Saturday, November 16, 2013

Virtual Education: Security Issues or Just Paranoia?-Part I

In the last post, I hinted that if we are to proceed fully into an immersive, online education environment, we need to consider the question of security because when dealing with the personal records and lives of our students, we have an obligation to protect them not only from themselves but also from those who live on the Internet to cause chaos in the lives of others. The Internet has a been called "the wild west" in the past because any attempts to control it or regulate it in any way has been strongly resisted by those who feel that all information should be free and that personal expression should not have limits on it. This is an understandable point of view when you consider how regulated every hour and minute of our lives are in the real world. However, it does present us with a paradox that needs to be resolved. The Internet is great for the vast amount of information and useful contacts that it provides for those in education. However, it is also a dangerous place because of its very nature. The perceived anonymous nature of our presence on the Internet is really a mirage for those who do not have the skill to keep their identity and the details of their lives known only to those they choose to share with. A simple analogy is if you are in high school and you tell a few friends that you are going to have a small party, what are the chances that through social media the news of that party is going to bring many more people to your house than you expected?
Unfortunately, there are those who live on the Internet who have virtually made their identities unknown or invisible but they do so because they wish to prey on naive people who populate the Internet for their own gain and purposes.

So, how does this have anything to do with online education? Don't online schools have computer people who are network savvy who know how to construct VPN's, firewalls and other security measures? Let me answer that with a story. " A number of years ago I had the task of being a computer site administrator for an education institution. All of our computers were connected to a central server with the appropriate firewalls and even a proxy server in place. We had just designed and posted our first home page for our institution complete with the principal's opening message and a picture of him. Over a weekend a student who attended the school downloaded the necessary code from the Internet to defeat the firewall, delete the picture of the principal and replace that picture with a picture of "Chucky the Killer Doll". He then proceeded to obtain information from the server. He left a message on the start up screen:"Catch us if you can, ha,ha". Although this student knew where to find information for the task that he wanted to do, he really did not know all the details on how networks operate. He didn't realize that a service provider for the school might have backups of activity to the server and the recorded ip addresses of the activity. On the Monday morning, we went into the students class, went up to his desk and said we got your message. He was escorted to the principal and the police were called. As the site administrator I had all the necessary protocols in place that should have made the server secure. Everybody received an education that day! The point is this: If this can happen in a brick and mortar school, would an online school be any more secure?

So what are some possible suggestions for an online environment?
  1. First, any online education institution should take a close look at the security of the LMS that they are using. Are there holes that could be exploited through the use of DoS exploits, bots or even social engineering? In my dealing with students, I have come across brilliant students who understand programming languages, network protocols and forensic computer testing. these students were students who were what we might term "ethical hackers". These are the types that an online education system should hire to keep their systems secure.
  2. Secondly, it would be interesting to take a look at the developing science of Biometrics. The use of the term "private passwords" really is an oxymoron. Passwords are rarely private or kept private because of the advance of password sniffer utilities and other stealth apps that are available on the Internet. What is needed is a single sign-on access that is unique to the biometrics of the person using the online education system. Either the online institution or the student should provide the necessary technology and no access should be granted unless there is biometric verification. One school in California, U.S.A. uses biometrics to enable students to login and write exams. The biometric chosen should be as unique as possible to the individual.
I know this has been a little technical but we all need to truly comprehend how intricately woven our lives have become with the technology we use and its advance. A useful question to consider is: Does technology serve us or do we serve technology? You can see the answer every time a cell phone tower goes down or when we receive a text from someone..

More later ....

No comments: