securing the system a k-12 case study. background rural school district 93% free and reduced lunch...
TRANSCRIPT
Securing the System
A K-12 Case Study
Background
• Rural School District• 93% Free and Reduced Lunch• 1100 students• 3 Schools• 1 Systems Administrator
Regulations
• CIPA – Child Internet Protection Act• NCLB – No Child Left Behind• HIPAA – The Health Insurance
Portability and Accountability Act• FERPA – Family Educational
Rights Protection Act
Problem
• Frequent Server Crashes• No Backups• Patch Levels Out of Date• Overlapping Policies• Generic Logins• Sketchy Licensing• Lack of System Security• No Technology User Agreement • No Valid Technology Plan
Steps Taken• Redefined the Technology Team
• Director of Technology• Systems Administrator• Network/Computer Technician
• Streamlined and Consolidated Servers and Connections
• Consolidated the districts data aggregation point
• Centralized Management of System• Established a Backup Procedure
Steps Taken
• Established logins for all students at the middle/high school
• Required a Technology User Agreement signed and on file
• Restricted access thru all ports• Purchased an I-Prism content filtering
solution
Steps Taken• Deleted all policies and started from
scratch• Set alarms and monitoring procedures
in place to monitor the system• Restricted access to the SYS folder to
the Technology Team• Set up home directories for both
students and faculty• Re-imaged computers with standard
settings
Is It Secure?
The system, while better, is still at risk for a serious security breach.
What Now?To secure the system further:• A tiered security policy system needs
to be implemented• Teachers need to be trained on the
use of class monitoring software • The district should implement an
annual security audit to ensure that all new threats are addressed promptly
• Money should be budgeted in the general fund for upgrades and futureneeds
What Does It Look Like?
InternetInternet
Firewall
TechnologyDepartment
District OfficeElementary
School
ElementarySchool
Middle/HighSchool
NovellGwavaI-PrismSophos
7 Servers
2 Servers 2 Servers
2 Servers
2 Servers
Questions?