Introduction Hello everyone. Today we re going to take a look at network security in light of the changing face of a school Network.

Size: px
Start display at page:

Download "Introduction Hello everyone. Today we re going to take a look at network security in light of the changing face of a school Network."

Transcription

1 Introduction Hello everyone. Today we re going to take a look at network security in light of the changing face of a school Network. History of network security As recently as five or six years ago, most networks were definite entities with clear and distinct boundaries, that would look something like this; Conceded, this is a very basic model, and you may have used all manner of other variations. However, it demonstrates how most stations are managed or in other words, they are joined to the domain and the network management team control user permissions, program sets, the software that was installed upon them, which printers they could use and pretty much everything else. Network security meant making sure a firewall was in place, using a suitable anti-virus solution and controlling users to connect to and use the network with logon credentials, passwords and permissions. How network usage is changing As modern technologies have exploded onto the scene in the 21 st Century, the boundaries of a classic network have become blurred. The existing managed set up has been joined by all manner of devices and solutions, many of which are not necessarily joined to the domain. 1

2 As you can see, it s very different. Access is no longer limited to desk-based users. People want to connect from home to work more flexible hours. Users will want to use their own personal devices such as PDAs, smartphones and netbooks at school. Printers can now connect wirelessly and VOIP telephony is being adopted as a smart way to improve communications and reduce costs. A recent survey conducted by RM quizzed secondary school network managers on their expected usage of mobile devices in the next two years, and the positive feedback was surprisingly high. With this new breed of network, it is not advisable to rely solely on existing controls to keep your network safe and secure, because there are more risks to consider: Antivirus software is often down to personal choice Users control and manage their own devices, and can install any software Users may not realise if their devices are at risk, or infected Downloading of illegal or pirated content by users through the school connection may result in disconnection by the ISP Wireless connections are much more common, and need to be extra secure External Data Storage devices are difficult to monitor and keep track of Personal devices can be a distraction from work Remote access to your network infinitely increases the attack vector. 2

3 Wouldn t it be easier to simply refuse access for anything that s not directly managed by you? Appealing as this sounds, a dynamic network is now well established and here to stay. Empowering your users to connect to your network has a lot of benefits, including: Personal devices help to keep costs low, as users pay for and maintain their own hardware and software. This is particularly important, in light of the recent constraints on funding for education Denial of access will result in dissatisfied users who are more likely to complain Modern technology has resulted in some fantastic learning tools put an ipad in front of a student with a media project to see for yourself Remote access encourages staff and students to work outside of school hours, increasing productivity. Devices What can we do about these risks? Can we eradicate all of them to help keep a safe environment? In theory, yes we can. However, it s all about compromise more control often means more overhead in both cost and effort, and finding a happy medium between security of your network and convenience for your users is unique to your school. This session will go through some practical tips to help you find the right balance and implement any measures you feel are appropriate. Let s start by examining a managed device, which is joined to your network as part of the domain. Users log on to the domain with credentials such as a username and password. Schools make much heavier use of roaming profiles than business environments, as many users are not tied down to only one computer. The Active Directory (AD) is used to organise computers and users into groups, and policies are used to mandate what a user can and cannot do on the machine he is using. All in all, there is a lot of control and this remains a secure solution. Not all devices, though, can be joined to the domain easily. What solutions exist for different types of unmanaged devices? Unmanaged netbooks Most home netbooks run on a Home edition of the Windows operating system. The main difference between these and other editions of Windows is that they do not have the capacity to authenticate against the domain, meaning a user cannot join their device to the network. If a user has a Professional OS edition, it s best to join them to the domain wherever possible, and make them a managed machine. However, for Home operating systems and Guests, there are a number of ways to facilitate access: 3

4 Connection without authentication Connecting the device either wired or wirelessly, without authentication against the domain, would provide Internet access, as well as shared resources. The main drawbacks of this solution are: Access to resources such as the Internet, shared folders or printers would mean regular prompts to the user to authenticate, though this can be eased somewhat with Windows 7 credential manager Someone could join your network and easily access your Internet connection by simply plugging a network cable into their computer, or through an unsecure wireless connection. 1. Putting your Guest WLAN on a separate VLAN will help to keep traffic from unmanaged devices separate from your core network, but may restrict access to shared resources. 2. Secure your wireless network, and issue out a password from reception for guests. Change it regularly to avoid users reconnecting at a later date without further authorisation. RM Connector for CC3 and CC4 RM Connector software facilitates Home operating systems authenticating against the domain, using a server and client side installation. This allows registered users to connect with their normal logon credentials, and gain access to shared areas, printers and the Internet It is also configurable to Block, Warn or Ignore if virus definitions and/or Windows Security Updates are out of date It is easily installable on the device by the user, who downloads the software from a website hosted locally on the school server RM Connector provides an Acceptable Usage Policy screen, which users have to accept before they can connect. This means they are presented with the school s policy on network usage and have to confirm acceptance before proceeding RM Connector Service Release 1 was released earlier this year, so Windows Vista and Windows 7 (32 & 64-bit) are now supported RM Connector automatically relinquishes proxy settings upon disconnection from the school network, meaning your user s connection will continue to work at home automatically CC4 Store Our new network for small schools - uses RM Connector Technology, and includes all of the features above. If you support a small school in your local area, you may want more information on this innovative new product. CC4 Anywhere CC4 Anywhere allows users to access the school network by logging on to a Citrix XenApp Remote Desktop Server and accessing their profile from there. 4

5 External access is forced through the Citrix Access Gateway (CAG), to ensure a secure connection. VLANs can be used to force any unmanaged device to access the connection via the CAG. CC4 Anywhere can also be used to connect almost any device that has an Internet connection. I m not going to harp on any more about these RM products that I m sure you ve all seen and heard of before, except to say that they are designed with unmanaged devices in mind and are therefore natural candidates to help you manage your network more easily. Software A personal netbook user is most likely to be a local admin on the machine, and has sufficient permissions to install and uninstall any software he chooses. He may choose to install applications, which aren t appropriate for use within school hours, or an application that may pose a threat, such as malware. If the software relies on an Internet connection, however, its usage can be controlled by denying access via proxy settings. This means the software will continue to work at home, but is inhibited within the confines of the school network. Examples of where you may want to consider doing this are Facebook, Spotify, certain websites, instant messaging software and others. Of course, some schools find these apps useful, so it s really down to the preference of your Senior Management Team. Other considerations include whether or not you want users to have access to their phone s camera and other peripherals, whilst connected to the network. Local admins, of course, have permission to change any configuration settings you may have set up for them. The best way to discourage this is to have a minimum criteria, so that any breach in rules results in the connection being broken and access becomes restricted. A good example of this would be using a proxy. If the user doesn t have the correct proxy settings configured on their machine, they will not be able to access the Internet, but can still access shared areas and printers. Client antivirus Your user may not be using your preferred antivirus solution, which isn t necessarily a big deal in itself, provided he does have a suitable alternative and his virus definitions and Windows Security Updates are valid. RMVP5.1 s Find Unmanaged Computers and Unmanaged Detector features can scan the network and alert you when a computer logs on that doesn t have the RM offering of Symantec Endpoint Protection 11 on it. Once identified, the user could then be provided with a copy of the Home Use software to install on their machine locally, which is covered by the free RMVP5.1 home use licensing. Smartphones & PDAs Many users now have Smartphones and PDAs, which are a great example of a device that can be used whilst carrying. Unlike laptops, which whilst mobile, tend to be used in between 5

6 journeys, the Smartphone is accessible on the go. Working on a variety of mobile operating systems, they achieve much the same goal. Many users take advantage of the Mail-Sync features in their phones, among others, but are often reluctant to do so on their 3G connection, which can be slow and at times eat into their data usage allowance. Other applications can also help increase productivity and facilitate learning, so facilitating access to the network is a win-win situation. Mobile antivirus From a security viewpoint, antivirus software is rarely found on mobile devices such as smartphones, though it seems that a shift in opinion is happening, with many experts now recommending mobile anti virus software as critical. Generic mobile antivirus products are available. Symantec, Kaspersky and F-Secure are just some of the development companies who have created products to fill this niche, but of course they all come at a price and most of them are only available for Windows Mobile or Symbian OS. The debate still rages on about whether or not certain phones such as the Android, Blackberry or iphone could benefit from some type of antivirus software. Many experts agree that it s just a matter of time before hackers and malicious users discover ways to infiltrate these systems and cause havoc, which is undoubtedly why many popular computer antivirus creators such as Symantec and Kaspersky have jumped in with both feet to the mobile antivirus market. The truth is this: as smartphones become a more necessary part of our daily lives, there will always be people out there who are bent on destruction, creating malware and trying to disrupt the chain of communication. Microsoft Exchange ActiveSync A lot of smartphones have the capacity to interact with Microsoft Exchange ActiveSync, which is an integral feature in Exchange 2010, with no additional licences needed. Using Exchange ActiveSync, mobile users can access , voice mail, rights-protected messages, and instant message conversations on their smartphones. As a network manager, you can choose to limit which device models are authorised and remote-wipe the device if a security breach occurs. Policy support and allow/block/quarantine lists, including exceptions down to the individual user level, come as standard. Realising that mobile access is becoming an industry standard, in all enterprises, including schools, most mobile phone manufacturers now offer ways to easily configure their models to be used with ActiveSync. ios ios 4 devices include the iphone, ipad and ipod Touch families. A recent poll conducted by the tech firm Westcoastcloud found that one in ten children under the age of ten now own an iphone, while one in 20 owns an ipad. ios does not feature any added security software. Because the iphone does not share apps, the risk of spreading a virus from phone to phone is very low. However, there have been a few reports indicating a breech in iphone s security system, especially when those phones have been altered or changed in some way. This 6

7 can cause the iphone to download and run unauthorised software, including many spyware programs, which can slow your system down and may even lead to identity theft. Meanwhile, you can use Apple s Configuration Utility to create a downloadable app, which your users can then install on their ios device to automatically prepare their machines for connection to the network. DEMO OF APPLE iphone CONFIGURATION UTILITY Demo_Wireless_Config_iOS.mobileconfig We ll just concentrate on some of the more popular settings, as the utility is pretty comprehensive, and in true Apple style, very intuitive; General Passcode Restrictions WiFi Exchange ActiveSync Credentials certificates can be used, if IIS is configured to accept it Mobile Device Management Advanced. Once you re happy with your app settings, test it on a single device before exporting the file and sharing it with your users. You could host it on a website, along with a set of download instructions. This app will not stop an iphone from contracting a virus or malware outside of your school network, but it will ensure that your existing controls, such as an Internet proxy and network antivirus solutions, have the opportunity to catch any threats it presents to the network. The added benefit is that it automates a lot of configuration that your users may otherwise rely on you for, such as setting up synchronisation for , calendars and contacts, and will inevitably save you time. With ios 5 recently released, there may be some additional things to think about, such as whether use of icloud and/or wireless sync could/should be disabled by policy. This may prevent data from being stored on cloud-based or local devices that aren t part of the school network, though I m not convinced this would be much of a concern from a school s viewpoint; certainly not for most users. Blackberry According to the people who make the Blackberry smartphone, additional security is not necessary due to their on-board security, but many experts are quick to disagree and insist that it is just a matter of time before the popularity of the Blackberry model makes it a target 7

8 for a virus attack. Nevertheless, Blackberry holds firm to their security statement, saying simply: The BlackBerry solution focuses on containing malicious programs. The BlackBerry software and core applications are digitally signed to ensure integrity and control access to the Application Programming Interfaces (APIs). Thus, the core BlackBerry smartphone functionality can t be directly accessed by other applications. Android Unlike many smartphones which are Windows or Symbian-based, the Android runs on a platform akin to Linux. Naturally, this means there are fewer virus attacks with the Android, mainly because most of the harmful programs are written to attack Windows-based programs, because that s what the majority of people use. However this does not mean that the Android is completely immune to the threat of attack. To date, except for a few isolated incidents, the Android ranks very high in terms of security - at least when measured against Windows Mobile and Symbian-based phones. Natively, Android phones can t connect through a proxy server, which may frustrate users who want to use the Internet via the school s wireless network. However, there are some free apps available that have been developed by users who found themselves far too frustrated with the lack of access. Having not tested any of these out myself, I d be reluctant to recommend any. However, simply Googling Android Proxy will result in a number of forum hits that share opinions on which ones are the best. Please be aware that most of these apps require rooting of your Android phone, which invalidates any support you may have had with the vendor or manufacturer, so it s up to the phone s owner as to whether they value network access over the warranty of their device. Android are aware of the issue, but to date no fix has been announced. Windows Phone Windows Mobile has some really nifty features for users who want to access network resources. Now there's no need to know your CAS server URL - all you need is your address/password, and Windows Mobile will use the Exchange auto-discover service to automatically provision your device for push /calendar/tasks/security. This makes it less likely for you to have to support your users in setting up their Exchange settings on their personal device. The nicest thing, however, about the Windows Mobile, from a network manager s perspective, is that v6.1 and above can join the domain by authenticating against the domain using the Domain Enroll feature and System Center Mobile Device Manager. This facilitates management of security, applications and settings through Active Directory-based policies. It s a way of managing this otherwise unmanaged device and it s a free download from the Microsoft website! Of course, it really depends on how many of your users have Windows Mobile 6.1+ as to how useful this tool is to you. 8

9 Symbian The Symbian OS is maintained by Nokia. Some estimates indicate that the cumulative number of mobile devices shipped with the Symbian OS up to the end of Q is 385 million! That s a lot of users. However, on February , Nokia announced that it would migrate away from Symbian to Windows Phone 7. Motorola, Samsung, LG, and Sony Ericsson have also made known their pending withdrawal from Symbian in favour of alternative platforms including Google's Android, Microsoft Windows Phone, and Samsung's bada, meaning the future lifespan of Symbian is in question. Symbian OS has been subject to a variety of viruses, the best known of which is Cabir. When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth, signals. It is believed to be harmless, except that it results in a shortened battery life on the phone due to constant scanning for other Bluetooth enabled devices. Either way, it successfully highlights the potential threat to mobile devices. So far, none of the known pieces of Symbian malware have taken advantage of any flaws in the Symbian OS. Instead, they have all asked the user whether they would like to install the software, with somewhat prominent warnings that it can't be trusted. Other known hostile programs do require user input to run, so education is the key to preventing any outbreaks. Symbian OS 9.x devices can be hacked to remove the platform security introduced in OS 9.1 onwards, allowing users to execute unsigned code. This allows altering system files and access to previously locked areas of the OS. The hack was criticised by Nokia for potentially increasing the threat posed by mobile viruses as unsigned code can be executed. Data storage The last type of device that we need to investigate, in the changing face of a modern network, is a data storage device. This could be an SD card, a USB flash drive or external hard drive, and pretty much any device that is used for storing data, which isn t directly managed by you. Staff and contractors within any organisation, including schools, are responsible for data security and the protection of personal and sensitive data under the Data Protection Act The Information Commissioner s Office (ICO) provides a set of recommendations, based upon the legal requirements set by UK law. Failure to comply with these recommendations is taken very seriously and may lead to substantial monetary penalties. Examples where the Data Protection Act has been breached In April of this year, a UK school was found in breach of the Data Protection Act after the theft of an unencrypted laptop from a teacher s car. The laptop contained personal information relating to 90 pupils at the school. Whilst not excusing the theft, the sensitive data should not have been on the laptop and the data should have been 9

10 encrypted. The laptop should also have been stored in a secure place overnight. The school were unaware of the need to encrypt portable and mobile storage devices, though they did have a policy stating that laptops should not be kept in cars whilst away from the school premises. In November 2010 an unencrypted laptop was stolen from the home of a subcontracted employee to the Legal Services Commission. The individual was fined 60k. In February 2011, two unencrypted laptops were stolen from the home of a Council employee. This individual was undertaking a subcontracted role for a nearby Local Authority at the time, and both agencies were fined 80k and 70k, respectively. With wide deployments of flash drives being used in various environments (secured or otherwise), the issue of data and information security remains of the utmost importance. The use of biometrics and encryption is becoming the norm with the need for increased security for data. On The Fly Encryption (OTFE) systems are particularly useful in this regard, as they can transparently encrypt large amounts of data. Many USB flash drives are now available with encryption. Encryption Whilst most if not all of you in this room will know the importance of data security, your staff may not and it is vital to decide upon a strategy, educate them and then issue guidelines on what is and is not acceptable. Make network shares password protected and/or encrypted as appropriate. Encryption is becoming increasingly used to prevent access to any sensitive or protected data that may exist on a device or in an electronic communication. First and foremost, strict guidelines on where personal data can and can t be stored is the first line of defence and should remain as such. Two main types of encryption exist; Storage encryption Both the storage device, and the data that exists on it, are encrypted in their own right Encrypted laptops Encrypted USB flash drives Data encryption The data is encrypted at a granular level Encrypted files and documents Encrypted s It is possible to use both types of encryption in parallel, for example a file that is already encrypted can be stored on a hard-drive, which is also encrypted. DESlock DESlock is our offering for encryption. Having worked alongside DESlock since 2009, we now sell DESlock+ Pro, with hard disk encryption fully supported by RM. 10

11 TrueCrypt TrueCrypt is a piece of open source software that is already used in many schools. It can create a virtual encrypted disk within a file or encrypt a partition or sometimes the entire storage device. However, it like other data storage solutions is not infallible, and has been criticised for a number of issues, some of which are listed below. TrueCrypt volumes are recognisable, though not with 100% certainty. Suspecting TrueCrypt encryption may make the data more desirable, if not more accessible. Passwords are stored in the memory. TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt. TrueCrypt documentation states that it can not secure data on a computer that has any kind of malware installed. Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when he or she gains physical access to the computer. In some cases a Secure USB Drive may use a hardware-based encryption mechanism that uses a hardware module instead of software for strongly encrypting data. BitLocker BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. However, it only works if you have a Trusted Platform Module (TPM); a special microchip in some newer computers with advanced security features. The latest version of Bitlocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives. BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office, which tried entering into talks with Microsoft to get one introduced, though Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they have not granted the wish to have one added. Nevertheless, in February 2008, a group of security researchers published details of a so called "cold boot attack" that allows a Bitlocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory. The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. This is very similar to the aforementioned attack on data encrypted by TrueCrypt. 11

12 BitLocker also doesn t prevent against data being taken off the live machine that hosts the storage drive. If someone is able to gain access to the data server, they can take the data unencrypted there and then. Pretty Good Privacy (PGP) PGP encryption is another piece of software, currently distributed by Symantec, but with many variants available as freeware, that uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography for datacommunication or s. Each step uses one of several supported algorithms. Each public key is bound to a user name and/or an address. Interestingly, in 1993 PGP s founder, Phil Zimmerman, found himself on the wrong side of a criminal investigation after PGP encryption found its way outside of the USA, shortly after its release. US export regulations considered cryptosystems using keys larger than 40 bits as munitions, and not owning a munitions license, he was suspected of dealing in nonexportable weapons! After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. To prove a point, he published the source code in a hardback book, which developers could then scan in using OCR technology and build upon. Whilst trading in the software itself was illegal, distribution of books was protected by the US Constitution s First Amendment, pertaining to freedom of speech. Thankfully, PGP encryption no longer meets the definition of a non-exportable weapon. There is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Current versions are recommended as earlier editions have been found to have theoretical vulnerabilities. Evidence suggests that as of 2007, British police investigators are unable to break PGP, so instead have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for 9 months for refusing to provide police investigators with encryption keys to PGP-encrypted files. All in all, it s a pretty good tool. Encryption summary The overall message, then, is that encryption is better than nothing, but like most security solutions, it has its limitations. There is no replacement for users being careful with where you store data, how you transport data and having a lockable cabinet! Portable storage control Portable storage control means restricting what can and can t be achieved using removable media, such as preventing executables from running, or making contents read only. Custom template One method for establishing portable storage control involves creating a custom administrative template that contains a group policy template, which provides access to a setting that can be used to disable a USB port. Instructions and code for creating this 12

13 template can be found on the Microsoft website. If you're too intimidated to create a custom administrative template, you can download a template copy from a variety of websites. RM Tutor 5 Another useful, but underused tool, can be found in RM Tutor 5 powered by NetSupport for Community Connect. Predominantly used by teachers, RM Tutor has a number of features to help control usage on client machines, as required; Media blocking facility for all removable media. Teachers can choose to make media types read only and/or prevent executable files from being run. Internet blocking uses black and white lists to restrict which websites can be accessed by users. RM Tutor Encryption Utility can be used to protect against access from nonauthorised clients, who may have got hold of the Tutor client software (see TEC in the RM Support Knowledge Library. Tech Console, designed specifically for network managers (Tutor 5 on CC4 only): 1. View all managed computers across the campus, monitor computer screens in each classroom, generate a full hardware and software inventory from each PC, remotely manage services and processes, deliver files to all selected computers in a single action and much more. 2. This tool is particularly useful, not only to offer remote support, but if you are concerned about a particular user or group of users you can monitor their usage, without them realising. This may sound quite big-brother, and in all honesty it is. Imagine, though, how useful this would be when trying to deal with an instance of cyber-bullying or known attempts to bypass the school s proxy. Disabling AutoRun Another option you may like to try is disabling the AutoRun facility on portable media. Many virus files use autorun.inf to begin executing and infecting your computer. This spreads itself across the computer by making the multiple copies of the autorun.inf and.exe files on every drive of the computer, and potentially the network. Any portable media used thereafter may then be re-infected, ready to be spread onto other machines. Viruses could connect to a malicious website and install a key logger on your PC, which would seek to steal all sorts of sensitive information. Conficker and Stuxnet both make use of this vulnerability. Please note that disabling AutoRun may inconvenience your users, and as with any new introduction, it s always best to test it on a sample of machines first! Microsoft has already issued an update, which disables AutoRun on USB devices only for Windows XP, Windows Vista and Windows Server 2003 and 2008 operating systems. As it is not a security update, it would not automatically be made available through WSUS on CC4, though it could be manually packaged up and distributed across the network. To disable the AutoRun feature on other removable media, or for Windows 7, firstly, check the Microsoft knowledge article for KB967715, to make sure you ve installed the relevant updates to fix a known bug that prevents you from disabling AutoRun; 13

14 DEMO Windows Server 2008, (Windows 7?) or Windows Vista Use either of the following methods: 1. Click Start 2. Type gpedit.msc in the Start Search box, and then press Enter. 3. If you are prompted for an administrator password or for confirmation, type the password, or click Allow. 4. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click AutoPlay Policies. Then either Or 1. In the Details pane, double-click Turn off Autoplay. 2. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives. 3. Restart the computer. 1. In the Details pane, double-click Default Behavior for AutoRun. 2. Click Enabled, and then select Do not execute any autorun commands in the Default Autorun behavior box to disable Autorun on all drives. 3. Restart the computer. DEMO Windows Server 2003, Windows XP Professional 4. Click Start, click Run, type Gpedit.msc in the Open box, and then click OK. 5. Under Computer Configuration, expand Administrative Templates, and then click System. 6. In the Settings pane, right-click Turn off Autoplay, and then click Properties. 7. Click Enabled, and then select All drives in the Turn off Autoplay box to disable AutoRun on all drives. 8. Click OK to close the Turn off Autoplay Properties dialog box. 9. Restart the computer. Infrastructure There are many solutions that can be placed within or alongside your core infrastructure to implement generic security measures. Some we know and love, and have been in use for a number of years. However, different technologies pose different threats, and many solutions aren t designed to cope with the vulnerabilities present in this day and age. Usually, a combination of solutions is needed. Commonly used solutions are; Authentication As well as traditional methods, such as username and password logon credentials, twofactor authentication methods such as smart cards, USB & software tokens and biometrics are becoming increasingly used in enterprise to facilitate remote access. Biometrics is the 14

15 preferred option for schools, as tokens or cards that use algorithms tend to be very costly. Fingerprint recognition is often used with cashless catering systems and libraries. Usable by children as young as three years old, it is a simple and effective way of preventing fraudulent use of many different systems, including laptops with integrated fingerprint recognition. One common misconception of such devices is that they store a copy of the fingerprint, raising concerns over civil liberties. However, the software stored is in fact a series of some 30 digits, from which it would be impossible to reconstruct the print and parental consent does not have to be legally sought. AV Antivirus software is used to prevent, detect and remove all sorts of malware. It remains an integral part of any security solution within a school network. Some antivirus software don t consider a proxy may exist e.g. Microsoft Security Essentials, so some users may have difficulty connecting to the Internet when using their personal device at school. Internet proxy Most schools use an Internet proxy to evaluate connection requests to the Internet, according to a set of rules much like a firewall. This works well for managed computers, access for unmanaged devices can be difficult to impose. In a Windows network, NT LAN Manager (NTLM) protocol can be used to authenticate all devices against the proxy server. This greatly reduces the likelihood of unauthorised access and can serve unmanaged devices, which are not joined to the domain. Encouraging use of the school network for Internet access means that traffic is recorded in proxy logs, ensuring a reference is available if needed at a later date. Pin codes can be used with smartphones to avoid having to enter unwieldy usernames and passwords. If you are considering using NTLM authentication on your proxy, be aware of the following lessons from previous such rollouts: Before implementing NTLM, audit the applications being used on your LAN. Some applications simply do not support NTLM authentication, and understanding what applications are being used and testing them in an isolated environment before going live with proxy authentication will greatly reduce the impact of the change and the number of support calls that you receive from your users. This has the added benefit of creating a greater understanding of the type of applications that are running on your network, with some you may previously have been unaware of. As a considerable number of third party apps do not support proxy authentication you will need to decide whether to: o Permit the URLs in question to bypass proxy authentication, by using a whitelist. o Take a stance on third party applications that are permitted for use on the wireless network. You will see far fewer authentication prompts and much greater support for proxy authentication if your Windows PCs and laptops are joined to the domain. For users 15

16 of devices that cannot be joined to the domain, they ll need to familiarise themselves with Windows Credential Manager they ll be using it a lot! Dynamic Host Configuration Protocol DHCP is used as a configuration protocol for hosts on Internet Protocol (IP) addresses. Most schools use DHCP to avoid overheads within the network management team IP addresses are dished out as required, without the need to manually assign each one. Some schools have been known to deliberately max out the number of DHCP leases available, thus preventing access to the network from a potentially illegitimate request. The problem with this solution is that it also blocks out any legitimate requests, forcing the network management team to be directly involved in any such request for access. This kind of negates the whole point of using DHCP in the first place! Media Access Control address A MAC address is a unique identifier assigned to network interfaces. They are often assigned by the manufacturer of the Network Interface Card (NIC), and some schools use a white list to only authorise MAC addresses which are known to them. Like maxing out DHCP settings, this makes a lot more work for the network team, as any legitimate request for access has to come through them. I ve used MAC addresses to restrict access to a network myself before, but it was years ago when I shared a house with other lodgers, and got fed up of their friends maxing out my download limit. I only had to maintain five MAC addresses, which was very simple and straightforward. However, this is not an easily scalable solution; especially if you are trying to facilitate access to user s personal devices. The time and effort needed to maintain such a list would be vast, along with frustrating for users who can t get on to the network without jumping through a number of time-consuming hoops first. Using MAC addresses is also not particularly secure. Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware. Changing one s MAC address to exploit security vulnerabilities is known as MAC Spoofing, with which: Anyone with an receiver (laptop and wireless adapter) and a freeware wireless packet analyzer can obtain the MAC address of any transmitting within range, A user can hide the computer from the network, A user can impersonate an authorised device on the network, A user can use a previously assigned MAC address to avoid hassle when connecting a new machine. Wireless LANs WLANs are heavily used in schools as a way of unharnessing users from their desks. WLANs are also a good way of allowing controlled access to guest users who have laptops and mobile devices. 16

17 The first wireless network was developed by Norman Abramson at the University of Hawaii and was called ALOHAnet. This is nothing to do with security, but it s such an obscure fact that I had to include it! Gone are the days when wireless connections were slow, unreliable and insecure. Remote Authentication Dial In User Service (RADIUS) Servers maintain a consistent connection as users roam from one access point to another. A well-managed WLAN can be a secure way of allowing unmanaged devices to connect to your network, but poorly managed, it can be vulnerable to a huge number of threats; Wireless authentication methods Many schools, especially primaries, use off-the-shelf routers and fail to customise the security settings, meaning their wireless connection and router are both completely unsecured and vulnerable to anyone with an ounce of nous. I ve heard stories of opportunists logging on a school s router by connecting to the unsecured WLAN, Googling the default admin logon credentials, disconnecting it from the Internet, then offering to fix the connection for a set price. It s like malware in the flesh! WEP, whilst better than no security, has been found to have vulnerabilities that could easily be exploited i Security is rigorous, but hardware needs to be comparatively new to use it. Both WPA and WPA2 support EAP authentication methods using RADIUS servers and preshared key (PSK). Change the access key regularly to increase security against previous users, who are no longer authorised. RADIUS acts as a gatekeeper through the use of verifying identities through a username and password that is already pre-determined by the user. A RADIUS server can also be configured to enforce user policies and restrictions as well as recording accounting information such as time connected. When used with IIS, the machine, as well as the user, is authenticated. Some schools are known to have used RADIUS with their wired network. This approach is not recommended, as the infrastructure within the wired network (switches, Windows clients) is not designed to accommodate wireless 802.1x. The end result could become very difficult to manage and maintain. Guest WLANs Hosting your guest WLAN on a separate VLAN to your main network can help to keep such users away from the core resources. Users with no domain authorisation can use resources such as the Internet without posing a threat to your network. Trapeze Having acquired Trapeze Networks in 2010, Juniper now offer SmartPass, which gives network managers dynamic access control over all users and devices on a wireless LAN. It can adjust access privileges as a user's circumstances change, and securely provision hundreds of guest users on demand. One of the most desirable features is individual sets of guest logon credentials that time-out after a set period. 17

18 Unified Threat Management Firewalls and antivirus software, whilst great at doing what they were initially intended for, may struggle to cope with the wide variety of attacks that may occur today. The next generation of network security is Unified Threat Management, or UTM. Identity-based UTM appliances, offered by companies like Cisco and Juniper, offer comprehensive protection against emerging blended threats, which are a combination of worms, trojans, virus, and other kinds of malware. While simple UTMs identify only IP addresses in the network, identity-based UTMs provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering complete visibility and control on the network activities. The identity-based feature of such UTMs runs across the entire feature set, enabling enterprises to identify patterns of behaviour by specific users or groups that can signify misuse, unauthorised intrusions, or malicious attacks from inside or outside the enterprise. The strength of UTM technology is that it is designed to offer comprehensive security while keeping security an easy-to-manage affair. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behaviour in the network. As identity-based UTMs do not depend on IP addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and Wi- Fi and especially in a scenario where multiple users share the same computer, such as in a school. General usage Whether on managed or unmanaged devices, there are some guidelines which still hold true. Some of the most basic security measures are often forgotten in this world of technological advances, and the increased attack vector makes it even more important that we adhere to certain rules. Digital certification SSL Certificates are electronic documents, which are used by many web services to verify the legitimacy of a request and provide a secure connection. To try and save cost, some schools opt for self-issued certificates, generated from the domain controller, instead of purchasing an SSL Certificate from a trusted Certificate Authority (CA). However, when users first connect to the service from a unmanaged computer, they ll need to download and install the root certificate. Failure to do so will prevent connection to the service. To improve the user experience, and reduce overheads for the network team, SSL Certificates are strongly recommended as they are already trusted by the browser or interface being used. Acceptable Usage Policies AUPs have two main benefits they educate the user so they know what is expected of them in terms of what they are and are not permitted to do, and they are a record of acceptance of those conditions. Many AUPs are sent out once, clicked through and forgotten. To make your AUP more effective, follow the guidelines below. 18

19 Make it clear using normal language. Lots of technical jargon and confusingly long sentences will make the user less likely to understand what is meant. Tailor it to your target audience. Perhaps a separate AUP is required for students and staff? Consequences must be detailed. A user is less likely to make a breach if they know what the subsequent response will be e.g. loss of Internet during breaktimes for a week. Regularly revise and resend the AUP, highlighting any changes since the last one. Keep it short use hyperlinks to a web page for users that want to access more detailed information. Passwords A strong password is a useful weapon against unauthorised access. When Hotmail s security was compromised a few years ago, the most common password was found to be Weaker passwords are easier to remember, but the majority of security solutions today that use passwords have a reset option. Most schools have individual user accounts, each with a unique set of logon credentials. However, group logons are still commonplace for some, especially in primary schools. Individual user accounts mean that any breach of the AUP or security can be traced to that individual user. Group logons cast reasonable doubt over any accusation. Group credentials are often posted all over teachers notice boards, so they don t forget the details, and security is undeniably compromised. Many schools don t insist that users change their passwords regularly, and this too vastly increases the risk that their account could be compromised; the longer a password exists, the more time is available to crack it. Encourage users of unmanaged devices to password protect their device. If they have a Home Edition OS with no security logon, the chances are the wireless settings are configured to connect automatically, so a stolen computer could pose a real security issue. Ensure that any network shares are also password protected. Making areas read only does not stop someone from accessing the information, so it s a simple and effective way of protecting your data. Finally, don t use the same password for all your different accounts, especially those that contain sensitive data. In March of this year, a UK school suffered yet another breach of the Data Protection Act, after a pupil hacked a teacher s website account, and re-used the same password to access other parts of the system. This included the SIMs data for 20,000 individuals, of which 7,600 were pupils. The data was then published online. 19

20 The future of security It s all very well reacting to recent changes, but what s going to happen next? A look ahead will help us prepare for the future of school networking. The Cloud I know, I know here s yet another person talking about the cloud. Everyone knows it s just another name for the Internet! That may be so, but renting networks that are hosted on the cloud, instead of managing a traditional network of locally run servers, is likely to be the reality within the next year or two. Less overheads means cheaper running costs, and in the current climate, this is a solution that will really appeal to a lot of schools. In terms of security, some may be concerned about how much control exists over sensitive data and access to the network. Suppliers will have to provide robust offerings to gain confidence in their solution. The traditional boundaries of a school network will become even more blurred, as everyone moves towards their own personal piece of the cloud. Mobile data storage devices may become a thing of the past as everything becomes accessible online and Internet black spots disappear. Windows 8 Windows 8 Metro UI will have a new type of photo login screen designed for touch. You will be able to record your own unique sequence of touch points and swipes to authenticate, instead of using a password. Its efficient processing and small footprint mean it is as likely to be found on unmanaged devices as managed ones and is an accessible way to join a domain for students as young as 3 years old. You may recall in our last round of Seminars that Matt s future technologies presentation talked about how Microsoft were planning to provide ARM processor support for Windows 8 (ARM being a processor architecture that was historically for low power devices). Well its happened, and in the keynotes seminar on 14 September 2011, the end user experience was done on exactly that an ARM based device. So what? Well it blurs the boundaries between managed, Windows computers and unmanaged Windows phones. The ARM device demoed had a built-in 3G modem. At what point will we cease to recognise the difference between smartphones and slate computers? Malware The future of malware won t be so much about how the software itself will be engineered, as how potential victims will be targeted. Have you ever accepted a friend invite on Facebook or connected to someone on LinkedIn you didn't know? Maybe, you thought this was someone from school you had forgotten about or a former business partner whose name had slipped your mind. "When people make trust decisions with social networks, they don't always understand the ramifications. Today, you are far more knowable by someone who doesn't know you than ever before in the past," says Dr. Hugh Thompson, program chair of RSA Conferences. 20

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

BYOD: BRING YOUR OWN DEVICE.

BYOD: BRING YOUR OWN DEVICE. white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005 Brazosport College VPN Connection Installation and Setup Instructions Draft 2 March 24, 2005 Introduction This is an initial draft of these instructions. These instructions have been tested by the IT department

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Bring Your Own Device:

Bring Your Own Device: Bring Your Own Device: Finding the perfect balance between Security, Performance, Flexibility & Manageability SECURELINK WHITEPAPER 2012 By Frank Staut Management summary This white paper discusses some

More information

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v15.5.0 ONWARDS)

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v15.5.0 ONWARDS) Web: Overview INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v15.5.0 ONWARDS) This document provides an installation and configuration guide for MDaemon Messaging Server along with

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

This guide will go through the common ways that a user can make their computer more secure.

This guide will go through the common ways that a user can make their computer more secure. A beginners guide in how to make a Laptop/PC more secure. This guide will go through the common ways that a user can make their computer more secure. Here are the key points covered: 1) Device Password

More information

AVG AntiVirus. How does this benefit you?

AVG AntiVirus. How does this benefit you? AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of

More information

Mobile Device Strategy

Mobile Device Strategy Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.

More information

2X SecureRemoteDesktop. Version 1.1

2X SecureRemoteDesktop. Version 1.1 2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Basic Security Considerations for Email and Web Browsing

Basic Security Considerations for Email and Web Browsing Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable

More information

Cyber Security: Beginners Guide to Firewalls

Cyber Security: Beginners Guide to Firewalls Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere OneDrive for Business with Hosted SharePoint Secure UK Cloud Document Management from Your Office Anywhere Cloud Storage is commonplace but for businesses that want secure UK Cloud based document and records

More information

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

AVeS Cloud Security powered by SYMANTEC TM

AVeS Cloud Security powered by SYMANTEC TM Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting

More information

Kaspersky Security 10 for Mobile Implementation Guide

Kaspersky Security 10 for Mobile Implementation Guide Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful

More information

HomeNet. Gateway User Guide

HomeNet. Gateway User Guide HomeNet Gateway User Guide Gateway User Guide Table of Contents HomeNet Gateway User Guide Gateway User Guide Table of Contents... 2 Introduction... 3 What is the HomeNet Gateway (Gateway)?... 3 How do

More information

IT user guide. Campus WiFi eduroam. September 2015. www.kent.ac.uk/itservices Information Services

IT user guide. Campus WiFi eduroam. September 2015. www.kent.ac.uk/itservices Information Services IT user guide Campus WiFi eduroam September 2015 www.kent.ac.uk/itservices Information Services Before you get online Hello eduroam! You can pick up the University WiFi service eduroam in all indoor spaces

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Cyber Security Education & Awareness. Guide for User s

Cyber Security Education & Awareness. Guide for User s Cyber Security Education & Awareness Guide for User s Release Q1 2010 Version 1.1 CONTENTS 1. Introduction 2. Protection against Nasty Code 3. System Security Maintenance 4. Personal Firewalls 5. Wireless

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend

More information

AkrutoSync 4.0 User Guide

AkrutoSync 4.0 User Guide AKRUTO AkrutoSync 4.0 User Guide Welcome Thank you for choosing AkrutoSync. AkrutoSync can synchronize your Contacts, Calendar and Tasks between Outlook on your computer and your Windows Phone. AkrutoSync

More information

Systems Manager Cloud Based Mobile Device Management

Systems Manager Cloud Based Mobile Device Management Datasheet Systems Manager Systems Manager Cloud Based Mobile Device Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, and monitoring of the

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Student Halls Network. Connection Guide

Student Halls Network. Connection Guide Student Halls Network Connection Guide Contents: Page 3 Page 4 Page 6 Page 10 Page 17 Page 18 Page 19 Page 20 Introduction Network Connection Policy Connecting to the Student Halls Network Connecting to

More information

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary Contents Introduction What is the Cloud? How does it work? Types of Cloud Service Cloud Service Providers Summary Introduction The CLOUD! It seems to be everywhere these days; you can t get away from it!

More information

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking This Time Safety & Security in ICT Systems INFO 2 Oliver Boorman-Humphrey www.oliverboorman.biz This time we look at the need to protect data in ICT systems and the subsequent threats if these measures

More information

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY. BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next CONTENTS 1. OPEN ALL HOURS...2 Page 2. MOBILE DEVICE MANAGEMENT

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

Mobile Operating Systems & Security

Mobile Operating Systems & Security Mobile Operating Systems & Security How can I protect myself? Operating Systems Android Apple Microsoft What do they do? operate smartphones, tablets, watches and other mobile devices includes touchscreens

More information

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS)

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS) Web: Overview INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS) This document is designed to provide a quick installation and configuration guide for MDaemon along

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

How to make a VPN connection to our servers from Windows 8

How to make a VPN connection to our servers from Windows 8 How to make a VPN connection to our servers from Windows 8 Windows 8 is able to make a newer type of VPN connection called a Secure Socket Tunnelling Protocol (SSTP) connection. This works just like a

More information

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Kaspersky Endpoint Security 10 for Windows. Deployment guide Kaspersky Endpoint Security 10 for Windows Deployment guide Introduction Typical Corporate Network Network servers Internet Gateway Workstations Mail servers Portable media Malware Intrusion Routes Viruses

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Installing Logos SSL Certificates on Mobile Devices

Installing Logos SSL Certificates on Mobile Devices Installing Logos SSL Certificates on Mobile Devices Phase 1: Obtain the SSL Certificate You can obtain the SSL certificate in one of 2 ways. Method 1 Download the SSL certificate from it.logostech.net

More information

Codeproof Mobile Security & SaaS MDM Platform

Codeproof Mobile Security & SaaS MDM Platform Codeproof Mobile Security & SaaS MDM Platform info@codeproof.com https://codeproof.com Mobile devices have been transformed into multi-faceted, multi-tasking, multimedia tools for personal expression,

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

Chapter 15: Computer and Network Security

Chapter 15: Computer and Network Security Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How

More information

Acceptable Use Guidelines

Acceptable Use Guidelines Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

Backing up your digital image collection provides it with essential protection.

Backing up your digital image collection provides it with essential protection. Backing up your digital image collection provides it with essential protection. In this chapter, you ll learn more about your options for creating a reliable backup of your entire digital image library.

More information

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

More information

ANDRA ZAHARIA MARCOM MANAGER

ANDRA ZAHARIA MARCOM MANAGER 10 Warning Signs that Your Computer is Malware Infected [Updated] ANDRA ZAHARIA MARCOM MANAGER MAY 16TH, 2016 6:05 Malware affects us all The increasing number of Internet users worldwide creates an equal

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Introduction. PCI DSS Overview

Introduction. PCI DSS Overview Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security

More information

Securing Corporate Email on Personal Mobile Devices

Securing Corporate Email on Personal Mobile Devices Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...

More information

BOYD- Empowering Users, Not Weakening Security

BOYD- Empowering Users, Not Weakening Security BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public

More information

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned

More information

Citrix Access Gateway Plug-in for Windows User Guide

Citrix Access Gateway Plug-in for Windows User Guide Citrix Access Gateway Plug-in for Windows User Guide Access Gateway 9.2, Enterprise Edition Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance

More information

Tips for Banking Online Safely

Tips for Banking Online Safely If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining

More information

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security

More information

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library Why should you be concerned? There are over 1 million known computer viruses. An unprotected computer on the

More information

NETGEAR genie Apps. User Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. August 2012 202-10933-04 v1.0

NETGEAR genie Apps. User Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. August 2012 202-10933-04 v1.0 User Manual 350 East Plumeria Drive San Jose, CA 95134 USA August 2012 202-10933-04 v1.0 Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online,

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Multi-Factor Authentication

Multi-Factor Authentication Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to

More information

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work. OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android

More information

Using a VPN with Niagara Systems. v0.3 6, July 2013

Using a VPN with Niagara Systems. v0.3 6, July 2013 v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information