Bill MacKenty

Technology strengthens, deepens, and broadens our learning...

Security

Internet and computer safety often focuses on the risk of meeting a stranger online and being physically attacked. There is no doubt this danger exists, and our children need to be very careful about the sort of information they put online. The most important rules of internet safety must always be: don’t talk to strangers and don’t put highly personal information about yourself online.  A helpful reader has added that stranger abductions are quite rare, more often children voluntarily agree to meet some stranger somewhere. This also must be pushed into the mind of our kids - Never, ever agree to meet someone you met online. It’s just not safe.

While being attacked is the most serious threat online, our teenagers also face:

reputation harm
identity theft
and
online bullying

Here is a list of topics you could discuss with your students in an effort to support them being safe online.

1) What happens online, stays online, for a long time. sometimes it is difficult to erase a comment, picture, or forum post. Are you putting stuff online you would be embarrassed about 5 years from now? Are you writing anything that might reflect poorly on your character?

2) Some online social-networking sites such as myspace aren’t easy to secure - personal details and photographs are readily available for anyone to see. Do you have a myspace page? Mind if we take a look at it together? Is there anything online that could be used to identify you to strangers?

3) Our teenagers have a hard time understanding that something they put online can be visible to anyone anywhere. Let’s google your name and see what pops up. Who do you think looks at this information? How would you feel if a complete stranger looked at this information/image?

4) A special word about facebook. Facebook is a social-networking site like myspace with a very important difference; it’s invitation only. This means only people who a student knows are accepted as a “facebook friend”. However, there are “groups” in facebook which may have people a student does not know. Teens should be careful about what they write on facebook, and what they include on their facebook profile. Facebook users have a wall, which they can use to send messages back and forth. Let me see your facebook page. who are your facebook friends? do you belong to any facebook groups? Who last wrote on your wall?

5) The internet has opened up a new avenue for airing frustrations and arguments with peers. These arguments can often turn ugly, and teens can be harassed or bullied online. It’s important to talk about online bullying as you would talk about bullying in school; forthright and clear. Have you ever felt bullied online? How do you respond to online harassment? You know you can always talk to me about this stuff, right?

Here are some specific steps you could take with your students to help encourage safe computer use:

1) Put computers in public places (not in a bedroom)
2) Adopt an open door policy for discussing computer habits
3) Look for furtive gestures. If your teen quickly closes, moves or minimizes a window, ask them to show you what they are doing.

And finally, some common sense:

This internet thing is new for many parents. I think we need to teach our kids how to live in a digital world safely. I recommend against completely shutting off the internet or computers, and instead, take an active role in your child’s internet and computer use. Part of being a parent is being nosey. Talk with your teenager about computers and internet safety. 

I had (am having) an interesting conversation with my supervisor.  Several Elementary school teachers have expressed concerns that their computers (Windows XP) are locked down to tightly - that they cannot install trivial peripherals, try new software, etc…

My position in our conversation is that a few trusted users should be granted power-user privileges.  It strikes me as asinine that computers are put into a teachers room, and then so locked down that the teacher cannot use them!  This is a classic fear-based response to network management, and qualifies as a ”think-about-what-is-easiest-for-the-network-administrator-and-not-the-teacher” error. As I’ve mentioned before on this blog, there is a connection between how a teacher feels about technology and how the teacher implements technology.

Should a network be wide-open, with full administrator access to everything? no. Should a school be skillfully managed, balancing the needs of the users versus the needs of the organization? Yes. It makes me crazy when this happens in schools...what if we said to our kids...here is a computer, but you can only do 5 things with it...don’t bother exploring, or engendering curiosity… it’s better for everyone if the device just sits there, locked down.

Of course, these are windows machines, so some extra effort must be taken to keep them safe. But when security locks down a machine so much a user can’t explore it or use it, or try anything new, it’s an object-lesson in frustration.

Allow trusted users limited administrative access so they can experience the joy of trying something new in the teachable moment - the moment when they see something and want to try something, curious, motivated, and engaged. 

Part 1

What is security?

The process of ensuring confidentiality, integrity, and availability of computers, their programs, hardware devices, and data (source).

My list?

• Making sure everything works
• Ensuring data integrity
• Only allowing authorized users to access data and resources
• Keeping physical hardware safe
• Ensuring data is keep private

Just a short list, I know.  I suppose it could be shortened to “keeping stuff safe”.

Where is the best place to implement?

The best place to implement security is low on the OSI chain.  Routers, switches, and network-level devices are an excellent place to start. These devices control communication, and are an excellent way to secure a network. All the other layers are important as well, but security without the low level stuff really isn’t secure, is it?

Information

Before an attack of infection happens, what is happening on our network? With the right tools, we can analyze traffic, and sniff packets in and around our network. We use router and switch logfiles to see from what MAC address is traffic originating from, shape traffic, prioritize traffic, etc… This has the double advantage of being able to optimize our network, and troubleshooting problems as they arise. You also have a history to look back on when diagnosing problems.

After something like this happens, we need to gather as much information as possible. I ask who, what, when, why, where and how, applying each question to the issue at hand. I pay attention to disease vector (how did the virus spread, where did it start).

Being stupid

Of course networks and computers need to be secure. But if this security comes at the price of usability, it doesn’t make sense, does it?  I have seen corporate-types lock down a computer to the point of it being unuseable! I suppose we could build a metal box around a PC, unplug it and proudly exclaim, “She’s Secure, Sir!” This leads us naturally to…

Multiple layers of security

The thinking of “stopping them at the beachhead” is good, but doesn’t really work in a very dynamic network.  Yes it is important to block as much as you can as it comes into your network, but it is equally important to keep each node protected - updated, current anti-virus, etc…

Moreover, it is important inside the organization to block unknown IP addresses, MAC addresses, and require authentication inside the network. Using an authentication server adds a degree of control to the network and creates a virtual paper trail should there be an issue.

Having spent the majority of my professional life in an OS X environment, moving to a Windows-based school was quite an adjustment. However, over the last few months, I have been managing with the overall, basic functionality of Windows.  It certainly doesn’t have the same ease of use; and I note the included windows software is light-years behind what is available for OS X.

So last Friday we noticed the school network was sluggish, and then about noon, we had many faculty members reporting pop-ups on their computers.  About 30 or 40 minutes later, we had a call from the college, telling us a virus was port scanning everything in site. We have a pretty standard Windows layout - ghosted machines, anti-virus corporate edition with updated definition files, and we use a fortress-like tool to secure our labs. We have a competent network administrator, and a strong IT team.

Still, though, the sad thing is only one computer on a network needs to be unsecured for the entire system to fall like dominos. It is, actually, a rather classic manifestation of malicious software infestation.

We disabled all incoming and outgoing traffic to our school, and started the painful and arduous process for reissuing passwords and scanning every single machine in the school. Some machines will need to be re-ghosted, and anything saved locally will be erased.

The downtime looks to be moderate (a few hours if we are lucky), but it is a massive pain the neck. Fortunately, it gives me a few hours to write this series of articles about educational network security. I’ve been meaning to do this for a while.