Hardly a week goes by when you don’t hear a story about a school computer system being hacked. From New York to California, hackers are infiltrating networks and violating the security of K–12 district systems.
These violations range from so-called harmless pranks to much more serious offenses. In the recent case of a group of Long Island high school students, a wholesale attempt to change the grades of students was detected. The outcome: third-degree burglary, tampering, identity theft and more charges that are sure to haunt these teenagers’ future.
In Berkeley, racist threats appeared on library computers at a high school. As of this writing, the culprits have yet to be nabbed. They are faced with hate crimes, terrorism, and much more if and when they are caught.
It’s serious, any way you cut it. And just as the consequences of hacking haunts the futures of the hacker, school IT directors and administrators are haunted by the possibility that their district might be next.
Before I get too far here, remember this absolute: no computer is 100% secure. The simple act of connecting a computer to other computers on a LAN or the internet creates this danger. No computer system is unhackable. Anyone who tells you their software, service, or system is 100% secure is lying or terribly uninformed.
Also remember that there are many safeguards you can take to protect your website and networks. It may be as simple as a stronger password policy, or using some third-party tools. Or it could involve a look at the processes you have in place and some steps you can take to strengthen those. For a complete rundown of the things your school should be doing, download this checklist for preventing your school website from being hacked.
Editor's Note: SchoolNow itself came under a brutal DDoS attack for days, and we never had a clue why. More times than not – unlike unethical students wanting to change grades, or hate mongers trying to spread fear – the reason and the attacker go undiscovered.
So why would someone want to hack your website? Maybe a disgruntled ex-employee or student wants revenge. Is your server so open that any low-level hacker can steal your resources to pirate movies? Is a foreign cyber gang looking to steal parent information to order new TV's for the black market? Most schools never know. Hackers are rarely found or share motives.
Most attacks fall into these categories:
All security starts with understanding your attack surface, which is any component of your system that is open to the internet. Most services on servers are set to listen for incoming internet connections on a port. Ports are part of TCP/IP, which runs the internet. On most web servers, the following ports might be open:
Not all servers use all these ports, although all web servers use port 80, 443, or both. The attack surface for your school is comprised of the ports that are open on the server. If you host with a third party, the hosting server may have some of these ports open.
Think of ports as windows. Some windows are wide open, and some have bars. We need your school to have bars on the windows. If you host your own site, running your DNS, email, and web site on the same server is risky. Here’s a helpful article on proper DNS set up for your school.
A single failure could take down all the communications channels depends on – website, email, voice, emergency notification and more. If you host with a third party, check that they spread their services across several servers.
Your goal is to secure your systems and websites as much as possible (and keep your district out of the news for the wrong reasons).
For a detailed checklist on how hacking safeguards for your school, download this guide on how to prevent your school website and networks from being hacked.
Security is a journey, not a destination. You must test, retest, and review your systems and setups on an ongoing basis. There is no "set it and forget it" security setup for your school or website. Hackers are always on the prowl, and we all need to be ready.
Remember that no system is 100% secure. For you Mission Impossible fans, you might recall that even the CIA couldn’t keep Ethan Hunt from hacking into the un-networked computer in the vault. Starting with these simple steps, you can keep your school systems safe, and prevent hacked school websites.