Every school has its own individual needs, wants, architecture, budgets, hardware etc. N4L has designed Secure Access to empower schools with a tool that streamlines network security in a consistent, concise manner while maintaining the flexibility that schools need.
By utilising a ‘never trust, always verify’ model, Secure Access strives to create a safe education environment for students and staff without negatively impacting learning outcomes.
Never trust always verify, refers to a security strategy that instead of assuming that everything inside the school’s network is safe, the model requires verification from everyone trying to access resources on the network, regardless of whether they are inside or outside of the school’s perimeter.
- Enhanced security: by segmenting the network, if a cyber-attacker or malware gains access to one segment, it’s more difficult for them to access other parts of the network. For example, if a student’s device is compromised, the malware might be contained within that segment and not spread to administrative systems.
- Granular control: segmentation gives schools/IT administrators the ability to adjust filtering policies to match the needs of a specific group. For example, staff and students may require different filtering policies or a school may require filtering policies per cohort, class types etc.
- Easier troubleshooting: IT security specialists can quickly identify issues and resolve them as they are limited to a particular segment, rather than the entire network. This can lead to reduced downtime and improved network efficiency.
- Isolation of guest access: schools often provide guest access for visitors, PLD providers, or guest lecturers. Segmentation allows these users to access the internet without compromising the internal school network.
- Flexibility in network design: as school needs change or new technologies are adopted, network segments can be easily modified, expanded, or merged without affecting the entire network infrastructure.
Security
Most cybercriminal tactics will be aimed at the end user (staff, students) exploiting the human element. Once a foothold is gained the cybercriminal will seek to escalate their privileges (lateral movement).
Lateral movement refers to the techniques cyber attackers use after gaining initial access to a network to move deeper into the system.
For instance, once an attacker compromises a low-level staff or student’s device, they might then try to move to systems or accounts with higher privileges or access to critical resources, ultimately aiming for domain controllers or other key assets.
By segmenting the school network, we can mitigate various cybersecurity risks including lateral movement with the added bonus of not disrupting unaffected networks.
Safeguarding
Secure Access leverages network segmentation to apply granular filtering profiles to specific groups within the school. This provides a flexible approach to safeguard students in the following ways.
- Protection from harmful content: Network filtering can block access to inappropriate, harmful, or malicious websites, ensuring that students aren’t exposed to unsuitable material. This includes adult content, extremist sites, or websites that promote harmful behaviours.
- Protection against malware and phishing: students might not always recognise suspicious links or websites. Network filtering can block known malicious sites or downloads, thus preventing malware infections, phishing attempts, and other cyber threats.
- Maintaining academic focus: by filtering out non-educational sites, especially entertainment or social media platforms, students are more likely to remain focused on academic content during school hours.
- Monitoring online behaviour: while respecting privacy, network filtering allows for the monitoring of online behaviour, ensuring that students adhere to acceptable use policies and helping educators identify potential issues or risks.