Friday, April 25, 2014

Fix Your Bleeding Heart


Schools are known for being notoriously understaffed in their IT departments. Probably the last area any school IT department considers adding staff to is IT security. Staffing IT security in schools is an afterthought.  But now everyone reading this should be very concerned about online security and needs to take securing their online identities into their own hands. This past week with the revelation of heartbleed, a bug in the widely used Open SSL, used to encrypt and secure thousands of well known web sites, all of us have potentially had many of our passwords compromised. 

 So whether we have school IT security staff or not, it is up to all of us students, staff, and IT to proactively start changing our passwords for affected sites. But it’s not quite that simple.  You must change the password only after the affected site has patched their servers to fix heartbleed.  How do you know which sites are affected and have been patched?  Check this list at CNET.  Or better yet, run a live check on a server yourself at LastPass. This is a good time to start using complex and unique passwords to protect your online identity and to consider using a password manager to remember them all. Stay safe online!


lastpass_heartbleed_google.PNG

This blog is cross posted at Technology and Learning

Wednesday, April 23, 2014

Top tips to make your network more secure

A colleague and I brainstormed a quick list of some ways (many not costly), to help make a school (or other) network more secure, and this is what we came up with.  What would you add?

Make this more secure
1. Setup a separate BYOD guest wireless network and do not allow these devices on your main network.
2. Enable wireless isolation on your wireless networks.
3. Do not allow users to install software on district computers.
4. Consider a network access control solution to secure wired network ports.
5. Consider internal firewalls for high value servers with critical data or at least find a way to restrict network access to these servers.
6. Keep servers and security appliances up to date and patched.
7. Endpoint antivirus and malware security is still critical.
8. Don't forget about educating users.  Active user education is critical.
9. Firewalls, Spam filters, and web filters.  Many of these devices are converging into next-generation combined products, but all of these can help scan for bad web sites, phishing links, viruses, malware and more.
10. Restrict ICMP traffic at the firewall, to limit hackers ability to scan your network.
11. Consider restricting USB drives, or at the very least enforcing malware and virus scanning on these devices.
12. Have good backups of shared drives and servers, as viruses and malware are likely to attack them.

Monday, April 14, 2014

Keeping Student Data Private




In a world of cloud services, mobile computing, and one click data sharing, keeping student and employee data private is becoming increasingly difficult.

Yours truly and and some great CTO's from around the United States shared their thoughts on this topic with T.H.E. Journal recently.

Read the thoughts at http://thejournal.com/articles/2014/04/10/keeping-student-data-private.aspx