Northern Grid for Learning - School Broadband, eSafety, Learning Resources and More

The Northern Grid takes network security seriously and has adopted a number of measures to protect schools from threats.

There are four primary goals of ICT security:

• to protect confidentiality by ensuring that information is kept private.
• to ensure data integrity by preventing data from being inappropriately changed, deleted, or copied.
• to ensure data availability by making sure that services are available and uninterrupted.
• that data can be accessed whenever it is needed and restored quickly.

Protecting confidentiality means, as a minimum, keeping passwords out of the wrong hands, prevents access to financial information, pupil data and protecting private user data such as documents and emails. The network consists of individual VLANs that cannot talk to each other except through the firewall. The default policy restricts school-to-school LAN access.

Protecting data integrity means, ensuring the identification of and recovery from breaches of integrity and the protection of systems from viruses, worms and Trojan horses. It also means the prevention of deliberate alteration of documents, websites and operating system files. Firewall logs and monitoring systems can identify quickly any attempted breaches in security.

Ensuring data availability means, defence against attacks, viruses and worms: good backup and recovery procedures and assurance that the service is not interrupted during routine hardware and software maintenance.

Network attacks take many forms. One of the oldest and most problematic is the “Denial of Service Attack”. A number of host systems are hijacked and used to send huge amounts of traffic to a web server or network device, causing that service to fail. If the device is a firewall or core router, the consequences can be acute. Any Server that has not been hardened (made more secure) is susceptible to a denial of service attack. However, most attacks on a network are perpetrated from within and measures need to be taken accordingly.

How can your school help the Northern Grid to improve its security?

Security is not just about software. It is about creating multiple defences, setting alarms and most importantly regularly monitoring the network for abnormal traffic.

All operating systems need to be hardened; the workstations need to be locked down with servers secured by ensuring rigorous authentication and administration.

Passwords are the key to authentication.

Create a security policy and enforce it.

Educating users on best practice is one of the best ways to secure any network.

In summary, a school should have signed and agreed to the Northern Grid AUP, created and enforced their own AUP, have a clear ICT security strategy with IT policies designed to achieve the desired stated goals. As a minimum a security policy should be written to document the agreed procedures and shared with all users. Security requires the active support of the senior management team, teaching staff in addition to technical support staff.

If advice is needed with any of these measures, contact the Local Authority or the Northern Grid at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Creating a secure public access workstation in a school requires a series of integrated steps that will be summarised within this article. A secure network requires similar policies for the user, server and network infrastructure. Ensuring a safe and secure environment for learning is an ongoing process requiring regular monitoring and effective management, the good news is that there are many tools and utilities that can be used to automate many of these steps. In order to create a secure public access computer, you must:

• Secure the computer BIOS
• Install the computer with minimum operating system features
• Require user s to login and authenticate to the network
• Patch the Operation System and Applications
• Install Antivirus & Antispyware software
• Lockdown the desktop
• Securely configure the browser and office applications
• Educate the Teachers and Students about the need for security
• Protect the network from outside & inside
• Disable all unnecessary services on the desktop
• Use a client/server architecture block File/Print sharing
• Independent security policy for Wireless & Laptop PCs

Administrators you can use the following tools to make your life a lot easier:

• Poledit, Group Policies, 3rd party software
• Rollback software
• Cleanup software
• Application distribution agents

IT security policies are the foundation, the bottom line, of information security within any organization or school. As such, it is well worth considering a few questions with respect to them:

• Are they comprehensive enough?
• Are they up to date?
• Do you deliver them effectively (e.g. via the desktop)?

The role of a server exposes it to a greater risk than other devices on your network and therefore it must be protected at many different levels. First of all, the network itself must be protected by a firewall from unwarranted intrusion. Second, the operating system of the server must be hardened and the server applications themselves must be protected from vulnerabilities, last but most critically authentication through logging-in must be employed to ensure that only authorized, valid users can access the system.

The hardening process can be started by:

• Install all Operating System Security Updates
• Remember updates are not just for the operating system the application also need to be checked and updated.
• Install Anti-Virus Software
• Some solutions are better than others, however the key here is to ensure all server av file definitions are kept up-to-date.
• Provide Physical Security for the Server
• It is important to place servers in a secure location, such as in a locked room with adequate ventilation. To further protect a server, place it in a lockable cage or ensure that its case is always locked. When it is not in use, lock (password protect) the server console as well.
• Restrict Remote Access to the Server
• The connection should be secure and encrypted. It is not a good idea to access a server other than from a secure workstation that is not used by your staff or pupils
• Review Server Logs Periodically
• The first thing an intruder will do is wipe out signs of their activity in the log files. To ensure you will always have access to log files, use a log file monitor utility which monitors log files for signs of intrusion or security violations.
• Protect the File System
• Restrict access to the directory structure using file or directory permissions.
• Make Regular Backups
• Servers are not only vulnerable to viruses and hackers; they are also vulnerable to disasters such as fire or flood. If a server is destroyed by a disaster, it is important that you have backups available of the data; backup tapes should be stored off site.
• Implement Fault Tolerance
• fault tolerance is a redundancy solution that ensures up time. If one system (such as a hard drive or the computer itself) should fail, there is a backup system that immediately takes over. Microsoft, Novell and Linux all have clustered services however these are expensive the most cost effective option is to use a RAID 5 controller storage system which will recover data from any individual disk failures.
• Disable all inactive services on the Serve
• Any unused protocol; application or service running on the server increases the risk of attack. If its not used removed

What is a virus?

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person. A computer virus must piggyback on top of some other program or document in order to be executed. Once it is running, it is then able to infect other programs or documents.

A virus can have a devastating effect on the Internet, the Northern Grid WAN or any school LAN. For example, experts estimate that the Mydoom worm infected approximately a quarter of a million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their email systems until the virus could be contained.

Types of Infection

The most common types of infection are:

Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a spreadsheet program. Every time the spreadsheet program runs, the virus runs too and it has the chance to reproduce by attaching to other programs.

E-mail virus - An e-mail virus moves around in email messages and usually replicates itself by automatically mailing itself to dozens of people in a victim's e-mail address book.

Worms - A worm is a small piece of software that uses a network and security holes in operating systems to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole and then starts replicating from there as well. A massive surge of broadcast traffic is a typical indicator that a worm is at work on a network.

Trojan Horses - A trojan horse is simply a computer program. The program claims to do one thing but instead does damage when you run it. Trojan horses have no capacity to replicate automatically.

How to prevent Infection

A few simple steps that will help to protect a school LAN:

• Ensure that all Operating Systems have all security updates installed
• Lockdown the desktop to prevent unauthorised application installs.
• Install and update regularly a reputable Anti-Virus application on all servers and workstations.
• Disable CD and floppy disk booting in the CMOS settings.
• Ensure macro-virus prevention is enabled.
• Educate the user e.g. never run an executable file from an email.

Essential Security Measures

• Write an Acceptable Use Policy for staff and pupils and enforce it. Northern Grid have created working templates and can help you to create a working AUP for your school.
• Make sure that there are regular checks are carried out on your network to ensure the latest security patches and updates are installed. Don't forget patches are available for applications as well as operating systems.
• Microsoft, and all vendors, offers fixes to software bugs in the form of a "patch". After enough patches are compiled, they release a "service pack" which is a compilation of various patches and other fixes.
• Be aware of what is happening on the network, use network monitoring software as necessary. The Northern Grid offers a comprehensive network assessment service that will benchmark and identify issues of concern if you are experiencing problems.
• Make sure that school networks are secure and that users only have access to the minimum level of resources that are required for their role.
• Manage the use of USB pen drives. This is by far the easiest method for removing valuable data/programs from a school. Whilst they are undoubtedly very useful devices they pose a real security risk. Viruses and Trojans can infect the network this way.
• MP3 Players and other such devices fall into the same category as a pen device. They too can be used to add and remove data/programs on the network.
• BIOS passwords - protect the BIOS Set-up program from unauthorised users. This stops them enabling USB pen drives. Protecting the BIOS with a password stops users changing the boot sequence to allow booting from a floppy, CD or USB media device.
• Do not install wireless devices on your network without first deciding how to make them secure. Wireless authentication should be used to oblige any wireless users to log-on. This can be linked into an active directory and should be easy to administer. Use WAP with radius authentication.
• Make sure up to date anti-virus software is installed on all PCs, servers and particularly staff laptops. Evolve a mechanism or policy to auto-update the AV software and make sure that this is someone's responsibility so that there can be confidence that all systems are up to date.
• Restrict or remove the ability for local users to install their own software on desktop/laptops. This may include staff?