There's a wireless router gathering dust in Bob LaRocca's office. It's yours if you can hack into his network.

First, some background. LaRocca is director of IT security with the School District of Palm Beach County in Florida, where he oversees a network of 60,000 computers in 175 schools and which he says covers more acres than any other school district east of the Mississippi River. Computer security has traditionally been a low priority in the public school system, but that's not the case in Palm Beach County.

That's because a computer breach stung the school system in a very public way two years ago when local papers reported that Jeff Yorston, a student at one of the county's schools, got hold of an administrative password and gave himself an "A" in a French class he never took. He also managed to boost the grades of a few friends.

Yorston was discovered when another student complained that her ex-boyfriend -- with worse grades than she had -- was accepted into the University of Florida while she had been rejected. He has since paid a fine and agreed to state supervision in connection with the charges, according to the Palm Beach Post.

After an investigation, county officials discovered that they hadn't been hacked. Instead the breach occurred because of a leaked password. "One of the administrators lent her password out to one of the students who was working on a project," LaRocca said. "That's what happens when you share passwords. We could put $1 million worth of controls in place, but when I give you my password, all bets are off."

LaRocca says that the grades-changing incident was "a wake-up call for the district," which has now made security a top priority.

Palm Beach County has spent more than $1.5 million over the past two years overhauling systems throughout the county's schools. It has upgraded the county's desktops with antivirus, host intrusion prevention and network access control software from McAfee. Network-based intrusion detection and content-filtering have also been added, and the county is now logging its grading systems, which have much stricter access controls.

The county has also made security awareness a priority, taking steps to educate users about safe online behavior.

And that's where the hacking challenge comes in. LaRocca issued it as part of an April security awareness event held at county schools, setting up a target server that attackers would have to break into in order to claim the prize. This type of "capture the flag" game is popular at hacking conferences.

The IDG News Service is a Network World affiliate.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports