The CRDG at University of Hawai’i is CIPA compliant – in just one click. 

GUEST COLUMN | by Mark Yap

[Ed. note: Mark Yap, IT Manager of the Curriculum Research & Development Group (CRDG) at the University of Hawai’i at Mānoa was faced with a challenge: the CRDG was required to secure segments of its network for compliance with the Children’s Internet Protection Act (CIPA) for students in grades K-12, but required different filters for different kinds of users. Also, protecting its network from increasingly complicated blended threats in the form of intentional and unintentional intrusion attempts, plus Denial of Service attacks, was also required. For that, CRDG sought a solution that was flexible and could distinguish filtering constraints for education.]

At CRDG, we cater to the educational community locally, nationally and internationally by conducting research to support education programs that cater to students, teachers, parents and other educators in grades pre-K-12. When CIPA was first signed into law in 2000, all K-12 schools and libraries in the United States were required to use Internet filters to protect children from harmful online content. In order to be CIPA compliant, Web and Application Filtering mechanisms are employed to provide selective web and application access to Internet users. This is primarily required to safeguard users against malicious, harmful and unproductive content on the Internet.

What is unique about our situation at the University of Hawai’i is we that we require different filters for different kinds of users. For instance, there is a specific level of restricted access for students, which eagerly abides by CIPA regulations. On the other hand, the faculty needs more liberal Internet access for carrying out their research and other purposes. For them, basic policies that protect against harmful content over the Internet suffice.

We had worked with other Internet security vendors in the past, but they didn’t understand the education market. They had very poor customer service and weren’t willing to make changes to their systems or accommodate our feature requests.

On the other hand, Cyberoam – our vendor for this project – understood that a “one-size-fits-all” approach to filtering web content simply wouldn’t work for us at the University of Hawai’i-CRDG. We decided to deploy two (2) CR 2500iNG in Gateway Mode to create our filtered, private network. The appliance was easily installed to customize content filtering by using identity to create policies. This was in accordance with the University’s belief in adjustable, granular filtering by grade level as well as separate filters for faculty and staff. One application that my team found helpful is the YouTube Education Filter, which distinguishes between the YouTube for Education traffic and other YouTube traffic.

The Web Filter we chose to use is one of the most comprehensive URL databases with millions of URLs grouped into 82+ categories. It blocks access to harmful websites, preventing malware, phishing and pharming attacks in addition to undesirable content that could lead to legal liability and direct financial losses. The Application Visibility & Control with Layer 7 policies and reporting prevents data leakage and sophisticated application-layer threats, such as botnets. This feature supports business applications, secure collaboration, Cloud and SaaS deployments with Layer 7 and Layer 8 identity-based policies.

Our new, unique identity-based security gives real-time visibility into the online activity of students based on their usernames rather than IP Addresses, which gives my team insight into who is doing what in the network. All sites blocked under CIPA will be shown in the reports under blocked sites together with the user name, so all potential violators can be spotted and reformative action can be taken to foster a secure and better online community.

No other security solution provides CIPA compliance in a single click. With our chosen solution, however, the administrator just has to enable the CIPA Compliance check box and the objectionable content for children is safely blocked. In other solutions, it entails multiple clicks and in turn, it becomes tedious for the administrator to individually act on each inappropriate category.

One issue we had is that the University uses Apple’s Open Directory (OD) to store and organize information about our networks’ users. At the time, Cyberoam did not have previous experience in working with Apple’s OD Architecture. However, they were able to work with Apple engineers to figure out how the appliance needed to communicate with OD. The company’s co-operation and flexibility in catering to our needs was commendable, and the continuous, on-time and efficient support was unprecedented.

When it comes to reporting, the sophisticated On-Appliance Monitoring and Reporting mechanism help me and my team perform timely and accurate assessment of all network activity in the entire CRDG department.

—

Mark Yap is the IT Manager of the Curriculum Research & Development Group (CRDG) at the University of Hawai’i at Mānoa.