About: I'm an instructional designer at the Hunter College Campus School. I support the effective use of technology in schools and classrooms.

I am also keen on the role of games in education. Please find below an ever-changing picture of me. You know, just in case you were curious.

bruce

loans that work

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.

Categories


All the categories

Search:

Podcast feed

Blog feed

my blacklist

Please log in or register to sign up for our mailing list!

Valid XHTML 1.1
Valid CSS
Valid ATOM feed
Valid section 508

Monthly Archives



All the archives

Blogroll

Kasia's Blog
igforum
Raj Boora
Jamie Tubbs
David McDivitt
John Kirriemuir
Mark Wagner
Mr. Ball
Tony Forster

Bill MacKenty

Technology strengthens, deepens, and broadens our learning...

Home | Games in Education | Conference Notes | Ed Tech | Gallery | Contact me | Text-based games | My more personal site

Educational Network Security - part 2

Thursday, October 26, 2006

image

Part 1

What is security?

The process of ensuring confidentiality, integrity, and availability of computers, their programs, hardware devices, and data (source).

My list?

Just a short list, I know.  I suppose it could be shortened to “keeping stuff safe”.

Where is the best place to implement?

The best place to implement security is low on the OSI chain.  Routers, switches, and network-level devices are an excellent place to start. These devices control communication, and are an excellent way to secure a network. All the other layers are important as well, but security without the low level stuff really isn’t secure, is it?

Information

Before an attack of infection happens, what is happening on our network? With the right tools, we can analyze traffic, and sniff packets in and around our network. We use router and switch logfiles to see from what MAC address is traffic originating from, shape traffic, prioritize traffic, etc… This has the double advantage of being able to optimize our network, and troubleshooting problems as they arise. You also have a history to look back on when diagnosing problems.

After something like this happens, we need to gather as much information as possible. I ask who, what, when, why, where and how, applying each question to the issue at hand. I pay attention to disease vector (how did the virus spread, where did it start).

Being stupid

Of course networks and computers need to be secure. But if this security comes at the price of usability, it doesn’t make sense, does it?  I have seen corporate-types lock down a computer to the point of it being unuseable! I suppose we could build a metal box around a PC, unplug it and proudly exclaim, “She’s Secure, Sir!” This leads us naturally to…

Multiple layers of security

The thinking of “stopping them at the beachhead” is good, but doesn’t really work in a very dynamic network.  Yes it is important to block as much as you can as it comes into your network, but it is equally important to keep each node protected - updated, current anti-virus, etc…

Moreover, it is important inside the organization to block unknown IP addresses, MAC addresses, and require authentication inside the network. Using an authentication server adds a degree of control to the network and creates a virtual paper trail should there be an issue.




Commenting is not available in this weblog entry.
© 2003-2008 Bill MacKenty, M.Ed. | XYZZY | 134270