A New Jersey public school system found a way to serve increasing broadband needs, while protecting its network, reports Greg Masters.
Brick is a township on the central New Jersey coast which is bordered on the east by three beaches. An inlet, Kingfisher Cove, splits the topography down its middle before emptying into the Atlantic Ocean. While decades ago it was primarily an agricultural area, following development of the Garden State Parkway in the 1950s, the region has become a popular destination for summer vacationers. Almost hourly, trains on the New Jersey Transit's North Jersey Coast Line shuttle passengers between Penn Station in midtown Manhattan and the next town over from Brick, Bay Head, a 2½-hour scenic ride that includes stops in Asbury Park and Point Pleasant.
Brick's year-round residents enjoy a quiet atmosphere that – despite the incursion of chain stores and fast-food restaurants – still maintains an aura of the 1950s, with kids riding their bikes on rural streets canopied with trees that are generations old. In fact, in a 2006 survey extrapolated from FBI statistics, the town was cited as one of the safest places to live in the United States (though the FBI has since refuted the use of its crime statistics in compiling quality-of-life charts).
The township has a population just more than 75,000, according to the 2010 census, and the school district serves 10,000 students in pre-kindergarten through 12th grade. While the environs might make some nostalgic for a more bucolic time, the majority of the population has been swept along like everyone else into the 21st century, keeping up with the latest gadgets and electronics. And, with the explosive growth of digital media used by the students and faculty, Ross Ellicott, manager of network operations for Brick Township Public Schools, has realized that increasing bandwidth was a priority. He went looking for a solution that would alleviate the engorged traffic on the school district's network, while at the same time safeguard the data being transmitted.
“Brick Township has seen extensive growth in the adoption of Flash-based education sites, such as Study Island [test preparation software programs] and Everyday Mathematics [an online curriculum], YouTube teaching and rich interactive- and multimedia-based websites,” Ellicott says. “Simultaneously, students are increasingly taking up bandwidth by connecting to streaming music and video websites, like Pandora, Hulu and YouTube.”
Both students and faculty were taking advantage of an open, wireless “guest” network that had become what he terms an “iGarbage bin” of wireless devices. This strategy was deteriorating the network's internet bandwidth. In addition, there are off-hours events, namely sports, where visitors, coaches, media personnel and other guests require internet access.
“As a result, bandwidth was and still is off the charts, and we found that our firewalls were no longer sufficient,” he says.
But increasing speed and availability on the network was not the only priority. Ellicott and his team faced other challenges as well. Of most concern was that cyber threats have increased.
As cyber criminals can now hack into the network from the application level, the district found that first-generation firewalls were not sufficient to deal with the emergence of application-based threats, says Ellicott (right).
His team found there were many false positives, as cyber criminals managed to send emails that looked legit, but weren't. Eventually, they had trouble detecting which threats were real and which weren't, plus schools throughout the district had difficulty logging into the network to complete their work or lessons. These and other problems threw the day-to-day operations of the school system into chaos – causing his team to work 24/7 to try and resolve the issues.
“Basically, stateful firewalls [a firewall programmed to keep track of network connections so as to differentiate legitimate packets for various connections and block those that don't match a known active connection] to me are dead,” he says. “The attacks that are happening today are emanating from within and going out. It's all botnets and rogue applications now. People try to lure you into clicking on an email, or you pass by a website infected by a virus and you get rogue anti-virus and rogue pop-ups.”
And, his team found that most intrusions were arriving with people using mobile devices. This was particularly alarming as there are technical concerns unique to the education sector. Ellicott's team wondered how these devices were being used. Assuming that most users were students, the question for his team was: How does an unnoticed Droid or iPhone assist in a test-taking scenario?
Plus, from the technical side, these devices have run riot on the network, he says. “It is the struggle of balancing the benefit of the internet versus business compliance and productivity,” he says.