Case Study: Using hardware and software firewalls to provide protection against hackers

Cheltenham Ladies College’s hardware and software firewalls provide protection against hackers while reducing the chance of...

Cheltenham Ladies College’s hardware and software firewalls provide protection against hackers while reducing the chance of offensive material from the Internet reaching the students

Founded in 1853, Cheltenham's Ladies' College flourished under the principle that the education of girls is as important as that of boys. Today, the college has over 830 pupils, aged from 11-18, and is one of the most famous boarding schools in the world. The use of IT by pupils has been given a high priority in recent years and is integrated into college subjects throughout the curriculum. Given the educational opportunities offered by the Internet and the college's commitment to IT, it was inevitable that the college would want to give students Web access to help with a variety of educational tasks.

Robert Homan, a teacher at the college, was given the responsibility of handling the introduction of the Internet. "Certain issues were uppermost in our minds," he said. "One was how we would protect the students from unsuitable material. We are in loco parentis and we have to make absolutely sure that they don't view sites that we would consider undesirable and potentially harmful to them, while, at the same time, allowing them the access they need. Another important issue was how we would protect the network as a whole from hackers."

Although not from a technical background, Homan was given training by security experts, Wick Hill, in the basics of risk assessment as well as the day to day running of the software and hardware firewall and data security elements.

The network at the college consists of some 250 PCs running Windows 95, supported by 10 Windows NT servers on a 10/100 Mbit network. The network is connected to the Internet via the university network SuperJanet. The college's boarding houses are linked to the school network through a remote access server.

The college's approach to security was twofold. Firstly, it was decided to install a firewall, the mainstay of any form of network security. Secondly, a security policy was formulated with a clear message about what was and was not allowed, and this was communicated to all those using the network including administration staff, teaching staff and pupils. Parents were also made aware of the security policy and actively involved with it.

The WatchGuard SchoolMate Firebox chosen by the school provides data security and is completely separate from the school's network. The firewall software is located on the Firebox (the hardware element of WatchGuard), which sits between the network and the outside world forming a physical barrier. As there are no log-on facilities on the firewall, it is exceptionally difficult for hackers to get past it and access the network. This arrangement provides a much higher degree of security than a traditional software-only firewall, which resides on an organisation's network.

Besides the standard WatchGuard software, Homan chose a number of additional options. One was historical reporting, which provides reports on all sites accessed, details how long they were accessed and who accessed them. This helps to deter anyone from trying to use banned sites, as the reports will show exactly what they have done. Other useful reports include the "Suspicious Activity" report, which warns of any attempted security breaches and exception reports, which list denied connection requests, reboots, scan attempts and other activity logged by the firewall.

Homan also chose the web-blocker option that allows certain categories of website to be blocked. Examples of the type of sites blocked are satanic/cult, e.g. any material advocating devil worship, violence/profanity, material containing frequent use of words commonly accepted as profane or obscene and drug culture

A firewall in itself is not enough when it comes to security. A proper security policy and other measures are necessary. The college has a very comprehensive policy that is communicated to and understood by administrators, teaching staff, pupils and parents alike.

Future Plans

Cheltenham Ladies' College is still at a relatively early stage in using the Internet. As Homan states: "The potential isn't anywhere near being realised yet, but we plan to use it much more in the future." Homan also foresees the college establishing online links with other schools over the Internet, e.g. with French schools that will give excellent language practice.

Whatever future use the college makes of the Internet, the solid and thorough preparations already taken to ensure security will stand it in extremely good stead when it comes to protecting the students and the network from harm.

Compiled by Will Garside

(c) Wick Hill 1999

Read more on IT risk management