Spam, viruses, the wilds of the Internet—the bad seeds of technology— hold few surprises for Scott Sexsmith. That’s why this chief management information officer at the Capistrano Unified School District in South Orange County, Calif., was shocked to learn that a nearby school district lacked a firewall, antivirus protection and content filters.
“To me, it’s amazing that they could still be operating that way,” he says.
Luckily, such schools represent a very small minority. Most technology professionals—in all fields—devote a disproportionate amount of time to fighting the spam, viruses and objectionable Web sites that drain their resources. In addition, the Children’s Internet Protection Act of 2000, which requires schools and libraries to block inappropriate content from minors, makes Web and e-mail filtering an even higher priority for K-12 schools.
“The challenge is getting your hands around the Internet, which is extremely daunting,” says Ben Startzer, executive director of technology at Mesa County Valley School District 51 in Grand Junction, Colo.
Daunting doesn’t begin to cover the immensity of the challenge. With an estimated 81,000 or more viruses in existence, spam making up as much as 65 percent of e-mail and the number of Web sites constantly doubling, words cannot adequately describe the problem. As a result, school IT professionals deploy an armory of strategies to keep inappropriate content off their networks. Redundant content filters, they say, play an essential role in keeping networks safe and under control.
Spam: Enemy No. 1
Because spam continually clogged the network at Mesa Valley, Startzer says, the school district implemented a strict policy this year: The district’s 20,000 students cannot send or receive e-mail outside its network of 41 buildings.
Spam also troubles Sexsmith. At Capistrano, a district that consists of 55 schools, 4,900 staff members and about 50,000 students from 11 communities, spam constitutes one-third of all e-mail. After installing a product that blocks peer-to-peer networking and filters e-mail, Sexsmith analyzed one day’s e-mail coming into the network. Of the 10,594 e-mails received, one-third—3,486 messages—were spam, and 40 percent of the spam carried some form of virus. That’s nearly 1,400 potential threats to IT security.
The problem is that most spam tools are reactionary: They tend to look for characteristics that identify spam. However, spammers are constantly finding new ways to thwart the filters. “For every fix we put out to safeguard our kids, there’s an alternate to that fix,” says Startzer.
Virus and Web Filtering
In addition to fighting spam, many districts are also looking at better ways to limit student access to inappropriate Internet content.
When Mesa Valley first started Web filtering, the district used the basic filter provided by its Internet service provider. Unfortunately, it didn’t take long for students to get around it. For example, to evade the filter, students would visit sites that let users access other Web sites anonymously, Startzer explains.
In June, Mesa Valley upgraded to stronger Web filtering software that regularly tracks sites that cloak identity and adds them to its blacklists. In addition, the district has created its own blacklists, which include sites that appear on lists designed specifically for schools. The district also blocks entire categories—topics such as gambling, pornography and violent-themed sites, Startzer says.
A few months before it installed the new Web filter, the Mesa County Valley district also upgraded its antivirus software. Now, instead of merely identifying and cleaning infected files, the antivirus software pinpoints which machine is spreading the virus.
Yet, Startzer notes, content filtering is a long battle that isn’t likely to end anytime soon. “It will be a priority for us for years to come,” he says. “We’re willing to fight the fight.”
Melissa Solomon is a business and technology freelance writer in New York.
• Install antivirus protection on all fronts—mail servers, gateway servers, firewalls, desktop and notebook PCs, and wireless devices.
• Block users or domains that are infected with mass-mail worms.
• Reject senders who refuse to authenticate their address.
• Remove attachments (including the .vbs, .exe and .bat file formats) automatically when messages come into your network, since that’s where viruses commonly hide.
• Lock down antivirus protection centrally so users can’t turn it off, and set regularly scheduled virus scans and updates on all computers.
Shutting Down Spammers By Garth Bruen
The best way to stop spammers is to hit them where it hurts—in the wallet. The goal is to increase the spammers’ cost of doing business by shutting down their Web sites and forcing them to spend money to register new sites.
Internet registrars, companies that register domain names, often ignore requests to shut down spammers. However, they are required to maintain customer contact information, though spammers often provide false information. Each registrar must publish the name, address, phone number and e-mail of Web site administrators.
Here’s how to stop spammers in their tracks:
1. Determine whether the e-mail is spam. If yes, proceed to step 2. If no, use the unsubscribe link in the e-mail.
2. Look up the contact information. Search the e-mail or the HTML source code for the link to the Web site that is selling the products or services. Then go to a public Whois site, such as geektools.com, samspade.org and internic.net. There may be as many as four types of contacts: registrant, administrative, technical and billing.
3. Send an e-mail to the site’s contact(s). Use the contact information you just found; do not reply to the spam e-mail. Forward a copy of the original spam you received to the site’s contact with a polite but firm message requesting that the spam stop and that your e-mail address be removed from their database and e-mail list.
4. If, as is more than likely, your e-mail bounces back, file a complaint with Internic. Go to internic.net, select Whois Data Problem Report, and fill in the required fields. Internic will send you a confirmation e-mail. You must click the confirm link in the e-mail to file your complaint.
If your e-mail to the spam site does not get bounced back, resend the request each day until you get some kind of response. If you continue to get spam from this site, keep sending it back to them.
Keep track of sites you have filed complaints against, and after two or three weeks, check on their status. (A Whois report usually has a status field.) Entries of “active” or “production” mean the site is functioning normally. “Registrar-lock,” “registrar-hold” and “canceled” mean that your complaint was taken seriously, and the spammer will probably be shut down.
If you have filed a complaint and the site is still listed as “active” with the old, inaccurate information, file another complaint until the site is shut down or the contact is changed.
Forward the e-mail to the Federal Trade Commission at firstname.lastname@example.org. You may also “blacklist” the advertising domain. This is a published list of domains that administrators use to block unwanted traffic.
Garth Bruen is a workflow developer in Boston at MassHousing, an agency of the Commonwealth of Massachusetts.