Kaleidoscope Consulting has over nine years of experience in establishing and maintaining networks for education. We have a reputation for providing outstanding sales and service to the educational community. From rural K-8 school districts to large college campuses, we have consistently proved our commitment to satisfying our education clients. Our Services We are experts in designing and installing security solutions and networks. We can provide end-to-end solutions for your institution or company, providing everything from telecommunications network design and negotiation of telecommunications services, to installation of your equipment and training for your instructors or employees. Our network security services include: Installation Training Security Policy Design Cybercrime Investigation Vulnerability Testing Intrusion Detection www.Kaleidoscopeconsulting.com [email_address] 573-815-9313 (phone) 800-783-0422 (fax)
Quote From Cisco System :” When most people read about Internet hacking incidents, they get the impression that these are highly complex, technical attacks that takes a genius to create. Reality is that the really smart people first come up with these highly complex, technical attacks, but they share the information and the tools required to pull off the attack on the Internet. The “open sharing” of hacking information and tools allows individuals with minimal technical knowledge to duplicate the attack. Often, it is as easy as downloading the attack tool from the Internet and launching it against targets. You don’t need to know anything other than how to run the attack tool. The bottom line is that it doesn’t take a genius to successfully attack systems and networks, it just takes someone downloading attack tools.”
Personal Firewalls: ZoneAlarm : www.zonelabs.com Norton Personal Firewall: www.symantec.com McAfee Personal Firewall: www.mcafee.com BlackIce Defender: www.networkice.com You can test your basic firewall and security configuration at the following sites: https://grc.com/x/ne.dll?bh0bkyd2 http://grc.com/lt/leaktest.htm http://www.dslreports.com/secureme http://www.hackerwhacker.com:4000/startdemo.dyn?answer=firewall
Unauthorized Access to Your Network. Hackers breaking into your network can view, alter, or destroy important and confidential files. A hacker can, for example, modify accounting or academic records, and then leave, with the break-in and changes going undetected until it is too late. Denial of Service (DoS) Attacks. Increasingly prevalent Denial of Service (DoS) attacks – such as the Ping of Death attack, the SYN Flood attack, and the LAND Attack – aim not to steal information, but to disable a device or network so users no longer have access to network resources . Even if your network is not being directly attacked, it can be used as an unwitting ally in Denial of Service attacks on other networks. Using Trojan Horses or other malicious attachments, hackers plant tools on hundreds and sometimes thousands of computers to be used in future attacks. So, in addition to protecting your own LAN from attacks, you need to prevent your LAN computers from being compromised and used in attacks on others. Viruses . These are destructive programs that attach themselves to E-mail, applications and files. Once on your LAN computers, viruses can damage data or cause computer crashes. Users can quickly damage entire networks by unknowingly downloading and launching dangerous computer viruses. Viruses can also be used as delivery mechanisms for hacking tools, putting the security of the organization in doubt, even if a firewall is installed. Capture of Private Data and Passwords. As your private data moves over your network, hackers using programs called packet sniffers can capture it and convert it into a readable format. The source and destination users of this information never even know that their confidential information has been tapped. Offensive Content. If Web browsing is not regulated, inappropriate Internet content can create an uncomfortable work environment, decrease productivity, and invite potential legal problems for your school. Schools and libraries are required to control access to offensive content by The Children’s Internet Protection Act.
From SANS.org Security policy resources are somewhat scarce on the Internet. Below we have listed some of the useful resources that we have encountered. If you know of any, please send them to email@example.com http://www.sans.org/infosecFAQ/policy/policy_list.htm - The site contains articles and papers written by GIAC certified professions. http://www.ietf.org/rfc/rfc2196.txt?Number=2196 - The Site Security Policies Procedure Handbook. http://csrc.nist.gov/isptg/ - NIST's Special Publication: Internet Security Policy: A Technical Guide. http://www.securityfocus.com/data/library/Why_Security_Policies_Fail.pdf - A white paper Some general websites with information security policies: http://www.security.kirion.net/securitypolicy/ http://www.network-and-it-security-policies.com/ http://www.brown.edu/Research/Unix_Admin/cuisp/ http://iatservices.missouri.edu/security/ http://www.utoronto.ca/security/policies.html http://irm.cit.nih.gov/security/sec_policy.html http://w3.arizona.edu/~security/pandp.htm http://secinf.net/ipolicye.html http://ist-socrates.berkeley.edu:2002/pols.html http://www.ruskwig.com/security_policies.htm http://razor.bindview.com/publish/presentations/InfoCarePart2.html http://www.jisc.ac.uk/pub01/security_policy.html
A Firewall is: “ ...a combination of hardware and software used to implement a security policy governing the network traffic between two or more networks, some of which may be under your administrative control (e.g., your organization’s networks) and some of which may be out of your control (e.g., the Internet). A network firewall commonly serves as a primary line of defense against external threats to your organization's computer systems, networks, and critical information. Firewalls can also be used to partition your organization’s internal networks, reducing your risk from insider attacks.” (CERT). “ A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based Unix box kept clean of critical data, with many modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster.” (SANS, www.sans.org)
Configuration A: Typical Network-based Firewall Installation. Good overall network protection, but no protections from internal threats (i.e., Students)
The second firewall might not need to be as elaborate as the primary firewall to the outside world, for example a packet-filtering firewall ($200-$400)
Theoretically this is probably the best solution. However, there are several assumptions that must be made: Users will not disable the host-based firewall Users will update the software on a regular basis Users will have an understanding of what the alarms mean Is this the best solution in an educational environment?
In Your Packet* <ul><li>CD-ROM </li></ul><ul><ul><li>Software </li></ul></ul><ul><ul><li>Documents (Whitepapers and Security Guides) </li></ul></ul><ul><ul><li>Firewall Presentation (in .ppt format) </li></ul></ul><ul><ul><li>The Internet-LAN Security Workshop by Consysco Solutions (in .ppt format) </li></ul></ul><ul><ul><li>This presentation (with note pages) </li></ul></ul><ul><li>Handouts for this presentation </li></ul><ul><li>Internet Security for Educational Institutions </li></ul><ul><li>Internet Security Products and Services for Education </li></ul>* Can also be downloaded from www.kaleidoscopeconsulting.com
Today’s Presentation <ul><li>Are you vulnerable? Are you being hacked? </li></ul><ul><li>What are the threats to school networks? </li></ul><ul><li>Ten essential security measures that every school should take. </li></ul><ul><li>Resources for more information. </li></ul><ul><li>Questions. </li></ul>
Student Hackers Pilfer Eighth-Grade Science Exam <ul><li>Hillsborough County, Fla., school officials are examining their test security after two eighth-grade honor students at a technology magnet middle school hacked into their science teacher’s computer, discovered the semester’s final exam, and sent it out over the internet to an unknown number of fellow students. </li></ul>--from eSchool News Staff Reports Could you have prevented this from happening on your network? Would you have detected it? Do your teachers know how to secure a file (with encryption or on a server?)?
High School Students Charged In Virginia, two high school students were charged with computer hacking. The students face maximum penalties of five years in prison and fines of $10,000 each. The father of one of the students said he was surprised by the gravity of the felony charges: " These were just kids working on a computer. (My son) had no idea what he was doing was illegal ." Do your students know what your security policy is? And the consequences of breaking it? Do the parents of your students know what your security policy is?
Why are Security Incidents Increasing? Sophistication of Hacker Tools Packet Forging/ Spoofing 1990 1980 Password Guessing Self Replicating Code Password Cracking Exploiting Known Vulnerabilities Back Doors Sweepers Sniffers Stealth Diagnostics High Low 2000 DDOS -from Cisco Systems Disabling Audits Technical Knowledge Required
Are you being Hacked? <ul><li>Without a burglar alarm it is hard to know if you are being robbed until you notice something missing. </li></ul><ul><li>Use an Intrusion Detection System (IDS) to detected hacking attempts and probes of your network. </li></ul><ul><li>Many Firewalls (personal and network) will act as a IDS system for you. (Demo) </li></ul>
Network Security Threats Any Internet connection is vulnerable to: <ul><li>Unauthorized Access to the network. </li></ul><ul><li>Denial of Service (DoS) attacks. </li></ul><ul><li>Viruses. </li></ul><ul><li>Capture of Private Data and Passwords. </li></ul><ul><li>Offensive Content. </li></ul>
Ten Essential Security Measures That Every School Should Take <ul><li>Develop a Security Policy. And let everyone know about it. Develop online warnings to inform users of the rules for accessing your network. </li></ul><ul><li>Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all accounts. </li></ul><ul><li>Make regular backups of critical data. Backups must be made on a regular basis and that restoration is possible. </li></ul>
Ten Essential Security Measures That Every School Should Take <ul><li>Use virus protection software. Install the software, check regularly for new virus signature updates, and scan all files periodically. </li></ul><ul><li>Use a firewall as a gatekeeper between your computer and the Internet. Firewalls can be hardware or software products. </li></ul><ul><li>Enable Logging for all important systems. Often Logging is turned off by default making it impossible to tell what happened. </li></ul>
Ten Essential Security Measures That Every School Should Take <ul><li>Do not open e-mail attachments from strangers, Be suspicious of any unexpected e-mail attachment from someone you do know. </li></ul><ul><li>Regularly download security patches from your software vendors. Visit www.windowsupdate.com and other update sites regularly. Don’t forget network devices (routers, hubs, etc). </li></ul><ul><li>Document your network and conduct vulnerability scans. </li></ul><ul><li>Educate your users and yourself. Security is a continual process. </li></ul>
More Resources <ul><li>SANS (www.sans.org) </li></ul><ul><li>CERT (www.cert.org) </li></ul><ul><li>CSI (www.goCSI.com ) </li></ul><ul><li>Lower Hudson Regional Information Center (www.LHRIC.org) [Top 22 School Security Risks, Top Internet and E-mail Risks.] </li></ul><ul><li>CoSN (www.cosn.org) </li></ul>
Summary <ul><li>You can’t be totally secure, but there is a lot that you can do (relatively cheaply) to make your network more secure. </li></ul><ul><li>Most attacks play on well-known vulnerabilities. </li></ul><ul><li>Education is the key to a secure network. </li></ul><ul><li>Security is a continual process. </li></ul>
SANS Ten Worst Security Mistakes IT People Make <ul><li>Connecting systems to the Internet before hardening them. </li></ul><ul><li>Connecting test systems to the Internet with default accounts/passwords </li></ul><ul><li>Failing to update systems when security holes are found. </li></ul><ul><li>Using telnet and other unencrypted protocols for managing systems, routers, and firewalls. </li></ul><ul><li>Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated </li></ul>
SANS Ten Worst Security Mistakes IT People Make <ul><li>Failing to implement or update virus detection software </li></ul><ul><li>Failing to educate users on what to look for and what to do when they see a potential security problem. </li></ul><ul><li>Failing to maintain and test backups </li></ul><ul><li>Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices. </li></ul><ul><li>Implementing firewalls with rules that don't stop malicious or dangerous traffic-incoming or outgoing. </li></ul>
SANS Five Worst Security Mistakes End Users Make <ul><li>Opening unsolicited e-mail attachments without verifying their source and checking their content first. </li></ul><ul><li>Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape. </li></ul><ul><li>Installing screen savers or games from unknown sources. </li></ul><ul><li>Not making and testing backups. </li></ul><ul><li>Using a modem while connected through a local area network. </li></ul>
SANS 7 Top Management Errors That Lead to Computer Security Vulnerabilities <ul><li>Pretend the problem will go away if they ignore it. </li></ul><ul><li>6) Authorize reactive, short-term fixes so problems re-emerge rapidly </li></ul><ul><li>Fail to realize how much money their information and organizational reputations are worth. </li></ul><ul><li>Rely primarily on a firewall. </li></ul><ul><li>Fail to deal with the operational aspects of security: make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed </li></ul><ul><li>Fail to understand the relationship of information security to the business problem -- they understand physical security but do not see the consequences of poor information security. </li></ul><ul><li>1) Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job. </li></ul>http://www.sans.org/newlook/resources/errors.htm