SOLUTIONS
Global Chalkboard
Curriculum Tools
    Web Library
    Learning Zones
    Lesson Creator
    BASCOM Lessons
Benefits
    Teachers
    Parents
    School Administrators
    Technology Directors
    Students
Technology
    Guardian
    Accelerator
    Reporting
    Virtual Administrator
    Appliance Option
    Technical FAQs
Literature
    Brochures
    Case Studies
    Whitepapers
Legislation
    NCLB
    CIPA
Education Services

GUARDIAN

Security online shouldn't be any different than a locked file cabinet... One of the chief goals of BASCOM's technology is to ensure that schools are able to maintain their established goals and practices, even in the face of using new Internet technology.

Schools and community organizations have always had the ability to ensure that private information was viewed solely by members of their administration. It was relatively easy to maintain the security of this information when it was recorded on paper files and kept on-site in administrative offices.

Going online should present no compromise to this type of security; this is why the Global Chalkboard includes an integrated firewall along with its other features, all of which ease the technology transition. The Global Chalkboard's powerful firewall software ensures that information on your internal network cannot be accessed from the outside—just like in the traditional model of paper file cabinets.

BASCOM's Global Chalkboard provides high-level security against intrusion: a complete, secure firewall integrated into our total solution for schools. This powerful software prohibits unwanted access into the protected network while still allowing users within your network to receive information from the Internet.

Basic Security

BASCOM has developed a unique approach to Internet security, designed to afford complete protection of your internal network and its sensitive information. This unique approach to firewalling is accomplished through a secure 'multiple LAN' configuration. Each LAN represents a distinct Ethernet interface. This inventive configuration ensures that school networks remain completely closed-off from the outside world, while still allowing them to enjoy all of the Internet services they need. Using three distinct LAN segments, schools are also able to employ public mail, Web service, FTP, or Usenet news servers — without compromising the security of their internal network.

The three LAN solution that maintains a school's security is as follows:

  • The Red LAN represents the connection to the Internet. There is no restriction on the information contained within this LAN.
  • The Blue LAN, the network containing your most sensitive information, is completely protected behind the firewall. TCP/IP packets with originating Blue LAN addresses can receive mail from the Amber LAN, and can request the BASCOM Global Chalkboard to display Web pages on a browser. However, these requests must originate from a packet within the Blue LAN. This configuration thoroughly prohibits access to the internal network from anywhere beyond the firewall.
  • The Amber LAN only allows requests to well-known services while blocking obscure ports to heighten security. It is open enough to pass information back and forth between the Internet and the Blue LAN. Services contained on the Amber LAN can include mail, Web, print, etc.

In this scenario, all information that passes through the Global Chalkboard can only originate from requests within the Blue LAN. Therefore, security is maintained.

Other Avenues

In addition to communication from the protected network, the BASCOM Global Chalkboard allows communication between the Internet and the Amber LAN if using one of the approved services (mail, FTP, etc.). The Global Chalkboard will allow packets to pass from the Red LAN or the Blue LAN to the Amber LAN, if the information request originates in the Blue LAN. For example, if a computer on the internal network requests mail, the Global Chalkboard sees that as a legitimate request because it originated from an address on the Blue LAN. Access is approved and information is exchanged.

No Spoofing Here

Spoofing is a technique whereby a deceptive request is sent from the Internet to a server. It fools the server into thinking that the request originated from an IP address on the internal network; the server thinks the request is legitimate and carries out the request. The Global Chalkboard virtually eliminates the possibility of IP spoofing: if the incoming packet from the Red LAN contains an address from the internal network, the Global Chalkboard drops the request. Thus, no request can appear as if it is coming from inside the firewall when it's really coming from the Internet.

Please Translate

Routers relay packets of information through the giant Web of computers that comprise the Internet. For security purposes, modern routers throughout the world routinely block the passage of packets that appear to be coming from any network behind a firewall. This is accomplished through the use of network address translation.

The three LAN approach that BASCOM has pioneered, alters the originating IP address so that routers will pass requests from behind the firewall. This virtually eliminates the possibility of an illegitimate request being passed through Internet routers.

Other Security Features

  • The Global Chalkboard firewall automatically de-fragments all packets going through the firewall. This protects the computers behind the firewall from so-called 'IP fragment attacks.' It also prevents attacks that try to use overlapping fragments of TCP packets. This security feature stops attempts to get at the information within your protected network.

  • Another firewall security feature, IP packet filtering decides whether packets of information arriving at the Global Chalkboard are allowed to pass. "Stateful, kernel-level, IP packet-level filtering" is employed in the Global Chalkboard. It's a mouthful, but this sophisticated operation works on the concept of forwarding packets based on algorithms. These rules let packets pass through the Global Chalkboard based on the source and destination IP address, source and destination port numbers, and the protocol being transported, among other considerations.

  • An application-level proxy is employed within the Global Chalkboard. This feature is used to disrupt the connection between the Internet and the internal network — a basic firewall principle. Connections are made via a proxy process to a host, that will in turn establish a connection to the destination (if appropriate) and handle communications between the two connections. The advantage of using an application-level proxy is that it can intercept application protocols, such as AOL, FTP, HTTP, IRC, etc., and apply stronger authentication mechanisms to them without adversely affecting the operation of the network.

BASCOM is working continually to ensure that the latest Global Chalkboard continues to meet schools' needs in the area of network security. Stay tuned for more developments in this area.

Copyright © 2008 BASCOM Global Internet Services, Inc.
BASCOM, BASCOM Global Internet Services, Inc., Global Chalkboard, Frontera and Patronus are trademarks or registered trademarks of BASCOM Global Internet Services, Inc.
All other products are trademarks or registered trademarks of their respective companies. Certain uses protected under U.S. Pat. No. 5,987,606. All rights reserved.