DSI INTO THE DISTRICT. Essentially, anyone connecting to DSI as an Internet user, could theoretically access any data inside the District. Furthermore, any user on the Internet, could theoretically gain access to the District via DSI’s Internet connection.
Many would counter that a router can replace a firewall. A router’s primary job is to control the flow of traffic through it. Most routers have very limited firewalling capability, and that capability almost always has a negative effect on the usage of the network by the users.
Firewalls should be completely unobtrusive to the user on the network. Users should have no idea that a firewall is there, in that it’s presence does not slow access to the Internet, nor does it prevent them from utilizing resources that are available. It should be transparent to traffic going out, however, it should be a solid brick wall to traffic coming in.
There are many schools which are connected to the Internet via a dial-up phone line, and WinGate software. This is not at all secure and provides multiple entry
points into the District Wide Area Network.
Recommendation:
1. The District should spend considerable time and effort re-evaluating their Internet connectivity with respect to their firewall situation. A Firewall should be purchased, and put in place at the very minimum between the network at DSI and the school system network. This should be one of the highest priorities.
13.2 Proxy Servers
Bandwidth is always going to be an issue to schools, and one way of making the bandwidth problem a little easier to deal with is by using a tool called a proxy server.
A proxy server is a computer that sits between a user and the Internet. It’s primary job is to provide better access to Internet resources than the standalone can pro- vide itself. Essentially a proxy server stores requests from various users, and feeds them out as required. A standard Internet connection involves a workstation that goes out onto the Internet and downloads information. This works fine at home, however, at school, there are many times when multiple users need the same infor- mation. So in normal circumstances, if a user at one workstation goes to www.yahoo.com, that workstation goes out onto the Internet, and downloads www.yahoo.com. Then if a second workstation also needs www.yahoo.com, that second workstation also connects to the Internet, and downloads
www.yahoo.com. To take it a step further, if you have a Lab of 30 computers, and the teacher asks the students to go to www.yahoo.com, there are 30 requests that go out to the Internet, and 30 times the site www.yahoo.com is downloaded across that single Internet connection.
A proxy server is a computer that sits in between all the rest of the computers and the Internet and stores any content that is requested. So to take the first example, if a workstation requests www.yahoo.com, the workstation actually asks the proxy server for it, and the proxy server goes out into the Internet and grabs www.yahoo.com. Then it sends it down to the local workstation. The advantage of this system is that if another workstation also wants www.yahoo.com, it is served immediately from the proxy server, thus avoiding a duplicate connection over an already busy Internet feed. As an added bonus, if the proxy server is on the same
Local Area Network as the workstation, the workstation gets the data incredibly fast. To take it a step further, if 30 machines all request www.yahoo.com, the proxy server sends out a single request for www.yahoo.com, and then feeds the re- sponse back to 30 machines. This makes even a slow Internet connection appear to be quite fast.
To take it yet another step further, in a school system, the best setup would be a cascading model. So, you would have a proxy server at the central office, where the main Internet feed came into the system, and a proxy server in each site. So, if you are a student in Notre Dame Elementary school, you would connect to your local proxy server, which would then connect to the District proxy server, which then connected to the Internet. With this setup, if any student, anywhere in the Dis- trict visits a particular web page, it is cached at the District level. Then if a student in any other school wishes to access the same content, their request does not make it out to the Internet, thus saving the bandwidth for other applications. Their request is served right from the District proxy server, out to the school proxy server.
The District has been using the proxy server technology for a little while now. It works very well, it’s very stable and robust, and makes Internet access seem quite a bit better than it actually is. The Technology Department deserves all the credit for making this system work as well as it does.
Recommendation:
1. Nothing at this point in time.
112