Six Rules for Safe Schools

October 20, 2017 Emily Davidson

If you’re an IT professional, and also a parent, you already know that kids are more connected than ever. At school, these connections push educators to rely on the same technology to transform learning experiences from traditional, chalkboard, one-lesson-for-all instruction, to an on-demand format that students can absorb from anywhere - and even customize to their unique learning style.

However, education IT budgets are tighter. Districts’ technology infrastructures are caught in the middle, requiring K-12 IT administrators to literally do more with less.

Access to libraries of digital content provides teachers a wealth of individual lesson plans that effectively support each child’s learning style. Using the internet, students gain access to the information and sources needed to work independently, or in a group, and submit their own work.

Even though relying on the internet for education opens the door to learning, it also opens the door to risk. Students, faculty, administrators, contractors and parents create a user base at the school with mixed demands – increasing the chances a threat will get past the network.

What K–12 IT administrators need is a network and information security solution that is effective, high performing, flexible and easy to manage.

The use of networks to deliver instructional content cuts materials costs and improves the uniform availability of top-tier curricula. But many of these programs — such as those using video content — require unimpeded high-speed connections. When those connections are slowed by extraneous use, some of that value is lost. Increasing bandwidth just shifts the costs and sets the stage for more problems down the road.

Online administrative tools simplify implementation of district-wide programs and policies. They enable anytime, anywhere access to resources and communications for faculty, administrators and students. But the proliferation of mobile endpoints and the management of access levels can quickly present a challenge.

Since so much of this functionality is browser- and internet-based, the traffic can seem like one giant stream. But blocking ports to address threats can seriously impact productive use of the systems.

Wireless access has become a lifeline to faculty members and their students. But wireless connections — intended to allow quick and easy access to the network —are vulnerable to intrusion and, because access points are physically distributed, management can be difficult.

Overlaid on the security concerns of K–12 IT administrators is an extensive regime of regulations. Central to this is the Children’s Internet Protection Act (CIPA), designed to protect minors from inappropriate content.

Whether a child is just entering school, or becoming an independent teenager, parents rely on IT administrators to regulate internet access and the types of content available for students. Even the private sector weighs in here with liability issues regarding the transfer of copyrighted content.

Districts must take all reasonable steps to satisfy these regulations. In fact, they must be able to demonstrate their compliance, which requires management tools that allow for deep visibility into network activity and detailed record-keeping.

However, K–12 districts simply do not have the financial resources to make IT security their first priority. This is not just a matter of buying new equipment or services. Any new equipment also requires deployment.

In order to achieve a high level of security without impacting the user experience, IT teams must make sure traffic is thoroughly scanned with minimal latency

To meet these requirements, multi-gigabit throughput rates have become standard for Next-Generation Firewalls, or NGFWs.


  1. Legacy features: An NGFW includes all standard capabilities found in a first-generation firewall i.e. packet filtering, stateful packet inspection, network address translation, and high availability.
  2. Integrated IPS: Effective intrusion prevention systems require advanced capabilities to combat evasion techniques and enable scanning and inspection of inbound and outbound communications to identify malicious or suspicious communications and protocols.
  3. Application intelligence and control: Application awareness and control includes protocol level enforcement, full-stack visibility with granular application control, and the ability to identify applications regardless of port, or protocol being utilized.
  4. Extra-firewall input: User-ID awareness enables administrators to enforce application policies based on AD user/group (without having to trace IP address to user ID), adding insight into usage and traffic.
  5. Adaptability: Another important capability of NGFWs is the dynamic adaptation to changing threats. This means devices must be updated constantly with new signatures to stop threats, and stay on top of the evolving malware landscape.
  6. Payload scanning and performance: All of the above requirements demand full payload scanning at optimal throughput rates in order to avoid having to sacrifice security for performance.

For effective threat protection, organizations need best-in-class firewall and intrusion prevention - without the complexity of managing separate appliances, GUI’s and deployments.

NGFWs with intrusion prevention capabilities deliver enterprise class resistance to evasion, powerful context and content protection capabilities as well as comprehensive threat protection and application control in a single integrated device.

For example, an NGFW enables utilization of YouTube for Schools, offering students structured access to YouTube’s educational content while blocking recreational access and content.

Learn more about Dell SonicWALL solutions for K-12 here >>

Previous Article
Why Infosec Pros Should Keep a Close Eye on Cyber Efficiency
Why Infosec Pros Should Keep a Close Eye on Cyber Efficiency

Next Article
Mobile App Mismanagement
Mobile App Mismanagement