A Fortified Network

Queens College reveals their approach to network security.

GUEST COLUMN | by Morris Altman

CREDIT Queens CollegeWith a faculty and staff of 5,000 and student population of nearly 20,000, we here at Queens College, a senior college of the City University of New York, were in need of a way to see and manage corporate assets and all connecting personal and corporate devices. Our network became overloaded with not only a large number of college-owned devices, but the powerful surge of the bring your own device (BYOD) trend as well in recent years. Therefore, we decided to search for a network access control (NAC) solution that would help us better manage corporate assets and monitor our network with complete visibility and control.

Prior to implementing the solution, we had security incident-related network outages that could last a day or more, two or three times per year. We now have almost 100 percent uptime. 

Before our NAC deployment, we really didn’t have an effective way to accurately estimate the number of devices connecting to our networks, such as desktops and laptops. Having the ability to identify and classify these endpoints was a critical goal in improving our school’s network security. Even more importantly, we had a dire need to securely manage personal and mobile devices campus-wide that were accessing our computing resources.

In the early 2000s, our IT team turned to ForeScout CounterACT, a next-generation NAC solution, to help protect against the onslaught of advanced persistent threats (APTs) and propagating worms. At the time, these worms would infect hundreds of computers, often bringing our entire network to a crawl.

However, once we deployed this solution, we were able to identify and isolate any infected machines, which decreased immediately from hundreds to only a handful. Users with infected machines were automatically notified about the problem and instructed to call our help desk, and we were then able to resolve the issues in less than a day with minimal impact on our students, faculty or staff.

Because we had such positive experiences throughout the initial implementation, we expanded our solution to provide visibility into all devices accessing our network, improve asset management and continuously monitor and mitigate threats and security exposures. On top of this, we’re realizing the benefits of flexible policy management and enforcement, improved network uptime, and help desk savings through the adoption of automated processes and strong security software interoperability.

Since the NAC implementation, we have achieved unmatched real-time visibility. Our networking team can see, for example, what versions of software and operating systems users are running on their devices. Specifically, we’ve even been able to identify that we have about 6,000 wireless and 5,000 wired endpoints at any given time. Having this visibility also offers us insights for enterprise asset management. For instance, I work closely with the asset management team lead to notify them of missing plug-ins for managing devices.

This solution has provided us with network control capabilities to block unauthorized and noncompliant users. We use the appliance to enforce policies, such as resolving take-down notices for music and movies with copyright violations being downloaded from peer-to-peer software. Such downloading is in direct violation of the Digital Rights Millennium Copyright Act, so this policy helps us remain compliant.

We can also block unauthorized applications from running on the network and allow the IT teams to notify users when their machines are lacking up-to-date software. This indirectly assists with Family Educational Rights and Privacy Act (FERPA) compliance — by keeping all endpoints up-to-date, we reduce the risk of information disclosure.

The appliance has provided us with IT time savings through its automated approach as well. With it, the help desk now knows about issues, many times before the user does, and calls them first to solve any issue quickly and conveniently.

Another major benefit we’ve realized since our NAC deployment is significantly improved network uptime. Prior to implementing the solution, we had security incident-related network outages that could last a day or more, two or three times per year. We now have almost 100 percent uptime.

More recently, we’ve leveraged ForeScout’s ControlFabric technology to integrate CounterACT with FireEye, which allows us to easily identify and quarantine advanced persistent threats (APTs). Being vigilant with updating signatures and reputation lists, or monitoring for network anomalies, is no longer good enough. With FireEye and ForeScout, we know the details, security posture and activity of all devices on our network, and we can automatically isolate violations, malware and affected systems before anything gets out of hand.

Overall, we’ve gained immense technical benefits that have led to our long-time customer standing and positive experience with the organization. One of the most customer-centric companies we have worked with, its technology has vastly improved both our security posture and ability to accommodate the college’s ever-changing mobile and BYOD-driven environment.

Morris Altman is the Director of Network Services and Internet Security Officer for Queens College in New York. Visit: http://www.qc.cuny.edu/

Posted in Uncategorized | Tagged , , , , , , | Leave a comment

Cool Tool | Learning Upgrade

CREDIT Learning UpgradeA Common Core aligned curriculum that incorporates song, video and games, Learning Upgrade’s engaging, web-based lessons bring every student up to grade level in math and English for grades K-8. Teachers are integrating Learning Upgrade lessons into blended-learning environments as well as whole-class interactive lessons covering each Common Core standard, and one-on-one lessons giving each student an individualized path to proficiency. The platform offers lessons created specifically to incorporate a classroom interactive whiteboard or projector. As students complete a course, comprised of 60 lessons, the platform prompts them to repeat low-scoring lessons until they have mastered each Common Core standard for the grade level they are currently working at. Review for previous grade standards are built in as well.  Teachers have the ability to track student progress by standard, allowing him or her to quickly assess each student’s individual progress and ensure mastery. It has incorporated song, video and games in each of its lessons to address various learning styles to ensure every student reaches grade level proficiency, is ready for year-end tests within one school year, and has fun doing it. The program has proven effective in reaching students with special needs, English Language Learners, as well as students with socio-economic issues.  The unique, highly motivating format of music and games that reward students and provide gold certificates for completion has delivered school wide gains in these subgroups. Their web site offers schools 20 completely free student licenses, as well as complimentary site-wide summer school licenses, allowing teachers to quickly and easily enroll students and start using the lessons in their classes. Visit: www.learningupgrade.com.

Posted in cool tools | Tagged , | Leave a comment

Public Cloud vs. Private Cloud?

How to choose the right cloud server and why.

GUEST COLUMN | by Adam Stern

CREDIT Infinitely VirtualNearly everyone agrees on the key benefits of virtual servers — scalability, improved resource utilization, reduced operational costs, instant provisioning, and the ability to quickly expand the server base. But there is no “one size fits all” consensus around private vs. public cloud servers. The selection of a public vs. private cloud depends upon a number of factors.

When considering the transition to virtual servers, educational institutions must prioritize their needs in terms of scalability, cost, security and flexibility, and then make an informed decision regarding the best fit.

When considering a move to the cloud, educational institutions must evaluate these two functionally similar technologies and assess the appropriateness of each for their needs. They must look at the specific applications and processes they want to transition to a cloud-based infrastructure, and factor in security, compliance, cost and scalability before deciding which of the two options aligns most closely with their business strategies. Some educational institutions might determine that specific applications and processes require a private cloud, while others can live in the public cloud.

The primary consideration for any school or college when choosing between a private or public cloud solution is security. With private cloud deployment, access can be actively restricted internally and externally, and firewall technologies can be implemented to protect against external threats. At first blush, a private cloud might seem to provide a better choice for academic organizations that want to enjoy the benefits of virtual servers without compromising security policies or overall system flexibility.

But a closer look reveals that, implemented correctly, the public cloud can be as secure as the most effectively managed private cloud implementation.  While security is an issue in the public cloud, there are new and effective ways to mitigate risk.  Before transitioning to cloud server hosting, it’s wise to check the service provider’s profile and history, and obtaining reference customers in the education sector.

To achieve maximum security in a public cloud server hosting environment, look for intrusion detection and prevention systems (IDPS), which are designed to prevent attacks and extend far beyond traditional firewalls. The better public cloud providers also embrace the concept of “application-consistent backup” as the optimum restoration method in the event of data loss.

Aside from security considerations, educational institutions who do business with financial and health organizations have the additional burden of considering compliance requirements when transitioning to a cloud server. Public cloud providers can offer full compliance with protocols under Sarbanes-Oxley, PCI and HIPAA, but not every provider does – again, due diligence is the byword. In a private cloud, the hardware, storage and network configuration is dedicated to a single company, so compliance less of an issue.

Cost is another key factor when assessing public versus private clouds. Institutions considering virtual servers must not only investigate upfront investment, but long-term expenses as well, including operational costs, maintenance, and application expenses.

With the public cloud, the service provider is responsible for all management and maintenance of the infrastructure, thus eliminating ongoing maintenance and management costs. Private cloud implementation can be cost-prohibitive for many small and midsize educational institutions because of initial hardware costs, while larger schools have the advantage of using their existing data center hardware for cloud hosting.

Scalability must also be considered. Both options offer a degree of scalability. However, the flexibility of public cloud hosting ensures an almost infinitely scalable platform. The pay-as-you-go scalability of virtual server hosting is particularly suitable for schools because it allows them to immediately scale up or down. For organizations that operate their own private cloud infrastructure, scaling will involve additional hardware investment and longer timelines than a similar degree of expansion within a scalable public cloud.

When considering the transition to virtual servers, educational institutions must prioritize their needs in terms of scalability, cost, security and flexibility, and then make an informed decision regarding the best fit.

Adam Stern is founder and CEO of Infinitely Virtual (www.infinitelyvirtual.com) in Los Angeles. Twitter: @iv_cloudhosting

Posted in guest column | Tagged , , | Leave a comment

Acts of Humanity

Consider this for an educational use of Twitter. 

GUEST COLUMN | by M.O. Thirunarayanan

CREDIT FIUThe “Tweet about Acts of Humanity” project is something that I started to encourage people to tweet about acts of humanity performed by others that they know. Parents and grandparents can tweet about the acts of humanity performed by their children or grandchildren. Teachers can also tweet about similar acts performed by their students. Relatives, friends, acquaintances, colleagues, bosses, and others can tweet about the acts of humanity performed by each other and by others that they know.

Educational Uses of Twitter

Twitter is used by educators as an informing tool, meaning that tweets are being used to inform students about approaching deadlines to submit class assignments, projects, and homework. Schools can use tweets to inform parents about school closures, emergency situations, dates for tests and exams, and other school related events and activities. Twitter can also be used to send small chunks of content information in various disciplinary areas such as mathematics, the natural and physical sciences, the social sciences, fine arts, music, and the language arts.

Why Tweet About Acts of Humanity?

The answer is simple. There is a lot of negative things going on in the world and these events and acts are constantly highlighted on TV and in websites, newspapers, blogs, and other media of mass communications; tweeting about acts of humanity will encourage more people to perform such acts and in the long run make the world a better and more peaceful place for all of us.

What are the Various Acts of Humanity?

There are certainly many acts that can be considered to be acts of humanity. The nature of the different possible acts of humanity and the corresponding suggested Twitter hashtags to use when submitting tweets are listed in the following section. I either created or compiled most of these hashtags a few years ago.

Types of Acts of Humanity Suggested Hashtags to Use When Tweeting

Acts of Altruism                                            #altruism

Acts of Bravery                                              #bravery

Acts of Charity                                               #charity

Acts of Chivalry                                             #chivalry

Acts of Compassion                                     #compassion

Acts of Courage                                            #courage

Acts of Dignity                                              #dignity

Acts of Equality                                            #equality

Acts of Friendship                                       #friendship

Acts of Happiness                                       #happiness

Acts of Help                                                  #help

Acts of Heroism                                            #heroism

Acts of Honesty                                            #honesty

Acts of Justice                                               #justice

Acts of Kindness                                          #kindness

Acts of Peace                                                #peace

Acts of Sacrifice                                            #sacrifice

Acts of Tolerance                                         #tolerance

Acts of Truth                                                  #truth

Acts of Unselfishness                                 #unselfishness

All Other Acts of Humanity                         #actsofhumanity


If you choose, you may follow me at Twitter.com/actsofhumanity or just use one or more of the hashtags and start Tweeting about Acts of Humanity that someone you know has performed.

If you have any questions or suggestions, you can contact me via email at: mothiru@yahoo.com

Thank you.

Thiru (M.O. Thirunarayanan) is Associate Professor of Learning Technologies, Florida International University, based in Miami. Write to: mothiru@yahoo.com and follow him on Twitter at https://twitter.com/actsofhumanity.

Posted in guest column | Tagged , , , | Leave a comment

Cool Tool | LearnFit Desk

CREDIT Ergotron LearnFit deskDigital times call for digital-oriented desks. In an age of one-size-does-not-fit-all, Ergotron, a digital display mounting, furniture and mobility products company, announced its first adjustable desk for the education space. The LearnFit™ Standing Desk is designed to support “active learning” to encourage healthy student behavior that leads to physical and academic improvements. With nearly one in three children in America overweight or obese, coupled with significant research positively linking brain development and movement, Ergotron continues to spearhead programs, medical research and new technology to help positively promote better student health, classroom engagement and academic performance in both the U.S. and abroad.

Posted in cool tools | Tagged , , , , | Leave a comment