Dec 10 2009
Security

Protective Custody: Tracing Software for Portable Devices Helps Prevent Theft

IT leaders devise defensive mobile computing security strategies to protect students, computers and the educational mission.

IT leaders devise defensive mobile computing security strategies to protect students, computers and the educational mission.

Even though it has about 2,500 notebook computers in use by students and staff, Sweetwater County School District 1 has never lost one of the highly portable devices, says Chase Hafner, director of technology for the Wyoming school system.

“We've come very close, but we have always prevailed with the security measures we have in place,” Hafner says.

Sweetwater School District 1 has tackled a basic challenge shared by school districts across the United States as they equip students and teachers with notebooks, netbooks and handheld devices. Beyond the physical security of mobile computing devices, school systems must also protect the data and networks to which all those devices provide access, says John Pescatore, vice president and research fellow at Gartner. As the number of mobile devices grows, so does the level of vulnerability.

“Whether students are bringing their own computers to school or taking school-issued computers home, there have to be clear policies that they and their parents understand,” Pescatore advises. “Danger to the network grows as more kids have mobile devices, and network access management becomes crucial for the schools.”

Organizations can mitigate the risks posed by mobile computing through a variety of security technologies. IT leaders in education are protecting their computing property through locked wireless carts, laser etchings and tracking software. And to guard those bits and bytes, antivirus software, web filtering, network access control and network segmentation prove instrumental.

Locked and Located

For Sweetwater's Hafner, the first line of defense against loss or theft is simply locked doors and padlocks on the wireless computing carts that carry the notebooks for mobile computing labs in the district's 12 schools. A video surveillance system in the school buildings tracks and records activity near the computer carts around
the clock.

Hafner and his staff can locate notebooks from the carts – and be alerted if any are missing – by using software that scans the wireless network and identifies the devices on it. The district is also piloting a one-to-one computing program in multiple classrooms in grades five through 12. IT protects those devices with Absolute Software's Computrace LoJack for Laptops service, which tracks devices via an embedded software client.

5.4%
The percentage of U.S. schools that have invested in providing computing devices to all students.

Source: Project RED: Revolutionizing Education

“LoJack has been a very valuable tool in cases when a student has thought a laptop might make a nice parting gift when he moved away,” says Hafner, who notes that the district sees an unusually high level of student turnover because it serves the families of oil field workers, who move frequently.

In the mobile computing labs, LANDesk management software augments remote monitoring and device discovery features embedded in the notebooks. Students, staff and teachers log on with a user ID and password; Kerberos encrypted authentication protects the network. IT segmented the district's network into student and staff subnetworks, and another layer of monitoring software allows Hafner and his staff to filter content and track which devices are in use, who is logged onto them, and what applications and files those users are accessing.

“In a school setting, the ‘enemy' is often within – inquisitive students who want to look into places they shouldn't,” Hafner says. “But the great majority of what we do is focused on student safety, which requires securing the network.”

Etched Ownership

In suburban St. Louis, Ritenour School District relies on a mix of high- and low-level technology to help protect 400 Toshiba laptops used as part of a systemwide initiative to enable mobile computing for teachers, according to Fred Harlan, manager of information systems. Following the traditional teacher's admonition that students label their belongings, the Missouri district had its name and logo laser-etched on the cover of each notebook.

“As an extra element of physical security, inasmuch as they're the property of the district, we wanted to manage their physical security carefully and have some control, so we chose to etch them in a very conspicuous way,” says Harlan.

The etched covers on the computers are a very visible emblem of Ritenour's overall security strategy for mobile devices. The emblem also appears on the notebooks and laptops on computer carts in school buildings and on laptops available for teachers to use at home.

Ritenour's IT department maintains physical security of devices by locking them up when not in use and by monitoring the wireless network.

Harlan and his staff also installed software to filter Internet content and to block viruses and malware. As is the case in most school settings, says Gartner's Pescatore, the district uses basic username/password authentication. The network is segmented so that students have no access to the district's financial data or to sensitive information about teachers or other students.

The district has established separate policies for teachers, students and guests on the network, and educating users is crucial to its security strategy, Harlan says.

“We do a number of things from a technology and physical security standpoint, but security starts with user training,” he says. “We also have a philosophy in the district that we're willing to accept some risk because of the value we see in distributing these devices for students and teachers to use.”

Big or Small, Same Concerns

No matter how many steps an IT department takes to protect its devices, distributing tablet computers to thousands of students is “scary,” says CTO Karen Fuller of the Klein Independent School District in Klein, Texas.

Since 2006, when the district began piloting its one-to-one computing program, Klein ISD has provided about 10,000 HP tablets to students and teachers in three high schools and on one intermediate school campus.

Fred Harlan of Ritenour School District adorns the schools' notebook PCs with an etching proclaiming the St. Louis school system's ownership.

Photo: Stephen Kennedy

The district plans to expand its one-to-one program to two remaining high schools in the short term, with a vision to extend the program down to lower grades in the future. Klein currently has 39 schools with more than 44,000 students.

“We've had no issues with them just walking off – the kids respect the devices – but when you've got that many, there are incidents of theft,” Fuller says. “Last year we only had 30 computers not recovered at the end of the year.”

Klein ISD uses Computrace to track computers that go missing, and it also uses the technology to monitor the amount of data on hard drives, Fuller says.

Lausanne Collegiate School, a small private pre-K–12 institution in Memphis, has the same focus on protecting networks and data as would a large public system, but there are fewer concerns about the physical security of devices, says Stewart Crais, director of operations. But that's not because students buy their own mobile computers in grades five through 12, he says.

“We have only about 750 students, and our campus is rather secluded,” Crais says. “We've had fewer than five disappear, and more of those were stolen from teachers than students. The students keep them in their lockers when they aren't using them, and having the computers teaches them responsibility.”

Besides the student-owned computers in the upper grades, Lausanne provides netbooks in its pre-K through fourth-grade classrooms, with a device for every
two students.

Like larger educational institutions, Lausanne divides its network into segments, so that a student (or teacher) misstep into the wrong website or application “can't infect everything,” Crais says. Network access control authentication ensures that mobile devices on the network are properly configured and conform to security policies. The school is migrating to Microsoft Security Essentials for antivirus protection and makes sure the software is installed on student devices.

Although Lausanne Collegiate School has had no serious problems, Crais says the issue of security is on the minds of IT managers dealing with the burgeoning number of mobile devices in schools across the country. Crais is also the director of the Laptop Institute, a summer program that explores the education and technology issues raised by one-to-one and similar computing programs.

“We've been getting requests for more technical topics, especially security, and that's the focus of next year's program,” Crais says.

A More Secure Future?

Mobile security trends that may help schools:
Embedded security from telecom providers: Smartphones are on their way to becoming the device of choice for young people, says Gartner's John Pescatore. In addition, the next generation of notebooks is likely to have built-in 3G WAN cards. With such devices having a single wireless provider, the opportunity arises to centralize filtering and security at the provider level.
One-time passwords: Financial institutions now often use systems in which a user logging in receives a single-use password as a text message on his or her cell phone. The system is inappropriate for young children, but may work for high school students.
Virtualized mobile security: School districts can create virtual environments in their data centers where individual virtualized desktops can run in isolation from the network. Malware and corrupted software are then quarantined on a single VM.

<p>Erik Ostling</p>
Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.