These are my notes from a network security presentation by Mike Pennell of NewNet66 in Oklahoma. I shared a brief overview for attendees and then turned over this presentation to Mike. I am recording this as an audio podcast and will post this subsequently in several parts. These are my notes from part 1 of Mike’s presentation.
We are in a BIG TIME war in network operations
– at the NewNet66 core, we take over 1 million attacks per day
What are the risks?
virus and worms are not nearly as bad as they were, social engineering now via phishing is getting VERY ugly
– spyware
– viruses
– worms
– trojans
– backdoors
– root kits
– malware
– phishing
– emial attachments
– spam with www links
– spyware
attacks can come from inside or outside
– in the past, most people thought they needed to protect themsevlves mainly from the bad guys on the outside
– now there are multiple entr ypoints
– like shoplifting: 75% comes from the inside (shrink)
– in this network world, it is more like 95%
– so you need to watch your people
Implementing network security is not a “fire and forget” solution
– have to watch it every day
– network attacks are ever changing and must be closely monitored resulting in security changes to your network
Use hardware solution
How the bad guys work and why
– graphic that shows what a teacher doesn’t know
– teachers or students don’t have to be going somewhere bad for bad things to happen
1- when they go out and get something from a computer somewhere, could be Pacific Rim or elsewhere (50% of malware attacks now come from the pacific rim)
2- when that packet comes back (which WAS requested by the user) but it also has a backdoor or keylogger
3- Then that malware transmits data to the bad guys
4- that leads to withdrawing $$$
The bad guys might make 10,000 transactions per month on 10,000 different bank accounts
– do the math!
– this is a lucrative business!
– so MONEY is now driving a great deal of what we see happening with network security
Identity Theft is the #1 problem
– it is so bad out there, higher ed is REAL bad
– lots of stories, anecdotes, credit card numbers
– what you don’t want is have KEYSTONE PUBLIC SCHOOLS show up on the Tulsa World News headlines that the district’s Wave server is now owned by the bad guys
Tools that protect your network
– I’ll show you tools we use, there are 100s of ways to skin this cat
1- Intermapper is our primary tool: network monitoring software, what we use to identify network anomalies, track bandwidth, alert us when critical network devices are down or in error status. InterMapper’s job is to “alert” you to network problems and anomalies
2- Juniper NetScreen Firewalls
3- 3Com TippingPoint 50 Intrusion Prevention appliance. This device will block and report on all network threats including spyware
There is NOT a single solution that will protect your your network from the bad guys. It takes at least 2 hardware network devices to offer the level of protection required by K12.
Understanding Internet Bandwidth Usage (1)
– Intermapper really opens up some windows of learning for people
– MONITORING YOUR BANDWIDTH is one of the most important tools you can use in securing your network! If you monitor the utilization of your link to the Intenet you will see trends about your school’s network activity. Each school has it’s own personality.
– the use of network monitoring is the first step in securing your network and will raise a lot of questions you should get answers to
Graph of normal bandwidth utilization on a weekend
Contrast to incoming and outgoing data during the week when school is in session
– for a single T-1 line, you’ll see about a 30% utilization change for a 384 kbps duplex connection
Graph of Abnormal bandwidth utilization
– what information is going “out” of the network on the weekend?
– who is it, what is it, why is it, and what data are they getting
Do you know where everything LIVES on your network?
We tell our schools to kill 3rd party email generally
– if you put rules on the firewall that puts blocks on outgoing port 25 (SMTP)
– it is getting harder and harder to get off the blacklist
Was a state dept of ed guy that encouraged everyone to look at server logs every day
– he was right, but you need to look at firewall logs too
– example of 1 am attack from India on a school yesterday
– what about on the INSIDE?
– we can see in this example computers on our network going out trying to visit Buenos Aires, Rogers Cable in Ontario, Canada, and Belgium in the middle of the night
– those are all suspect connections
KNOW WHERE EVERYTHING LIVES
– if you don’t, you can’t chase the bad guys down
– I don’t like DHCP, but you can look at those server logs if you are managing your DHCP server
When I get up in the morning, the first thing I look at is bandwidth
Understanding Internet Bandwidth during the day, where some usage is masked by other traffic
– red outbound traffic is often due to spyware and peer-to-peer file sharing
Intrusion detection and prevention
– we like the TippingPoint Unity 50
– that is probably the biggest home run we’ve found in a long time
– we looks for devices that are powerful and easy to use
– example of malware “Gator” phoning home on port 80 (and many firewalls miss that because it is port 80)
– so the Tipping Point box catches that, where the firewall does not
What can be going on
– YouTube can be a bandwidth hog, PhotoBucket is a disease
– but there are thousands of machines with PhotoBucket on them
MY QUESTION: HOW CAN WE THROTTLE AND MANAGE BANDWIDTH FOR SPECIFIC APPLICATIONS?
In the tipping point box, you can create a filter that, for instance, when a student tries to go to MySpace quarantines a box from Internet access for 3 minutes and presents them with a browser message
What you can do to protect your network?
– use strong passwords: a strong password is a combination of a six or more letters, numbers, and symbols that are NOT a word or common phrase. This is the most abused security practice.
– We feel it is best to use Internet Explorer for those websites that require it (i.e. PeopleSoft) and use a different browser for all other web activity. The Internet Explorer web browser that comes with MS Windows seems to have a new security flaw almost every month. While you apply patches for these flaws as quickly as possible, the use of Mozilla’s Firefox is a very good alternative offering increased security. Firefox is free and can be downloaded at http://download-firefox.org
– Educate your staff about network security risks: NewNet66 has a very good document on our webite which your staff can review (PDF) – Support site: www.newnet66.org/Support/
– Secure wireless access points
– Get a firewall and manage it.
– Get an Intrusion detection and Prevention hardware device and manage it
– Create, implement and enforce network use policies.
– Don’t allow the use of 3rd party email
– Don’t allow Peer-to-Peer file sharing on your network. This is very popular with students and is a severe security risk
– Lock down your Student Information Systems and WAVE servers
– Get rid of Windows98 workstations.
– Apply software patches as soon as soon as they are available to your serves and workstations
– Be proactive about network security
As an administrator GET INVOLVED with the security of your school’s network. If you farm it out to a vendor get the security procedures documented. Ask a lot of questions and try to understand the basics. At the end of the day you don’t need to know it all, but you do need to know what questions to ask– and in the end you are responsible!
[THIS PRESENTATION IS BEING CONTINUED AFTER LUNCH]
Technorati Tags: myspace, networksecurity, intermapper, tippingpoint
If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.
On this day..
- How Much Should Teachers Share Online? – 2016
- TMobile Claims iPhone Users Pay AT&T More to Be Slower – 2011
- Configure WordPress to auto-correct HTML nested tag errors – 2011
- Science is a Contact Sport with the Brightest Minds in the World @GovInternships – 2011
- Lucrative rewards of viral videos encourage parents to put their children on YouTube – 2010
- Podcast346: Discussing Digital Literacy with Educators in the New Literacies Collaborative – 2010
- Discussing Digital Literacy with the New Literacies Collaborative at NC State – 2010
- Film on the Fly – Earth Day Contest Starts Monday! – 2009
- Storm Stories from Texas and Oklahoma – 2009
- Be wary of saying it with email – 2008
Comments
One response to “Protecting school networks against attacks (Mike Pennell with NewNet66)”
Amusing that not using Windows is not a recommendation.