TECHNOLOGY IN SUPPORT OF EDUCATION
Download
Report
Transcript TECHNOLOGY IN SUPPORT OF EDUCATION
Technology Solutions
Conference
School Security
Network Security
Security Audit
Prevention
Recovery
Security Issues
New Trends
Forensics
2
Prevention
Firewalls
Applications
Servers
User Training
Desktops
Policies
Network
Basic Assumptions
3
Prevention - Firewalls
What data do you want to protect?
Known databases such as student and financial
information
Local databases kept on hard drives
What is a firewall?
Not a content filter
Poor configurations and lack of patch
maintenance very common
Personal firewalls for your home
4
Prevention - Firewalls
Intrusion Detection Software
What is a DMZ?
Web server dilemmas
Placement of server
Access for content management
5
Prevention - Servers
Keep up with server maintenance and
security patches
Nimda took advantage of known holes
Code Red, Polymorphic worms
Subscribe to virus definitions and be
sure to update
Not all virus protection software is created
equal
6
Security - Servers
Remove all generic and guest defaults
after install
Web server hacked via generic login
Check for inactive web modules
They can be accessed and generic setups
abused
7
Prevention - Desktops
A: drive
Vulnerable to infected floppy disks and other
non-authorized files and applications
C: drive
Vulnerable to configuration changes, and
access to restricted resources (students hid
Internet access)
FTP
Vulnerable to downloads of infected files or
other non-authorized files and applications
8
Security & Hackers
Internal Attacks: Students and Staff
Hackers
External Attacks: Internet & e-Mail
Parasitic Attacks: Bandwith, Storage,
Processing
Common Security Issues
9
Internal Attacks:
Student & Staff Hackers
Denial of Service
Web server attacks
Unauthorized Intrusions
Admin server accounts
SASI Id’s
Anonymous surfing
Port 443
10
External Attacks:
Internet & e-Mail
Spamming and Smurfing
Rejected e-mail
e-Mail Viruses
ILOVEYOU, Melissa, Anna K, Sircam
Back Orifice
Worms
Code Red
Nmda
Polymorhic worms
11
Parasitic Attacks
Bandwidth
School T1 used fully 24 hours a day
Wireless access, NYC Antenna & Liverpool
Resource consumption
.exe files
music
videos
games
12
Common Security Issues
Kids used to maintain parts of network –
(ie web server)
Virus subscription not purchased
Security patches not up to date on
servers and workstations
Firewall: None, poorly configured, not
up to date on patches
13
Common Security Issues
Web server inside or outside Firewall
Applications and/or servers not set up
correctly (leaving Guest ID’s,
Anonymous users, FTP)
No disaster recovery and backups are
not rigorous
14
Common Security Issues
No restrictions on desktops for students
Floppy
access, FTP, loading software
No policy for security: escalation, passwords,
etc.
15
Prevention - Desktops
Windows Explorer
Students see all network resources
Right Click
Students can cut, paste, and delete
important files including system
configuration
16
Prevention - Network
Require specific logons
Lab aid giving generic logons so students could
bypass system
Pornography found on C: drive in teachers’ room
Secure your remote access to network
Maintenance done by third parties
Virtual Private Networks (VPNs)
Are your hubs and switches physically
secure?
17
Prevention - Network
Configure your routers with access lists
Check hubs, switches and routers for
web management modules and change
default passwords
18
Prevention Applications
Microsoft Office – “save as”
Can student see network drives?
Microsoft Office and Encarta templates
Students get Internet access and can download
unauthorized Microsoft patches
Downloads of plugins and other software
Programming courses such as C++ and
Visual Basic
Have access to basic network functions
19
Prevention - Policies
.exe files
Slow Internet and/or network performance
Overwhelmed hard drives and network
servers
Passwords
No policy on changing
Fewer passwords for ease of use purposes
“Shoulder surfing” , yellow stickies, etc.
20
Prevention - Policies
Loading software locally
Technical issues – not in “Ghost image”
Printing and application support issues
Copyright issues
Accidentally “blow out” system
Docking home computers
Students running “cracking” programs and
access SASI passwords
21
Prevention - Policies
Disks from home
Technical vulnerabilities
Copyright vulnerabilities
Students doing maintenance
May compromise security intentionally or
unintentionally
22
Prevention - Policies
Removal of access when someone leaves
E-mail, Calendar, network logon, etc.
Early notification of problems such as viruses
What process in place to notify users of new
viruses, etc.
More than one person with key knowledge
and access.
Network backdoors setup
Secret backups and password changes done
before termination
18 months rebuilding system because of no
documentation
23
Prevention – Policies
Enforcement of policies
If practice doesn’t follow policy than
policies are not valid.
24
Recovery
Save to the network
Saving to the C: drive means no backups
Verify that they are done
Who is responsible? Who is their backup?
External backups vs internal
Proper tape rotation
Off-site storage
Periodic backup check before and emergency
25
Recovery
Damaged servers
RAID drives
Maintenance contract or spare drives
Mirrored or backup servers
Hot site
Routers, switches, hubs
Maintenance contract of replacements
26
Recovery
Applications media archived
Escalation procedure to move to
recovery quicker and to limit damages
May need to isolate problem
May need to change passwords
27
Forensics
Log files:
Intrusion detection logs
Firewall logs
Router logs
Server logs
Application logs
28
Forensics
Unique log-ins
Isolate systems
Notify authorities
Print screens (IM’ing, chat, e-mail, etc.)
Terror threat to local HS
Ballad of an e-mail terrorist
Hard Dive recovery
Anonymizer sites
29