tech Tech story Story
Bid Adieu to Vulnerabilities
e-Learning in K-12 education, college education, competitive or professional courses have many security challenges.There is a pressing need for solution providers to address these issues By Pragya Gupta, digital LEARNING Bureau
E
-Learning has been realised as one of the biggest tools in the education reform strategies. ICT in education has taken various shapes with the changing time from one sided learning tool to social learning. Today’s Learning 2.0 is out of the conventional e-learning systems based on instructional packets using internet technologies, however, new e-learning emphasis on the use of social platforms like blog, wikis, podcasts and virtual worlds. It is becoming more and more popular as universities strive to cut costs and reach larger students who are adopting e-learning solutions. Considering the huge costs involved in creating and
18
www.digitalLEARNING.in
maintaining courses, security has not yet been considered as an important issue. With the increasing popularity and penetration of e-learning solutions, emerging security risks are making systems vulnerable. Protecting digital content from copying, printing and distribution should become an integral part of content generation, especially when relying on revenue generation for that work. Protection of both the information and the tools are of equal importance. There are number of issues that can create nuisance among practitioners like Secrecy which is one of the key issues. They need to be ensured that objects are strictly accessible to the authorised per-
son and the person they are not granted access to information must not see or modify data or programmes. New grade based examination system has given the need of non-repudiation. It is mandatory to keep track on whenever grades of students are changed and it must be possible to reliably trace who has performed the modification and also deny the person with unauthorised access. e-Learning in K-12 education, college education, competitive or professional courses have many security challenges and there is no single solution, which can address those challenges largely. Sharing solutions, Rana Gupta, Safenet says, “Earlier there were many touch points in education at the backend, inviting paper leaks and information leaks but now only authorised users have access to particular information and data modification. However, the management is important. There are rising threats related to IP, content and applications security for which we offer right management products called Safenet Right Management (SRM) products to manage rights for e-learning. It helps in encrypt the content which is accessible by those who have token to decrypt that can be in the shape of hardware, software or a combination. The youth today is very active on social networking as they use this platform to keep themselves abreast with information and stay in touch with friends, it thus opens up a good hunting ground for Cyber Criminals. According to the Amit Nath, Country Manager India and SAARC, Trend Micro, “Cyber criminals misuse the credibility and popularity of such sites for their own benefits. They could play with users’ personal information in order to commit ID theft. For example: recently, cyber criminals used Twitter as a technique to lure users into
Tech Story
clicking a malicious link. Since Twitter is a trusted source, users may think the email they received is legitimate.” He further suggested that students thereby should realise the significance of the kind of information they are uploading on the web. Personal information such as date of birth, email, job and marital status should not be shared on the Internet as criminals can access such valuable information to steal the identity of an individual. It is also observed that there is a significant increase in traffic to different community blogs or portals. The criminals also have become quite active on these sites. It is also important for users of these community sites to be wary of messages received, even if supposedly sent from friends. With some crafty social engineering, unsuspecting users may visit the first of the fake pages, where they discover they cannot view their video and are told to download an updated version of Adobe Flash Player or another plug-in or codec. A second fake page informs users that the video they were trying to view cannot be shown, making users think nothing has occurred when, in fact, downloading the supposed plug-in imported malware. With the increasing threats, for secure computing and adequate trust and confidence in the electronic transactions, Department of Information Technology, Government of India has come up with the National Cyber Security pol-
icy’s draft and invited stake holders’ response. The draft proposed that the children and small and home users on the internet for criminal, special campaigns are required to promote an acceptable and safe use of information technology. This combines the knowledge of the needs of protection while understanding the power of information technology. In addition, campaign may also be directed to raise the awareness among the parents about the means of helping children to go online safely. Awareness is an important tool for creating secure practices among students and educators. In order to create awareness, Business Software Alliance (BSA) has started B4U Surf campaign where BSA and its partners aim to provide educators, parents and students, information and educational resources to help them understand the dangers that exist online for safe computer usage. BSA is a non-profit association dedicated to promoting a safe and legal digital world. ‘B4U Surf ’ campaign focuses at spreading awareness about cyber wellness including cyber-safety and cyber-ethics among the youth, aged 10 – 18 years. Lizum Mishra, Director, BSA highlighted software piracy, data security, legal liabilities and intellectual property rights management as a security concern for education vertical. Though many bigger educational organisations have software asset management policy but still the penetra-
Intellectual Property should be included in course curriculum of computer science to make students learn new wave of cyber safety and ethics tion of security is not up to the mark. She further suggested that Intellectual Property should be included in course curriculum of computer science to make students learn new wave of cyber safety and ethics. Along with awareness, best security practices and mechanism is mandatory. “It is important for institutions and universities to opt for an enterprise protection mechanism to shield the systems used by their students from any cyber threats. Our Enterprise Protection Strategy combines multiple layers of products and services for intelligent, comprehensive protection against known and unknown threats,” added Nath At the education level, security is equally crucial when we are relying on ICT at a great level. \\
• e-learning- practitioners should ensure the protection of the content, content players, implementation of licence management to facilitate business intelligence • Lower focus on quality and customer orientation • For examination data, protection should be done in real time clock based encrypted hardware so that it can only be opened only on the particular time. • Data protection is a mix of laptop and desktop hardware encryption to avoid leaks. To secure data from physical threats, implementation of transparent data encryption for data sites, filters in servers, web servers and database servers are required.
Rana Gupta Business Head- India and SAARC shared security tips for e-Learning
• Rather than going for the UTM (Unified Threat Management Solution), big organisation should go for dedicated security module and expert staff to handle each for better performance and advance security • e-learning content is delivered as a service in a hosted environment over the cloud. Content protection and subscription protection is required to safeguard revenue. • e-learning content service provider need to use Authentication Token as another factor in addition to user name and password for security.
digitalLEARNING / may 2011
19