Technology Solutions Conference

School Security

Technology Solutions Conference

School Security

2

Network Security

Prevention

Recovery

Forensics

Security Audit

New Trends

Security Issues

3

Firewalls

Servers

Desktops

Network

Applications

User Training

Policies

Basic Assumptions

Prevention

4

Prevention - Firewalls

What data do you want to protect? Known databases such as student and financial

information Local databases kept on hard drives

What is a firewall? Not a content filter

Poor configurations and lack of patch maintenance very commonPersonal firewalls for your home

5

Prevention - Firewalls

Intrusion Detection Software

What is a DMZ?

Web server dilemmasPlacement of server Access for content management

6

Prevention - Servers

Keep up with server maintenance and security patchesNimda took advantage of known holes Code Red, Polymorphic worms

Subscribe to virus definitions and be sure to updateNot all virus protection software is created

equal

7

Security - Servers

Remove all generic and guest defaults after installWeb server hacked via generic login

Check for inactive web modulesThey can be accessed and generic setups

abused

8

Prevention - Desktops

A: drive Vulnerable to infected floppy disks and other

non-authorized files and applications

C: drive Vulnerable to configuration changes, and

access to restricted resources (students hid Internet access)

FTP Vulnerable to downloads of infected files or

other non-authorized files and applications

9

Security & Hackers

Internal Attacks: Students and Staff Hackers

External Attacks: Internet & e-Mail

Parasitic Attacks: Bandwith, Storage, Processing

Common Security Issues

10

Internal Attacks: Student & Staff Hackers

Denial of ServiceWeb server attacks

Unauthorized IntrusionsAdmin server accountsSASI Id’s

Anonymous surfingPort 443

11

External Attacks: Internet & e-Mail

Spamming and Smurfing Rejected e-mail

e-Mail Viruses ILOVEYOU, Melissa, Anna K, Sircam Back Orifice

Worms Code Red Nmda Polymorhic worms

12

Parasitic Attacks

BandwidthSchool T1 used fully 24 hours a dayWireless access, NYC Antenna & Liverpool

Resource consumption .exe files

music videos games

13

Common Security Issues

Kids used to maintain parts of network – (ie web server)

Virus subscription not purchased

Security patches not up to date on servers and workstations

Firewall: None, poorly configured, not up to date on patches

14

Common Security Issues

Web server inside or outside Firewall

Applications and/or servers not set up correctly (leaving Guest ID’s, Anonymous users, FTP)

No disaster recovery and backups are not rigorous

15

Common Security Issues

No restrictions on desktops for studentsFloppy access, FTP, loading software

No policy for security: escalation, passwords, etc.

16

Prevention - Desktops

Windows ExplorerStudents see all network resources

Right ClickStudents can cut, paste, and delete

important files including system configuration

17

Prevention - Network

Require specific logons Lab aid giving generic logons so students could

bypass system Pornography found on C: drive in teachers’ room

Secure your remote access to network Maintenance done by third parties Virtual Private Networks (VPNs)

Are your hubs and switches physically secure?

18

Prevention - Network

Configure your routers with access lists

Check hubs, switches and routers for web management modules and change default passwords

19

Prevention - Applications

Microsoft Office – “save as” Can student see network drives?

Microsoft Office and Encarta templates Students get Internet access and can download

unauthorized Microsoft patches

Downloads of plugins and other softwareProgramming courses such as C++ and Visual Basic Have access to basic network functions

20

Prevention - Policies

.exe filesSlow Internet and/or network performanceOverwhelmed hard drives and network

servers

PasswordsNo policy on changingFewer passwords for ease of use purposes “Shoulder surfing” , yellow stickies, etc.

21

Prevention - Policies

Loading software locallyTechnical issues – not in “Ghost image”Printing and application support issuesCopyright issuesAccidentally “blow out” system

Docking home computersStudents running “cracking” programs and

access SASI passwords

22

Prevention - Policies

Disks from homeTechnical vulnerabilitiesCopyright vulnerabilities

Students doing maintenanceMay compromise security intentionally or

unintentionally

23

Prevention - PoliciesRemoval of access when someone leaves E-mail, Calendar, network logon, etc.

Early notification of problems such as viruses What process in place to notify users of new viruses, etc.

More than one person with key knowledge and access. Network backdoors setup Secret backups and password changes done before

termination 18 months rebuilding system because of no

documentation

24

Prevention – Policies

Enforcement of policies If practice doesn’t follow policy than

policies are not valid.

25

Recovery

Save to the network Saving to the C: drive means no backups

Verify that they are done Who is responsible? Who is their backup?

External backups vs internal

Proper tape rotation

Off-site storage

Periodic backup check before and emergency

26

Recovery

Damaged serversRAID drivesMaintenance contract or spare drivesMirrored or backup serversHot site

Routers, switches, hubsMaintenance contract of replacements

27

Recovery

Applications media archived

Escalation procedure to move to recovery quicker and to limit damagesMay need to isolate problemMay need to change passwords

28

Forensics

Log files: Intrusion detection logsFirewall logsRouter logsServer logs Application logs

29

Forensics

Unique log-insIsolate systemsNotify authoritiesPrint screens (IM’ing, chat, e-mail, etc.) Terror threat to local HS Ballad of an e-mail terrorist

Hard Dive recoveryAnonymizer sites