How To Secure A School Network
|
|
- Lydia Hart
- 3 years ago
- Views:
Transcription
1 Introduction Hello everyone. Today we re going to take a look at network security in light of the changing face of a school Network. History of network security As recently as five or six years ago, most networks were definite entities with clear and distinct boundaries, that would look something like this; Conceded, this is a very basic model, and you may have used all manner of other variations. However, it demonstrates how most stations are managed or in other words, they are joined to the domain and the network management team control user permissions, program sets, the software that was installed upon them, which printers they could use and pretty much everything else. Network security meant making sure a firewall was in place, using a suitable anti-virus solution and controlling users to connect to and use the network with logon credentials, passwords and permissions. How network usage is changing As modern technologies have exploded onto the scene in the 21 st Century, the boundaries of a classic network have become blurred. The existing managed set up has been joined by all manner of devices and solutions, many of which are not necessarily joined to the domain. 1
2 As you can see, it s very different. Access is no longer limited to desk-based users. People want to connect from home to work more flexible hours. Users will want to use their own personal devices such as PDAs, smartphones and netbooks at school. Printers can now connect wirelessly and VOIP telephony is being adopted as a smart way to improve communications and reduce costs. A recent survey conducted by RM quizzed secondary school network managers on their expected usage of mobile devices in the next two years, and the positive feedback was surprisingly high. With this new breed of network, it is not advisable to rely solely on existing controls to keep your network safe and secure, because there are more risks to consider: Antivirus software is often down to personal choice Users control and manage their own devices, and can install any software Users may not realise if their devices are at risk, or infected Downloading of illegal or pirated content by users through the school connection may result in disconnection by the ISP Wireless connections are much more common, and need to be extra secure External Data Storage devices are difficult to monitor and keep track of Personal devices can be a distraction from work Remote access to your network infinitely increases the attack vector. 2
3 Wouldn t it be easier to simply refuse access for anything that s not directly managed by you? Appealing as this sounds, a dynamic network is now well established and here to stay. Empowering your users to connect to your network has a lot of benefits, including: Personal devices help to keep costs low, as users pay for and maintain their own hardware and software. This is particularly important, in light of the recent constraints on funding for education Denial of access will result in dissatisfied users who are more likely to complain Modern technology has resulted in some fantastic learning tools put an ipad in front of a student with a media project to see for yourself Remote access encourages staff and students to work outside of school hours, increasing productivity. Devices What can we do about these risks? Can we eradicate all of them to help keep a safe environment? In theory, yes we can. However, it s all about compromise more control often means more overhead in both cost and effort, and finding a happy medium between security of your network and convenience for your users is unique to your school. This session will go through some practical tips to help you find the right balance and implement any measures you feel are appropriate. Let s start by examining a managed device, which is joined to your network as part of the domain. Users log on to the domain with credentials such as a username and password. Schools make much heavier use of roaming profiles than business environments, as many users are not tied down to only one computer. The Active Directory (AD) is used to organise computers and users into groups, and policies are used to mandate what a user can and cannot do on the machine he is using. All in all, there is a lot of control and this remains a secure solution. Not all devices, though, can be joined to the domain easily. What solutions exist for different types of unmanaged devices? Unmanaged netbooks Most home netbooks run on a Home edition of the Windows operating system. The main difference between these and other editions of Windows is that they do not have the capacity to authenticate against the domain, meaning a user cannot join their device to the network. If a user has a Professional OS edition, it s best to join them to the domain wherever possible, and make them a managed machine. However, for Home operating systems and Guests, there are a number of ways to facilitate access: 3
4 Connection without authentication Connecting the device either wired or wirelessly, without authentication against the domain, would provide Internet access, as well as shared resources. The main drawbacks of this solution are: Access to resources such as the Internet, shared folders or printers would mean regular prompts to the user to authenticate, though this can be eased somewhat with Windows 7 credential manager Someone could join your network and easily access your Internet connection by simply plugging a network cable into their computer, or through an unsecure wireless connection. 1. Putting your Guest WLAN on a separate VLAN will help to keep traffic from unmanaged devices separate from your core network, but may restrict access to shared resources. 2. Secure your wireless network, and issue out a password from reception for guests. Change it regularly to avoid users reconnecting at a later date without further authorisation. RM Connector for CC3 and CC4 RM Connector software facilitates Home operating systems authenticating against the domain, using a server and client side installation. This allows registered users to connect with their normal logon credentials, and gain access to shared areas, printers and the Internet It is also configurable to Block, Warn or Ignore if virus definitions and/or Windows Security Updates are out of date It is easily installable on the device by the user, who downloads the software from a website hosted locally on the school server RM Connector provides an Acceptable Usage Policy screen, which users have to accept before they can connect. This means they are presented with the school s policy on network usage and have to confirm acceptance before proceeding RM Connector Service Release 1 was released earlier this year, so Windows Vista and Windows 7 (32 & 64-bit) are now supported RM Connector automatically relinquishes proxy settings upon disconnection from the school network, meaning your user s connection will continue to work at home automatically CC4 Store Our new network for small schools - uses RM Connector Technology, and includes all of the features above. If you support a small school in your local area, you may want more information on this innovative new product. CC4 Anywhere CC4 Anywhere allows users to access the school network by logging on to a Citrix XenApp Remote Desktop Server and accessing their profile from there. 4
5 External access is forced through the Citrix Access Gateway (CAG), to ensure a secure connection. VLANs can be used to force any unmanaged device to access the connection via the CAG. CC4 Anywhere can also be used to connect almost any device that has an Internet connection. I m not going to harp on any more about these RM products that I m sure you ve all seen and heard of before, except to say that they are designed with unmanaged devices in mind and are therefore natural candidates to help you manage your network more easily. Software A personal netbook user is most likely to be a local admin on the machine, and has sufficient permissions to install and uninstall any software he chooses. He may choose to install applications, which aren t appropriate for use within school hours, or an application that may pose a threat, such as malware. If the software relies on an Internet connection, however, its usage can be controlled by denying access via proxy settings. This means the software will continue to work at home, but is inhibited within the confines of the school network. Examples of where you may want to consider doing this are Facebook, Spotify, certain websites, instant messaging software and others. Of course, some schools find these apps useful, so it s really down to the preference of your Senior Management Team. Other considerations include whether or not you want users to have access to their phone s camera and other peripherals, whilst connected to the network. Local admins, of course, have permission to change any configuration settings you may have set up for them. The best way to discourage this is to have a minimum criteria, so that any breach in rules results in the connection being broken and access becomes restricted. A good example of this would be using a proxy. If the user doesn t have the correct proxy settings configured on their machine, they will not be able to access the Internet, but can still access shared areas and printers. Client antivirus Your user may not be using your preferred antivirus solution, which isn t necessarily a big deal in itself, provided he does have a suitable alternative and his virus definitions and Windows Security Updates are valid. RMVP5.1 s Find Unmanaged Computers and Unmanaged Detector features can scan the network and alert you when a computer logs on that doesn t have the RM offering of Symantec Endpoint Protection 11 on it. Once identified, the user could then be provided with a copy of the Home Use software to install on their machine locally, which is covered by the free RMVP5.1 home use licensing. Smartphones & PDAs Many users now have Smartphones and PDAs, which are a great example of a device that can be used whilst carrying. Unlike laptops, which whilst mobile, tend to be used in between 5
6 journeys, the Smartphone is accessible on the go. Working on a variety of mobile operating systems, they achieve much the same goal. Many users take advantage of the Mail-Sync features in their phones, among others, but are often reluctant to do so on their 3G connection, which can be slow and at times eat into their data usage allowance. Other applications can also help increase productivity and facilitate learning, so facilitating access to the network is a win-win situation. Mobile antivirus From a security viewpoint, antivirus software is rarely found on mobile devices such as smartphones, though it seems that a shift in opinion is happening, with many experts now recommending mobile anti virus software as critical. Generic mobile antivirus products are available. Symantec, Kaspersky and F-Secure are just some of the development companies who have created products to fill this niche, but of course they all come at a price and most of them are only available for Windows Mobile or Symbian OS. The debate still rages on about whether or not certain phones such as the Android, Blackberry or iphone could benefit from some type of antivirus software. Many experts agree that it s just a matter of time before hackers and malicious users discover ways to infiltrate these systems and cause havoc, which is undoubtedly why many popular computer antivirus creators such as Symantec and Kaspersky have jumped in with both feet to the mobile antivirus market. The truth is this: as smartphones become a more necessary part of our daily lives, there will always be people out there who are bent on destruction, creating malware and trying to disrupt the chain of communication. Microsoft Exchange ActiveSync A lot of smartphones have the capacity to interact with Microsoft Exchange ActiveSync, which is an integral feature in Exchange 2010, with no additional licences needed. Using Exchange ActiveSync, mobile users can access , voice mail, rights-protected messages, and instant message conversations on their smartphones. As a network manager, you can choose to limit which device models are authorised and remote-wipe the device if a security breach occurs. Policy support and allow/block/quarantine lists, including exceptions down to the individual user level, come as standard. Realising that mobile access is becoming an industry standard, in all enterprises, including schools, most mobile phone manufacturers now offer ways to easily configure their models to be used with ActiveSync. ios ios 4 devices include the iphone, ipad and ipod Touch families. A recent poll conducted by the tech firm Westcoastcloud found that one in ten children under the age of ten now own an iphone, while one in 20 owns an ipad. ios does not feature any added security software. Because the iphone does not share apps, the risk of spreading a virus from phone to phone is very low. However, there have been a few reports indicating a breech in iphone s security system, especially when those phones have been altered or changed in some way. This 6
7 can cause the iphone to download and run unauthorised software, including many spyware programs, which can slow your system down and may even lead to identity theft. Meanwhile, you can use Apple s Configuration Utility to create a downloadable app, which your users can then install on their ios device to automatically prepare their machines for connection to the network. DEMO OF APPLE iphone CONFIGURATION UTILITY Demo_Wireless_Config_iOS.mobileconfig We ll just concentrate on some of the more popular settings, as the utility is pretty comprehensive, and in true Apple style, very intuitive; General Passcode Restrictions WiFi Exchange ActiveSync Credentials certificates can be used, if IIS is configured to accept it Mobile Device Management Advanced. Once you re happy with your app settings, test it on a single device before exporting the file and sharing it with your users. You could host it on a website, along with a set of download instructions. This app will not stop an iphone from contracting a virus or malware outside of your school network, but it will ensure that your existing controls, such as an Internet proxy and network antivirus solutions, have the opportunity to catch any threats it presents to the network. The added benefit is that it automates a lot of configuration that your users may otherwise rely on you for, such as setting up synchronisation for , calendars and contacts, and will inevitably save you time. With ios 5 recently released, there may be some additional things to think about, such as whether use of icloud and/or wireless sync could/should be disabled by policy. This may prevent data from being stored on cloud-based or local devices that aren t part of the school network, though I m not convinced this would be much of a concern from a school s viewpoint; certainly not for most users. Blackberry According to the people who make the Blackberry smartphone, additional security is not necessary due to their on-board security, but many experts are quick to disagree and insist that it is just a matter of time before the popularity of the Blackberry model makes it a target 7
8 for a virus attack. Nevertheless, Blackberry holds firm to their security statement, saying simply: The BlackBerry solution focuses on containing malicious programs. The BlackBerry software and core applications are digitally signed to ensure integrity and control access to the Application Programming Interfaces (APIs). Thus, the core BlackBerry smartphone functionality can t be directly accessed by other applications. Android Unlike many smartphones which are Windows or Symbian-based, the Android runs on a platform akin to Linux. Naturally, this means there are fewer virus attacks with the Android, mainly because most of the harmful programs are written to attack Windows-based programs, because that s what the majority of people use. However this does not mean that the Android is completely immune to the threat of attack. To date, except for a few isolated incidents, the Android ranks very high in terms of security - at least when measured against Windows Mobile and Symbian-based phones. Natively, Android phones can t connect through a proxy server, which may frustrate users who want to use the Internet via the school s wireless network. However, there are some free apps available that have been developed by users who found themselves far too frustrated with the lack of access. Having not tested any of these out myself, I d be reluctant to recommend any. However, simply Googling Android Proxy will result in a number of forum hits that share opinions on which ones are the best. Please be aware that most of these apps require rooting of your Android phone, which invalidates any support you may have had with the vendor or manufacturer, so it s up to the phone s owner as to whether they value network access over the warranty of their device. Android are aware of the issue, but to date no fix has been announced. Windows Phone Windows Mobile has some really nifty features for users who want to access network resources. Now there's no need to know your CAS server URL - all you need is your address/password, and Windows Mobile will use the Exchange auto-discover service to automatically provision your device for push /calendar/tasks/security. This makes it less likely for you to have to support your users in setting up their Exchange settings on their personal device. The nicest thing, however, about the Windows Mobile, from a network manager s perspective, is that v6.1 and above can join the domain by authenticating against the domain using the Domain Enroll feature and System Center Mobile Device Manager. This facilitates management of security, applications and settings through Active Directory-based policies. It s a way of managing this otherwise unmanaged device and it s a free download from the Microsoft website! Of course, it really depends on how many of your users have Windows Mobile 6.1+ as to how useful this tool is to you. 8
9 Symbian The Symbian OS is maintained by Nokia. Some estimates indicate that the cumulative number of mobile devices shipped with the Symbian OS up to the end of Q is 385 million! That s a lot of users. However, on February , Nokia announced that it would migrate away from Symbian to Windows Phone 7. Motorola, Samsung, LG, and Sony Ericsson have also made known their pending withdrawal from Symbian in favour of alternative platforms including Google's Android, Microsoft Windows Phone, and Samsung's bada, meaning the future lifespan of Symbian is in question. Symbian OS has been subject to a variety of viruses, the best known of which is Cabir. When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth, signals. It is believed to be harmless, except that it results in a shortened battery life on the phone due to constant scanning for other Bluetooth enabled devices. Either way, it successfully highlights the potential threat to mobile devices. So far, none of the known pieces of Symbian malware have taken advantage of any flaws in the Symbian OS. Instead, they have all asked the user whether they would like to install the software, with somewhat prominent warnings that it can't be trusted. Other known hostile programs do require user input to run, so education is the key to preventing any outbreaks. Symbian OS 9.x devices can be hacked to remove the platform security introduced in OS 9.1 onwards, allowing users to execute unsigned code. This allows altering system files and access to previously locked areas of the OS. The hack was criticised by Nokia for potentially increasing the threat posed by mobile viruses as unsigned code can be executed. Data storage The last type of device that we need to investigate, in the changing face of a modern network, is a data storage device. This could be an SD card, a USB flash drive or external hard drive, and pretty much any device that is used for storing data, which isn t directly managed by you. Staff and contractors within any organisation, including schools, are responsible for data security and the protection of personal and sensitive data under the Data Protection Act The Information Commissioner s Office (ICO) provides a set of recommendations, based upon the legal requirements set by UK law. Failure to comply with these recommendations is taken very seriously and may lead to substantial monetary penalties. Examples where the Data Protection Act has been breached In April of this year, a UK school was found in breach of the Data Protection Act after the theft of an unencrypted laptop from a teacher s car. The laptop contained personal information relating to 90 pupils at the school. Whilst not excusing the theft, the sensitive data should not have been on the laptop and the data should have been 9
10 encrypted. The laptop should also have been stored in a secure place overnight. The school were unaware of the need to encrypt portable and mobile storage devices, though they did have a policy stating that laptops should not be kept in cars whilst away from the school premises. In November 2010 an unencrypted laptop was stolen from the home of a subcontracted employee to the Legal Services Commission. The individual was fined 60k. In February 2011, two unencrypted laptops were stolen from the home of a Council employee. This individual was undertaking a subcontracted role for a nearby Local Authority at the time, and both agencies were fined 80k and 70k, respectively. With wide deployments of flash drives being used in various environments (secured or otherwise), the issue of data and information security remains of the utmost importance. The use of biometrics and encryption is becoming the norm with the need for increased security for data. On The Fly Encryption (OTFE) systems are particularly useful in this regard, as they can transparently encrypt large amounts of data. Many USB flash drives are now available with encryption. Encryption Whilst most if not all of you in this room will know the importance of data security, your staff may not and it is vital to decide upon a strategy, educate them and then issue guidelines on what is and is not acceptable. Make network shares password protected and/or encrypted as appropriate. Encryption is becoming increasingly used to prevent access to any sensitive or protected data that may exist on a device or in an electronic communication. First and foremost, strict guidelines on where personal data can and can t be stored is the first line of defence and should remain as such. Two main types of encryption exist; Storage encryption Both the storage device, and the data that exists on it, are encrypted in their own right Encrypted laptops Encrypted USB flash drives Data encryption The data is encrypted at a granular level Encrypted files and documents Encrypted s It is possible to use both types of encryption in parallel, for example a file that is already encrypted can be stored on a hard-drive, which is also encrypted. DESlock DESlock is our offering for encryption. Having worked alongside DESlock since 2009, we now sell DESlock+ Pro, with hard disk encryption fully supported by RM. 10
11 TrueCrypt TrueCrypt is a piece of open source software that is already used in many schools. It can create a virtual encrypted disk within a file or encrypt a partition or sometimes the entire storage device. However, it like other data storage solutions is not infallible, and has been criticised for a number of issues, some of which are listed below. TrueCrypt volumes are recognisable, though not with 100% certainty. Suspecting TrueCrypt encryption may make the data more desirable, if not more accessible. Passwords are stored in the memory. TrueCrypt stores its keys in RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt. TrueCrypt documentation states that it can not secure data on a computer that has any kind of malware installed. Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when he or she gains physical access to the computer. In some cases a Secure USB Drive may use a hardware-based encryption mechanism that uses a hardware module instead of software for strongly encrypting data. BitLocker BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. However, it only works if you have a Trusted Platform Module (TPM); a special microchip in some newer computers with advanced security features. The latest version of Bitlocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives. BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user's drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office, which tried entering into talks with Microsoft to get one introduced, though Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they have not granted the wish to have one added. Nevertheless, in February 2008, a group of security researchers published details of a so called "cold boot attack" that allows a Bitlocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory. The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. This is very similar to the aforementioned attack on data encrypted by TrueCrypt. 11
12 BitLocker also doesn t prevent against data being taken off the live machine that hosts the storage drive. If someone is able to gain access to the data server, they can take the data unencrypted there and then. Pretty Good Privacy (PGP) PGP encryption is another piece of software, currently distributed by Symantec, but with many variants available as freeware, that uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography for datacommunication or s. Each step uses one of several supported algorithms. Each public key is bound to a user name and/or an address. Interestingly, in 1993 PGP s founder, Phil Zimmerman, found himself on the wrong side of a criminal investigation after PGP encryption found its way outside of the USA, shortly after its release. US export regulations considered cryptosystems using keys larger than 40 bits as munitions, and not owning a munitions license, he was suspected of dealing in nonexportable weapons! After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. To prove a point, he published the source code in a hardback book, which developers could then scan in using OCR technology and build upon. Whilst trading in the software itself was illegal, distribution of books was protected by the US Constitution s First Amendment, pertaining to freedom of speech. Thankfully, PGP encryption no longer meets the definition of a non-exportable weapon. There is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Current versions are recommended as earlier editions have been found to have theoretical vulnerabilities. Evidence suggests that as of 2007, British police investigators are unable to break PGP, so instead have resorted to using RIPA legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for 9 months for refusing to provide police investigators with encryption keys to PGP-encrypted files. All in all, it s a pretty good tool. Encryption summary The overall message, then, is that encryption is better than nothing, but like most security solutions, it has its limitations. There is no replacement for users being careful with where you store data, how you transport data and having a lockable cabinet! Portable storage control Portable storage control means restricting what can and can t be achieved using removable media, such as preventing executables from running, or making contents read only. Custom template One method for establishing portable storage control involves creating a custom administrative template that contains a group policy template, which provides access to a setting that can be used to disable a USB port. Instructions and code for creating this 12
13 template can be found on the Microsoft website. If you're too intimidated to create a custom administrative template, you can download a template copy from a variety of websites. RM Tutor 5 Another useful, but underused tool, can be found in RM Tutor 5 powered by NetSupport for Community Connect. Predominantly used by teachers, RM Tutor has a number of features to help control usage on client machines, as required; Media blocking facility for all removable media. Teachers can choose to make media types read only and/or prevent executable files from being run. Internet blocking uses black and white lists to restrict which websites can be accessed by users. RM Tutor Encryption Utility can be used to protect against access from nonauthorised clients, who may have got hold of the Tutor client software (see TEC in the RM Support Knowledge Library. Tech Console, designed specifically for network managers (Tutor 5 on CC4 only): 1. View all managed computers across the campus, monitor computer screens in each classroom, generate a full hardware and software inventory from each PC, remotely manage services and processes, deliver files to all selected computers in a single action and much more. 2. This tool is particularly useful, not only to offer remote support, but if you are concerned about a particular user or group of users you can monitor their usage, without them realising. This may sound quite big-brother, and in all honesty it is. Imagine, though, how useful this would be when trying to deal with an instance of cyber-bullying or known attempts to bypass the school s proxy. Disabling AutoRun Another option you may like to try is disabling the AutoRun facility on portable media. Many virus files use autorun.inf to begin executing and infecting your computer. This spreads itself across the computer by making the multiple copies of the autorun.inf and.exe files on every drive of the computer, and potentially the network. Any portable media used thereafter may then be re-infected, ready to be spread onto other machines. Viruses could connect to a malicious website and install a key logger on your PC, which would seek to steal all sorts of sensitive information. Conficker and Stuxnet both make use of this vulnerability. Please note that disabling AutoRun may inconvenience your users, and as with any new introduction, it s always best to test it on a sample of machines first! Microsoft has already issued an update, which disables AutoRun on USB devices only for Windows XP, Windows Vista and Windows Server 2003 and 2008 operating systems. As it is not a security update, it would not automatically be made available through WSUS on CC4, though it could be manually packaged up and distributed across the network. To disable the AutoRun feature on other removable media, or for Windows 7, firstly, check the Microsoft knowledge article for KB967715, to make sure you ve installed the relevant updates to fix a known bug that prevents you from disabling AutoRun; 13
14 DEMO Windows Server 2008, (Windows 7?) or Windows Vista Use either of the following methods: 1. Click Start 2. Type gpedit.msc in the Start Search box, and then press Enter. 3. If you are prompted for an administrator password or for confirmation, type the password, or click Allow. 4. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click AutoPlay Policies. Then either Or 1. In the Details pane, double-click Turn off Autoplay. 2. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives. 3. Restart the computer. 1. In the Details pane, double-click Default Behavior for AutoRun. 2. Click Enabled, and then select Do not execute any autorun commands in the Default Autorun behavior box to disable Autorun on all drives. 3. Restart the computer. DEMO Windows Server 2003, Windows XP Professional 4. Click Start, click Run, type Gpedit.msc in the Open box, and then click OK. 5. Under Computer Configuration, expand Administrative Templates, and then click System. 6. In the Settings pane, right-click Turn off Autoplay, and then click Properties. 7. Click Enabled, and then select All drives in the Turn off Autoplay box to disable AutoRun on all drives. 8. Click OK to close the Turn off Autoplay Properties dialog box. 9. Restart the computer. Infrastructure There are many solutions that can be placed within or alongside your core infrastructure to implement generic security measures. Some we know and love, and have been in use for a number of years. However, different technologies pose different threats, and many solutions aren t designed to cope with the vulnerabilities present in this day and age. Usually, a combination of solutions is needed. Commonly used solutions are; Authentication As well as traditional methods, such as username and password logon credentials, twofactor authentication methods such as smart cards, USB & software tokens and biometrics are becoming increasingly used in enterprise to facilitate remote access. Biometrics is the 14
15 preferred option for schools, as tokens or cards that use algorithms tend to be very costly. Fingerprint recognition is often used with cashless catering systems and libraries. Usable by children as young as three years old, it is a simple and effective way of preventing fraudulent use of many different systems, including laptops with integrated fingerprint recognition. One common misconception of such devices is that they store a copy of the fingerprint, raising concerns over civil liberties. However, the software stored is in fact a series of some 30 digits, from which it would be impossible to reconstruct the print and parental consent does not have to be legally sought. AV Antivirus software is used to prevent, detect and remove all sorts of malware. It remains an integral part of any security solution within a school network. Some antivirus software don t consider a proxy may exist e.g. Microsoft Security Essentials, so some users may have difficulty connecting to the Internet when using their personal device at school. Internet proxy Most schools use an Internet proxy to evaluate connection requests to the Internet, according to a set of rules much like a firewall. This works well for managed computers, access for unmanaged devices can be difficult to impose. In a Windows network, NT LAN Manager (NTLM) protocol can be used to authenticate all devices against the proxy server. This greatly reduces the likelihood of unauthorised access and can serve unmanaged devices, which are not joined to the domain. Encouraging use of the school network for Internet access means that traffic is recorded in proxy logs, ensuring a reference is available if needed at a later date. Pin codes can be used with smartphones to avoid having to enter unwieldy usernames and passwords. If you are considering using NTLM authentication on your proxy, be aware of the following lessons from previous such rollouts: Before implementing NTLM, audit the applications being used on your LAN. Some applications simply do not support NTLM authentication, and understanding what applications are being used and testing them in an isolated environment before going live with proxy authentication will greatly reduce the impact of the change and the number of support calls that you receive from your users. This has the added benefit of creating a greater understanding of the type of applications that are running on your network, with some you may previously have been unaware of. As a considerable number of third party apps do not support proxy authentication you will need to decide whether to: o Permit the URLs in question to bypass proxy authentication, by using a whitelist. o Take a stance on third party applications that are permitted for use on the wireless network. You will see far fewer authentication prompts and much greater support for proxy authentication if your Windows PCs and laptops are joined to the domain. For users 15
16 of devices that cannot be joined to the domain, they ll need to familiarise themselves with Windows Credential Manager they ll be using it a lot! Dynamic Host Configuration Protocol DHCP is used as a configuration protocol for hosts on Internet Protocol (IP) addresses. Most schools use DHCP to avoid overheads within the network management team IP addresses are dished out as required, without the need to manually assign each one. Some schools have been known to deliberately max out the number of DHCP leases available, thus preventing access to the network from a potentially illegitimate request. The problem with this solution is that it also blocks out any legitimate requests, forcing the network management team to be directly involved in any such request for access. This kind of negates the whole point of using DHCP in the first place! Media Access Control address A MAC address is a unique identifier assigned to network interfaces. They are often assigned by the manufacturer of the Network Interface Card (NIC), and some schools use a white list to only authorise MAC addresses which are known to them. Like maxing out DHCP settings, this makes a lot more work for the network team, as any legitimate request for access has to come through them. I ve used MAC addresses to restrict access to a network myself before, but it was years ago when I shared a house with other lodgers, and got fed up of their friends maxing out my download limit. I only had to maintain five MAC addresses, which was very simple and straightforward. However, this is not an easily scalable solution; especially if you are trying to facilitate access to user s personal devices. The time and effort needed to maintain such a list would be vast, along with frustrating for users who can t get on to the network without jumping through a number of time-consuming hoops first. Using MAC addresses is also not particularly secure. Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware. Changing one s MAC address to exploit security vulnerabilities is known as MAC Spoofing, with which: Anyone with an receiver (laptop and wireless adapter) and a freeware wireless packet analyzer can obtain the MAC address of any transmitting within range, A user can hide the computer from the network, A user can impersonate an authorised device on the network, A user can use a previously assigned MAC address to avoid hassle when connecting a new machine. Wireless LANs WLANs are heavily used in schools as a way of unharnessing users from their desks. WLANs are also a good way of allowing controlled access to guest users who have laptops and mobile devices. 16
17 The first wireless network was developed by Norman Abramson at the University of Hawaii and was called ALOHAnet. This is nothing to do with security, but it s such an obscure fact that I had to include it! Gone are the days when wireless connections were slow, unreliable and insecure. Remote Authentication Dial In User Service (RADIUS) Servers maintain a consistent connection as users roam from one access point to another. A well-managed WLAN can be a secure way of allowing unmanaged devices to connect to your network, but poorly managed, it can be vulnerable to a huge number of threats; Wireless authentication methods Many schools, especially primaries, use off-the-shelf routers and fail to customise the security settings, meaning their wireless connection and router are both completely unsecured and vulnerable to anyone with an ounce of nous. I ve heard stories of opportunists logging on a school s router by connecting to the unsecured WLAN, Googling the default admin logon credentials, disconnecting it from the Internet, then offering to fix the connection for a set price. It s like malware in the flesh! WEP, whilst better than no security, has been found to have vulnerabilities that could easily be exploited i Security is rigorous, but hardware needs to be comparatively new to use it. Both WPA and WPA2 support EAP authentication methods using RADIUS servers and preshared key (PSK). Change the access key regularly to increase security against previous users, who are no longer authorised. RADIUS acts as a gatekeeper through the use of verifying identities through a username and password that is already pre-determined by the user. A RADIUS server can also be configured to enforce user policies and restrictions as well as recording accounting information such as time connected. When used with IIS, the machine, as well as the user, is authenticated. Some schools are known to have used RADIUS with their wired network. This approach is not recommended, as the infrastructure within the wired network (switches, Windows clients) is not designed to accommodate wireless 802.1x. The end result could become very difficult to manage and maintain. Guest WLANs Hosting your guest WLAN on a separate VLAN to your main network can help to keep such users away from the core resources. Users with no domain authorisation can use resources such as the Internet without posing a threat to your network. Trapeze Having acquired Trapeze Networks in 2010, Juniper now offer SmartPass, which gives network managers dynamic access control over all users and devices on a wireless LAN. It can adjust access privileges as a user's circumstances change, and securely provision hundreds of guest users on demand. One of the most desirable features is individual sets of guest logon credentials that time-out after a set period. 17
18 Unified Threat Management Firewalls and antivirus software, whilst great at doing what they were initially intended for, may struggle to cope with the wide variety of attacks that may occur today. The next generation of network security is Unified Threat Management, or UTM. Identity-based UTM appliances, offered by companies like Cisco and Juniper, offer comprehensive protection against emerging blended threats, which are a combination of worms, trojans, virus, and other kinds of malware. While simple UTMs identify only IP addresses in the network, identity-based UTMs provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering complete visibility and control on the network activities. The identity-based feature of such UTMs runs across the entire feature set, enabling enterprises to identify patterns of behaviour by specific users or groups that can signify misuse, unauthorised intrusions, or malicious attacks from inside or outside the enterprise. The strength of UTM technology is that it is designed to offer comprehensive security while keeping security an easy-to-manage affair. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behaviour in the network. As identity-based UTMs do not depend on IP addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and Wi- Fi and especially in a scenario where multiple users share the same computer, such as in a school. General usage Whether on managed or unmanaged devices, there are some guidelines which still hold true. Some of the most basic security measures are often forgotten in this world of technological advances, and the increased attack vector makes it even more important that we adhere to certain rules. Digital certification SSL Certificates are electronic documents, which are used by many web services to verify the legitimacy of a request and provide a secure connection. To try and save cost, some schools opt for self-issued certificates, generated from the domain controller, instead of purchasing an SSL Certificate from a trusted Certificate Authority (CA). However, when users first connect to the service from a unmanaged computer, they ll need to download and install the root certificate. Failure to do so will prevent connection to the service. To improve the user experience, and reduce overheads for the network team, SSL Certificates are strongly recommended as they are already trusted by the browser or interface being used. Acceptable Usage Policies AUPs have two main benefits they educate the user so they know what is expected of them in terms of what they are and are not permitted to do, and they are a record of acceptance of those conditions. Many AUPs are sent out once, clicked through and forgotten. To make your AUP more effective, follow the guidelines below. 18
19 Make it clear using normal language. Lots of technical jargon and confusingly long sentences will make the user less likely to understand what is meant. Tailor it to your target audience. Perhaps a separate AUP is required for students and staff? Consequences must be detailed. A user is less likely to make a breach if they know what the subsequent response will be e.g. loss of Internet during breaktimes for a week. Regularly revise and resend the AUP, highlighting any changes since the last one. Keep it short use hyperlinks to a web page for users that want to access more detailed information. Passwords A strong password is a useful weapon against unauthorised access. When Hotmail s security was compromised a few years ago, the most common password was found to be Weaker passwords are easier to remember, but the majority of security solutions today that use passwords have a reset option. Most schools have individual user accounts, each with a unique set of logon credentials. However, group logons are still commonplace for some, especially in primary schools. Individual user accounts mean that any breach of the AUP or security can be traced to that individual user. Group logons cast reasonable doubt over any accusation. Group credentials are often posted all over teachers notice boards, so they don t forget the details, and security is undeniably compromised. Many schools don t insist that users change their passwords regularly, and this too vastly increases the risk that their account could be compromised; the longer a password exists, the more time is available to crack it. Encourage users of unmanaged devices to password protect their device. If they have a Home Edition OS with no security logon, the chances are the wireless settings are configured to connect automatically, so a stolen computer could pose a real security issue. Ensure that any network shares are also password protected. Making areas read only does not stop someone from accessing the information, so it s a simple and effective way of protecting your data. Finally, don t use the same password for all your different accounts, especially those that contain sensitive data. In March of this year, a UK school suffered yet another breach of the Data Protection Act, after a pupil hacked a teacher s website account, and re-used the same password to access other parts of the system. This included the SIMs data for 20,000 individuals, of which 7,600 were pupils. The data was then published online. 19
20 The future of security It s all very well reacting to recent changes, but what s going to happen next? A look ahead will help us prepare for the future of school networking. The Cloud I know, I know here s yet another person talking about the cloud. Everyone knows it s just another name for the Internet! That may be so, but renting networks that are hosted on the cloud, instead of managing a traditional network of locally run servers, is likely to be the reality within the next year or two. Less overheads means cheaper running costs, and in the current climate, this is a solution that will really appeal to a lot of schools. In terms of security, some may be concerned about how much control exists over sensitive data and access to the network. Suppliers will have to provide robust offerings to gain confidence in their solution. The traditional boundaries of a school network will become even more blurred, as everyone moves towards their own personal piece of the cloud. Mobile data storage devices may become a thing of the past as everything becomes accessible online and Internet black spots disappear. Windows 8 Windows 8 Metro UI will have a new type of photo login screen designed for touch. You will be able to record your own unique sequence of touch points and swipes to authenticate, instead of using a password. Its efficient processing and small footprint mean it is as likely to be found on unmanaged devices as managed ones and is an accessible way to join a domain for students as young as 3 years old. You may recall in our last round of Seminars that Matt s future technologies presentation talked about how Microsoft were planning to provide ARM processor support for Windows 8 (ARM being a processor architecture that was historically for low power devices). Well its happened, and in the keynotes seminar on 14 September 2011, the end user experience was done on exactly that an ARM based device. So what? Well it blurs the boundaries between managed, Windows computers and unmanaged Windows phones. The ARM device demoed had a built-in 3G modem. At what point will we cease to recognise the difference between smartphones and slate computers? Malware The future of malware won t be so much about how the software itself will be engineered, as how potential victims will be targeted. Have you ever accepted a friend invite on Facebook or connected to someone on LinkedIn you didn't know? Maybe, you thought this was someone from school you had forgotten about or a former business partner whose name had slipped your mind. "When people make trust decisions with social networks, they don't always understand the ramifications. Today, you are far more knowable by someone who doesn't know you than ever before in the past," says Dr. Hugh Thompson, program chair of RSA Conferences. 20
White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationBrazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005
Brazosport College VPN Connection Installation and Setup Instructions Draft 2 March 24, 2005 Introduction This is an initial draft of these instructions. These instructions have been tested by the IT department
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationBring Your Own Device:
Bring Your Own Device: Finding the perfect balance between Security, Performance, Flexibility & Manageability SECURELINK WHITEPAPER 2012 By Frank Staut Management summary This white paper discusses some
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More informationAVG AntiVirus. How does this benefit you?
AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to
More informationThis guide will go through the common ways that a user can make their computer more secure.
A beginners guide in how to make a Laptop/PC more secure. This guide will go through the common ways that a user can make their computer more secure. Here are the key points covered: 1) Device Password
More informationINSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v15.5.0 ONWARDS)
Web: Overview INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v15.5.0 ONWARDS) This document provides an installation and configuration guide for MDaemon Messaging Server along with
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More information1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?
MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,
More informationMobile Device Strategy
Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.
More informationKaspersky Lab Mobile Device Management Deployment Guide
Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationThe Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them
The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationNETWORK AND INTERNET SECURITY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationReferences NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household
This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of
More informationScoMIS Encryption Service
Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend
More informationIT user guide. Campus WiFi eduroam. September 2015. www.kent.ac.uk/itservices Information Services
IT user guide Campus WiFi eduroam September 2015 www.kent.ac.uk/itservices Information Services Before you get online Hello eduroam! You can pick up the University WiFi service eduroam in all indoor spaces
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationCyber Security: Beginners Guide to Firewalls
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
More informationCyber Security Education & Awareness. Guide for User s
Cyber Security Education & Awareness Guide for User s Release Q1 2010 Version 1.1 CONTENTS 1. Introduction 2. Protection against Nasty Code 3. System Security Maintenance 4. Personal Firewalls 5. Wireless
More informationSystems Manager Cloud Based Mobile Device Management
Datasheet Systems Manager Systems Manager Cloud Based Mobile Device Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, and monitoring of the
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More information2X SecureRemoteDesktop. Version 1.1
2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious
More informationCyber Security Beginners Guide to Firewalls A Non-Technical Guide
Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationHosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere
OneDrive for Business with Hosted SharePoint Secure UK Cloud Document Management from Your Office Anywhere Cloud Storage is commonplace but for businesses that want secure UK Cloud based document and records
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More informationContents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary
Contents Introduction What is the Cloud? How does it work? Types of Cloud Service Cloud Service Providers Summary Introduction The CLOUD! It seems to be everywhere these days; you can t get away from it!
More informationStudent Halls Network. Connection Guide
Student Halls Network Connection Guide Contents: Page 3 Page 4 Page 6 Page 10 Page 17 Page 18 Page 19 Page 20 Introduction Network Connection Policy Connecting to the Student Halls Network Connecting to
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationAkrutoSync 4.0 User Guide
AKRUTO AkrutoSync 4.0 User Guide Welcome Thank you for choosing AkrutoSync. AkrutoSync can synchronize your Contacts, Calendar and Tasks between Outlook on your computer and your Windows Phone. AkrutoSync
More informationBEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.
BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next CONTENTS 1. OPEN ALL HOURS...2 Page 2. MOBILE DEVICE MANAGEMENT
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationMobile Operating Systems & Security
Mobile Operating Systems & Security How can I protect myself? Operating Systems Android Apple Microsoft What do they do? operate smartphones, tablets, watches and other mobile devices includes touchscreens
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationHigh Speed Internet - User Guide. Welcome to. your world.
High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationHow to make a VPN connection to our servers from Windows 8
How to make a VPN connection to our servers from Windows 8 Windows 8 is able to make a newer type of VPN connection called a Secure Socket Tunnelling Protocol (SSTP) connection. This works just like a
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationANDRA ZAHARIA MARCOM MANAGER
10 Warning Signs that Your Computer is Malware Infected [Updated] ANDRA ZAHARIA MARCOM MANAGER MAY 16TH, 2016 6:05 Malware affects us all The increasing number of Internet users worldwide creates an equal
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationHomeNet. Gateway User Guide
HomeNet Gateway User Guide Gateway User Guide Table of Contents HomeNet Gateway User Guide Gateway User Guide Table of Contents... 2 Introduction... 3 What is the HomeNet Gateway (Gateway)?... 3 How do
More informationHosted Desktop for Business
Your complete guide to Hosted Desktop Hosted Desktop for Business 1 Doc V1.0 Jan 2014 Table of Contents Hosted Desk- 3 Hosted Desktops today... 4 What is a hosted desktop? 4 How does it work? 6 How easy
More informationINSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS)
Web: Overview INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v9.5.0 ONWARDS) This document is designed to provide a quick installation and configuration guide for MDaemon along
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationKaspersky Endpoint Security 10 for Windows. Deployment guide
Kaspersky Endpoint Security 10 for Windows Deployment guide Introduction Typical Corporate Network Network servers Internet Gateway Workstations Mail servers Portable media Malware Intrusion Routes Viruses
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationBOYD- Empowering Users, Not Weakening Security
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationTrend Micro OfficeScan 11.0. Best Practice Guide for Malware
Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned
More informationInstalling Logos SSL Certificates on Mobile Devices
Installing Logos SSL Certificates on Mobile Devices Phase 1: Obtain the SSL Certificate You can obtain the SSL certificate in one of 2 ways. Method 1 Download the SSL certificate from it.logostech.net
More informationVIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong
VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security
More informationChapter 15: Computer and Network Security
Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How
More informationCloud Services MDM. ios User Guide
Cloud Services MDM ios User Guide 10/24/2014 CONTENTS Overview... 3 Supported Devices... 3 System Capabilities... 3 Enrollment and Activation... 4 Download the Agent... 4 Enroll Your Device Using the Agent...
More informationCodeproof Mobile Security & SaaS MDM Platform
Codeproof Mobile Security & SaaS MDM Platform info@codeproof.com https://codeproof.com Mobile devices have been transformed into multi-faceted, multi-tasking, multimedia tools for personal expression,
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationLAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan
LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security
More informationOWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.
OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationBlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide
BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationIT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part I: Reducing Employee and Application Risks As corporate networks increase in complexity, keeping them secure is more challenging. With employees
More informationSMALL BUSINESS IT SECURITY PRACTICAL GUIDE
SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no
More informationBacking up your digital image collection provides it with essential protection.
Backing up your digital image collection provides it with essential protection. In this chapter, you ll learn more about your options for creating a reliable backup of your entire digital image library.
More informationRobust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been
Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationHi! I m Andy and I m a school ICT technician. We ve been using NetSupport School here for a while now and I want to tell you how it works for us...
1 A Technician s Perspective Hi! I m Andy and I m a school ICT technician. We ve been using NetSupport School here for a while now and I want to tell you how it works for us... Most people think of classroom
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More information