time? (Viruses,

malware, application security, mail filtering, etc.) How will school officials respond if students are found to be accessing

inappropriate material? What strategies will your school district use to teach "information literacy?"

CoSN: Evaluating Content Management Products

What kinds of content are you concerned about? What has the experience been with the solution you propose to use? How are users notified when they try to access a blocked site? Does the proposed solution address other forms of content besides just

Web sites? How easy would it be for a child to hack into and disable a particular filtering

solution? Does the proposed solution incorporate advertising messages? Will third

parties be able to collect information about how your students are accessing the Internet?

If your students speak many different languages, does your proposed solution control access to sites written in languages other than English?

How will the proposed solution serve your district in the future?

L-S’s Questions

How easily does the product fit with our existing security model - Firewall, NAT, VPN, “offline” laptops, wireless?

Will it require any fundamental changes to our network topology? What kind of hardware do we need? What software do we need to install? Do we need to touch every computer

on the network? How granular is the control? Per student / staff user, per group, per

computer, per subnet? The $64,000 question: Does the authentication mechanism integrate with

our existing single sign on model? Will it cost us $64,000???

How About E-Mail?

Spam, open relays, viruses Attachment limits Student e-mail accounts hosted or on-site? Regulations relating to e-mail Do your “e-Recordkeeping” practices reflect

your paper recordkeeping practices? Archival methods… Are you prepared to

store all of that stuff?

Lightspeed TTC 7 Mail and Web Content Filtering In-Line Filtering for Best Performance “Internal” and “External” Network Interfaces Three Web Filter Policy Levels: Student, Staff, Administrative/IT MS SQL Server 2005 Required for Each TTC Server

Lightspeed TTC 7 Mail and Web Content Filtering In-Line Filtering for Best Performance “Internal” and “External” Network Interfaces Three Web Filter Policy Levels: Student, Staff, Administrative/IT MS SQL Server 2005 Required for Each TTC Server Web Filtering Hardware

1 x Dell PowerEdge 2950 Server 1 x Silcom Failover card ( 2 x 1000BaseT interfaces) 1 x Intel PCI NIC (2 x 1000BaseT interfaces)

Lightspeed TTC 7 Mail and Web Content Filtering In-Line Filtering for Best Performance “Internal” and “External” Network Interfaces Three Web Filter Policy Levels: Student, Staff, Administrative/IT MS SQL Server 2005 Required for Each TTC Server Web Filtering Hardware

1 x Dell PowerEdge 2950 Server 1 x Silcom Failover Card ( 2 x 1000BaseT interfaces) 1 x Intel PCI NIC (2 x 1000BaseT interfaces)

Mail Filtering Hardware 1 x Dell PowerEdge 2950 Server 1 x Intel PCI NIC (2 x 1000BaseT interfaces) 1 x Dell MD1000 Disk Array

Lightspeed TTC 7 In-Line Installation Always a Best Practice

TTC 7.3 Console Remote Deployment of Security Agent “One Stop Shop” for Managing Antivirus Scans and Client Updates Active Directory-Integrated User, Group, Computer Lookup Functionality

Security Agent Provides Desktop Antivirus Provides Scheduled AV Scans and Definition Updates Provides Program Permissions (L-S Does Not Use This) Zero Client Configuration Required When Deployed through Console Correctly Resolves AD Group Membership and Usernames

Thank you!

Act 48 Code:BL182085