Joshua Block, VP of North American Operations, Cyberoam
Joshua Block, VP of North American Operations, Cyberoam

Pornography. Adult Chat Rooms. Violence. Child Stalking. Hacking. There are millions of websites that house offensive content that minors should not be exposed to, and their presence is compounded by their accessibility.

According to the Journal of the American Academy of Pediatrics, 42 percent of surveyed teens were found to have seen pornography on websites — a full two-thirds of them had come across the content accidentally, possibly through misspelled web addresses, pop-up ads that enter the network via malware or spam mails. What's more, nine percent of the incidents reportedly occurred while the teens were at school.

And it isn't just minors that are being impacted by inappropriate websites. Take the instance of Julie Amero, a former middle school substitute teacher convicted in January 2007 of four counts of risk of injury to a minor. Back in 2004, while working as a teacher in Norwich, Conn., the computer in her classroom started showing pop-up ads containing pornographic images in the seventh-grade language class she taught and 10 students were exposed to the images before Amero could get technical assistance. Experts agreed that the pop-ups were the result of malware programs that hijacked the computer.

What could have saved Amero from conviction and what can save millions of minors from such exposure, are technological measures such as filtering software that controls site access — now, the federal government has stepped in.

To ensure protection of minors, the Federal Communications Commission (FCC) has enacted The Children's Internet Protection Act (CIPA), imposing monitoring and controlling requirements of Internet access in all school districts and libraries.

What is CIPA?

CIPA requires that an internet safety policy be in place for schools and libraries that receive benefits under the Universal Service Support Program, the federal E-Rate Funding or grants disbursed under the Library Services and Technology Act (LSTA), which funds state library administrative agencies that, in turn, support a range of local library services, including the provision of Internet access.

CIPA's technological measures require content filters to not just block objectionable content, but cover the safety of minors when using electronic mail, chat rooms and other forms of direct electronic communications, hacking and other unlawful activities as well as the unauthorized disclosure, use and dissemination of personal information regarding minors.

The discounts are related to internet access and connections, maintenance of the connections in addition to telecommunications services to eligible schools and libraries.

Is filtering enough? The Need for unified threat management

In the unfortunate incident described above, Amero and her supporters say that the old computer lacked firewall or anti-spyware protection to prevent the pop-ups. With blended threats using multiple protocols to enter the institution, the mere act of blocking objectionable sites did not prevent exposure.

Educational institutions, like enterprises, need to go beyond just filtering and have complete security in place to protect users against blended threats like spyware, phishing and more that undermine the institution's capability to meet CIPA guidelines.

Complete protection lies in installing not just filtering software, but a complete set of security solutions that include firewall, anti-virus, anti-spam, intrusion detection and prevention in addition to content filtering, which can often be found by looking to unified threat management (UTM) approaches. UTM solutions provide the comprehensive coverage, in terms of completeness of security solution, cost and ease-of-use to schools and libraries struggling to overcome this challenge and maintain a vital federal funding source.

User identity: key to monitoring

With CIPA allowing full access to adults, offering blanket controls over offensive content makes the solutions cumbersome to handle where flexibility to accommodate adult requests is required. In fact blanket policies cannot allow for the differences in access requirements amongst students, let alone students and faculty.

Secondly, there is the issue of CIPA requirement for monitoring of user activity. With multiple users sharing limited number of computers in schools and libraries, reliance on IP addresses rather than user names makes identification of individual users impractical. Same holds true for users connecting their laptops to the institution's Wi-Fi network and the resultant dynamic IP address scenario.

Blanket policies, thus, are just a half measure that merely address the surface issue of keeping certain offensive content away from school premises, but stops well short of providing the user information that can create patterns of usage and form the basis for instant security action, as CIPA requires.

A user-based solution would enable schools and libraries to assign policies based on the user requirement and set temporary or permanent policies to groups or individual students who require access to sites that are normally blocked. In addition to creating lenient policies for faculty and administrators, it can recognize frequent visitors among adult patrons and assign individualized policies on login, eliminating the need for daily manual intervention. Such a solution recognizes users logged anywhere in the network, allowing them personalized internet access policy.

By identifying the users within the network, even in Wi-Fi and DHCP scenarios, it allows administrators to zero in on harmful activity within the network instantly. In addition, this approach can instantly identify internal users indulging in activity that is harmful to fellow students like cyber bullying or anything that may compromise the institution's network itself.

It's for these reasons that Pascack Valley, a N.J. school district, turned to a user-based approach to address the challenges it was facing in responding to stringent CIPA requirements. Having introduced laptops and wireless access to its students, Pascack Valley implemented an identity-based security system that would allow students to carry their own personal internet access policies anywhere within the school network. With the identity-based UTM, Pascack was able to define access policies based on the student's level of required Internet access no matter how or where they logged into the school's network. In doing so, Pascack retained full academic flexibility while enjoying complete security.

True protection to students is afforded when schools and libraries look at the short-term, as well as the long-term implications of internet access. While mere blocking access can control the problem in the short-term, it takes continuous monitoring and user name identification to build a pattern of usage and adjust policies accordingly to offer long-term safe internet practices that comply with CIPA.

— Joshua Block is vice president of North American Operations for Cyberoam