RINET Staff Members:

1
Network and Data Security

• RINET Staff Members
• Pam Christman
• Christy Howard
• Joe Caparco
• Mike Calabro

Materials and tools adapted from
www.securedistrict.cosn.org and from State
Network colleagues at WiscNet, UEN, MORENet and
others
2
Net/Data Security in RI

• The Problem - How do we plan, assess, evaluate,
  educate?
• People and Policy Toolkits
• Security Planning Protocol
• Self-Assessment Checklist
• Security Rubric and Planning Grid
• Stakeholder Education and PR
• Technology Tools and Best Practice
• Current and Future
• Good Net Neighbor Program
• Where do we go from here?

3

• http//securedistrict.cosn.org

4

• Some of these materials made possible through the
  generous support of education grants from
• SonicWall, Symantec, SurfControl, the U.S.
  Department of Education.
• in collaboration with the Northwest Regional
  Education Laboratory (NWREL)
• Additional support from Sun Microsystems,
  Microsoft Corporation, BellSouth Foundation, and
  a media partnership with District Administration

5

• CoSNs mission is to advance the K-12 education
  communitys capacity to effectively use
  technology to improve learning through advocacy,
  policy and leadership development
• www.cosn.org
• The Cyber Security project is done in partnership
  with
• Mass Networks Education Partnership
• www.massnetworks.org

6
Vision

• Active learning community
• Students teachers collaboratively
• exploring, sharing, and communicating
• with each other and the community.
• Smooth operations
• Administrative, business, and reporting functions
  run smoothly.
• Public support
• People know that kids are safe and
• schools are fulfilling their mission.

7
The Problem

• Time to preach to the choir!
• How do we plan, assess, evaluate, educate?

8
Net/Data Security Growing Concern

• Student breaks into system changes grades taps
  into file of SSI numbers. Parents urged to
  contact credit bureaus.
• Devastating virus enters system via laptop
  infected at teachers home over weekend.
• Blended attacks hit multiple vulnerabilities,
  requiring every computer to be individually taken
  off line and cleaned multiple times.
• School Network hijacked and
• used as base for attacks on other locations.

9
Whats At Risk

• Student Staff Safety
• Ability to Function
• Public Support Legitimacy
• Liability
• Its not a question of if but of when and
  how bad!
• 2,000 to 3,000 programs are running over the
  Internet at all times looking for security holes!
• The problem is serious and will not go away on
  its own.

10
Security Incidents and Vulnerabilitiescompiled
by CERT/CC through Jan 22, 2004
Computer Emergency Response Team/Coordination
Center
For more info see www.cert.org
11
Attack Sophistication v. Intruder Knowledge
Source www.cert.org
12
Statistics Private Sector Survey

• 82 reported virus and worm attacks in last 12
  months.
• 42 endured denial of service attacks
• 36 detected network penetrations (30
  required law enforcement involvement)
• 80 of respondents reported insider abuse of
  network access

Source 2003 Computer Crime and Security Survey
- Computer Security Institute/FBI
13
Schools are Vulnerable

• Ad hoc growth of educational IT systems creates a
  mixed environment that is harder to manage or
  secure.
• District IT departments are often under staffed,
  over stressed, under funded, and under trained.
• Increased requirements for central data
  collections for reporting, accountability, and
  planning.
• More use of IT in general for administrative,
  professional, and teaching-learning purposes.

14
Technology trends increase risk!

• Always-on broadband or DSL.
• Wireless and power-line transmission.
• WIFI networks.
• Outsourcing of data services and storage.
• Peer-to-Peer sharing.
• Take-home laptops, PDAs, and
• memory devices.

15
A Wake Up Call

• Reality Check
• There is no perfect or one-time solution to
  security
• Realistic Goal
• Risk reduction crisis recovery
• Requires constant attention, regular review

16
What is security?

• NEGATIVE Nothing bad happens
• POSITIVE Everything goes well
• BOTTOM LINE Good S.O.P.
• Security is a social as well as a technical
  process, the by-product of a community of trust
  created by having appropriate systems properly
  set up to support stakeholders evolving needs
  and good operating procedures appropriately
  implemented in a context of respectful
  interaction with and valued service to all
  stakeholders.
• Standard Operating Procedures

17
How To Fulfill Your Role as Education Leaders and
Concerned Citizens

• Understand the risks.
• Make it a priority.
• Accept that it is a process.
• Assume that something will go wrong.
• Understand the 3 components
• People
• You need to create a community of trust!
• Policy
• To reduce the risks while preparing for problems
• Technology
• Having the right tools to implement the policies

18
People and Policy Tools

• Security Planning Protocol
• Self-Assessment Checklist
• Security Rubric and Planning Grid
• Stakeholder Education and PR

19
Getting Started

• Begin Authorize Support
• Set up a team
• Make it a priority
• Involve different stakeholder groups
• Create a Plan Take Action
• Security crisis management
• Evaluate your current status
• Take emergency steps
• Get users involved!
• Communicate!
• With all stakeholders often!

20
Security Planning Protocol Flowchart
21
The Cyber Security Protocol 1
Set security goals for Information Security

• What IT tools, data, and services do stakeholders
  need to meet educational goals? What are the
  values that will guide your security
  decision-making?
• How do you users know when you are succeeding?
  What is the desired balance between locking
  everything down and fostering a creative
  learning environment?

Affirm ITs role value
Identify Performance Metrics
22
The Cyber Security Protocol - 2
Assess Risk for IT Assets

• Conduct Asset Inventory
• Prioritize by value to the organization or damage
  inflicted if taken out of service, disclosed, or
  changed.
• Assess Vulnerabilities Threats
• Physical Environment, Access Points, Internal
  Systems Usage Patterns, Data, External
  Connections Partners, Policies, People (staff
  adequacy user behaviors)
• Test current defenses
• Internal and external attacks
• Review policies operations
• Evaluate architecture

Select most crucial assets to protect
Evaluate System Components
Prioritize security gaps
23
The Cyber Security Protocol - 3
Build and Implement Security Plan

• Research best practice methods of dealing with
  each security gap.
• Prioritize by potential damage, likelihood, cost,
  required time, level of possible improvement,
  public perception.
• Create and implement Action Plan
• Assign responsibilities, set deadlines, provide
  training and budget.
• Test and retest and retest again.
• Revise Operating Procedures
• Regularly repeat step 3.

Keep security plan realistic
Keep focused
Steady Improvement
24
The Cyber Security Protocol - 4
Crisis Management

• Brainstorm crisis scenarios
• Sign up for alerts.
• Ask students!
• Develop Response Plan
• to limit damage, work through recovery phase, and
  communicate with stakeholders.
• Install as much redundancy as possible.
• Ensure Readiness
• Test everything with simulated emergencies.
• Practice again!
• Incorporate lessons in revised S.O.P.

25
Self-Assessment Checklist

• Refer to handout
• http//securedistrict.cosn.org/assessment/checklis
  t.cfm

26
Security Rubric and Planning Grid

• http//securedistrict.cosn.org/tech/Evaluation/Sec
  PlanGridSummaryView.html

27
Five Elements of Effective PRto Gain Community
Support

• Goal
• Audience
• Message
• Method
• Evaluation

28
Effective PR Elements - Goal

• Combine techniques of marketing and sales
• Prioritize PR efforts towards immediately
  beneficial goals
• Frame goal in specific terms (short-term/long-term
  )
• Use standards-based PR
• Clear goals lead to clear results

29
Effective PR Elements - Audience

• Adopt an education-centric mindset rather than a
  tech-centric mindset
• Consider internal and external audiences and your
  organizational culture
• Target your approach
• Know your audience (students, teachers,
  principals, etc.)

30
Effective PR Elements - Message

• Focus on the positive results of the suggested
  action
• Tie message to timely issues
• Focus on alignment with audience agenda

31
Effective PR Elements - Method

• Use multiple media
• Find champions
• Ask RINET

32
Effective PR Elements - Evaluation

• Perform on-going evaluation
• Solicit regular feedback
• Utilize self-assessment, individual feedback,
  structured survey

33
Technical Tools

• Current Best Practices
• Firewalls
• Desktop Protection Software
• Hubs vs. Switches
• Current RINET-based Tools
• Future
• Good Net Neighbor Program
• OSHEAN Member Security Services
• What else?

34
Firewalls

• Not only a best practice, but a necessity
• Protects against inbound threats
• As part of this collaborative, you want to
  protect other members from outbound threats

35
Desktop Protection Software

• Anti-virus (RISTE Symantec program)
• Anti-SpyWare (many free)
• http//www.microsoft.com/downloads
• LavaSofts AdAware
• Symantec Client Firewall

36
Hubs vs. Switches

• Quality/Cost Issue
• Hubs work well enough for our use
• Security Issue
• Choice is one small component of HIPAA and FERPA
  compliance
• Hub Unintelligent broadcast device
• Switch One transmission standard to guard
  against data interception

37
Current RINET-based Tools

• SolarWinds security breach indicators
• CPU maxed
• Excessive PPS
• Router Diagnostics
• RINET assists at head-end

38
Future Technical Tools

• Good Net Neighbor Program
• Voluntary port blocking
• RINET will pilot OSHEAN Member Security Services
• Employs tools such as IPAudit, Snort, SmokePing,
  and Nessus to assess vulnerabilities and collect
  network statistics
• Our members may be interested in some or all of
  these products
• Any pilot volunteer districts?

39
Discussion

• What else would help your school/district?

40

• For More Information
• http//securedistrict.cosn.org