Transcript TECHNOLOGY IN SUPPORT OF EDUCATION

Technology Solutions
Conference
School Security
Network Security
Security Audit
Prevention
Recovery
Security Issues
New Trends
Forensics
2
Prevention
Firewalls
Applications
Servers
User Training
Desktops
Policies
Network
Basic Assumptions
3
Prevention - Firewalls
What data do you want to protect?


Known databases such as student and financial
information
Local databases kept on hard drives
What is a firewall?

Not a content filter
Poor configurations and lack of patch
maintenance very common
Personal firewalls for your home
4
Prevention - Firewalls
Intrusion Detection Software
What is a DMZ?
Web server dilemmas
Placement of server
 Access for content management

5
Prevention - Servers
Keep up with server maintenance and
security patches
Nimda took advantage of known holes
 Code Red, Polymorphic worms

Subscribe to virus definitions and be
sure to update

Not all virus protection software is created
equal
6
Security - Servers
Remove all generic and guest defaults
after install

Web server hacked via generic login
Check for inactive web modules

They can be accessed and generic setups
abused
7
Prevention - Desktops
A: drive

Vulnerable to infected floppy disks and other
non-authorized files and applications
C: drive

Vulnerable to configuration changes, and
access to restricted resources (students hid
Internet access)
FTP

Vulnerable to downloads of infected files or
other non-authorized files and applications
8
Security & Hackers
Internal Attacks: Students and Staff
Hackers
External Attacks: Internet & e-Mail
Parasitic Attacks: Bandwith, Storage,
Processing
Common Security Issues
9
Internal Attacks:
Student & Staff Hackers
Denial of Service

Web server attacks
Unauthorized Intrusions
Admin server accounts
 SASI Id’s

Anonymous surfing

Port 443
10
External Attacks:
Internet & e-Mail
Spamming and Smurfing

Rejected e-mail
e-Mail Viruses


ILOVEYOU, Melissa, Anna K, Sircam
Back Orifice
Worms



Code Red
Nmda
Polymorhic worms
11
Parasitic Attacks
Bandwidth
School T1 used fully 24 hours a day
 Wireless access, NYC Antenna & Liverpool

Resource consumption

.exe files
music
 videos
 games

12
Common Security Issues
Kids used to maintain parts of network –
(ie web server)
Virus subscription not purchased
Security patches not up to date on
servers and workstations
Firewall: None, poorly configured, not
up to date on patches
13
Common Security Issues
Web server inside or outside Firewall
Applications and/or servers not set up
correctly (leaving Guest ID’s,
Anonymous users, FTP)
No disaster recovery and backups are
not rigorous
14
Common Security Issues
No restrictions on desktops for students
Floppy
access, FTP, loading software
No policy for security: escalation, passwords,
etc.
15
Prevention - Desktops
Windows Explorer

Students see all network resources
Right Click

Students can cut, paste, and delete
important files including system
configuration
16
Prevention - Network
Require specific logons


Lab aid giving generic logons so students could
bypass system
Pornography found on C: drive in teachers’ room
Secure your remote access to network


Maintenance done by third parties
Virtual Private Networks (VPNs)
Are your hubs and switches physically
secure?
17
Prevention - Network
Configure your routers with access lists
Check hubs, switches and routers for
web management modules and change
default passwords
18
Prevention Applications
Microsoft Office – “save as”

Can student see network drives?
Microsoft Office and Encarta templates

Students get Internet access and can download
unauthorized Microsoft patches
Downloads of plugins and other software
Programming courses such as C++ and
Visual Basic

Have access to basic network functions
19
Prevention - Policies
.exe files
Slow Internet and/or network performance
 Overwhelmed hard drives and network
servers

Passwords
No policy on changing
 Fewer passwords for ease of use purposes
 “Shoulder surfing” , yellow stickies, etc.

20
Prevention - Policies
Loading software locally
Technical issues – not in “Ghost image”
 Printing and application support issues
 Copyright issues
 Accidentally “blow out” system

Docking home computers

Students running “cracking” programs and
access SASI passwords
21
Prevention - Policies
Disks from home
Technical vulnerabilities
 Copyright vulnerabilities

Students doing maintenance

May compromise security intentionally or
unintentionally
22
Prevention - Policies
Removal of access when someone leaves

E-mail, Calendar, network logon, etc.
Early notification of problems such as viruses

What process in place to notify users of new
viruses, etc.
More than one person with key knowledge
and access.



Network backdoors setup
Secret backups and password changes done
before termination
18 months rebuilding system because of no
documentation
23
Prevention – Policies
Enforcement of policies

If practice doesn’t follow policy than
policies are not valid.
24
Recovery
Save to the network

Saving to the C: drive means no backups
Verify that they are done

Who is responsible? Who is their backup?
External backups vs internal
Proper tape rotation
Off-site storage
Periodic backup check before and emergency
25
Recovery
Damaged servers
RAID drives
 Maintenance contract or spare drives
 Mirrored or backup servers
 Hot site

Routers, switches, hubs

Maintenance contract of replacements
26
Recovery
Applications media archived
Escalation procedure to move to
recovery quicker and to limit damages
May need to isolate problem
 May need to change passwords

27
Forensics
Log files:
Intrusion detection logs
 Firewall logs
 Router logs
 Server logs
 Application logs

28
Forensics
Unique log-ins
Isolate systems
Notify authorities
Print screens (IM’ing, chat, e-mail, etc.)


Terror threat to local HS
Ballad of an e-mail terrorist
Hard Dive recovery
Anonymizer sites
29