Post on 30-Dec-2015
11
Tony Shoyat – Product Sales Specialist
Network Security for K-12 – What you need to Know
Before - During – After
2
Discussion Topics• Cybersecurity:
What are the threats?
Why is it important?
• What are the Cybersecurity threats and needs for K-12?
• How can you protect your students and network?
3
Cybersecurity ConcernsInternalPolicies
Partners
Education
DOD8570
GovernmentRegulations
NISTPolicy
MS-ISAC
NERCCIP
IntellectualProperty
Theft Embarrassment
MoneyTheft
ProtectingStudent
Data
PII Theft
Reputation
RevenueLoss
InsiderThreat
AdvancedPersistent
Threat
Malware
Hackers
Customer
Damage
Anonymous
State Regulations
SAM 8500
EspionageDISASTIG
4
K-12 Security Implications
• Protecting the studentsWhat they are exposed toIdentity protection
• Network uptime
• Protecting your assets
5
SCHOOL DISTRICT HACKED FOR $80,000
October 22, 2013 WTRF 7News Colin Lawler - http://www.wtrf.com/story/23761350/hacker-targets-bridgeport-school-district
Officials with the Bridgeport (OH) School District say their bank accounts are the target of an unknown hacker. Now more than $80,000 is
missing. District officials say they received a call last week …alerting them to the situation. Authorities …say this was not an inside job and
that all evidence points to an outsider who is not local, hacking in using various technology.
K-12 Headlines
Austin-area district pulls all school websites after hackers post obscenities
December 23, 2013 Houston Chronicle Heather Alexander http://www.chron.com/news/houston-texas/texas/article/Austin-area-district-pulls-all-school-websites-5088235.php
A Round Rock Independent School District principal first reported the problem to officials late on Saturday after parents and students
noticed the dramatic change in the site's content. Education materials (were) replaced with obscene messages and racist threats.
7
Cyber Activities
• 104% increase in reported incidents by US Government Agencies from 2009 – 20135
• 52% increase in attacks against US Critical Infrastructure 2011 – 20125
• 144% increase in incidents involving PII from 2009 - 20135
• More sophisticated every day – Minute Zero
Threat Landscape
Assets Targeted
• 75% Point of Sale systems
• 20% E-Commerce Systems
• 5% Other (espionage etc…)
1Verizon Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 2012 Norton Cybercrime Report
Cyber Crime
• Money
• Embarrassment
• Espionage
8
Threat Evolution—Requires a Multi-Tiered Response
Reputation (global)
& Sandboxing
2010
APTsCYBERWARE
Anti-virus(Host based)
2000
WORMS
IDS/IPS (Network
Perimeter)
2005
SPYWARE /ROOTKITS
Today
INCREASED ATTACK SURFACE (MOBILITY +Cloud + IoT)
Intelligence & Analytics
(Cloud)
9
Workloads
Apps / Services
Infrastructure
public
tenantshybrid
private
Any Device, Any Cloud
IT Megatrends are creating the “Any to Any” problem
Endpoint ProliferationBlending of Personal
& Business Use Access Assets through
Multiple Methods Services Reside
In Many Clouds
10
Kaptoxa(Target)
Red October
DUNIHI
Shady Rat
Crypto Locker
Zeus (Zitmo)
Citadel
SpyEye (Spitmo)
Examples of Cyber Threats in the News
ThreatCharacteristics:
Bypass the perimeter(Initial Infection Vector)
Spread laterally on internal network where detection abilities were limited
(Propagation Mechanism)
Evade traditional detection techniques(Persistence Mechanism)
Sykipot
Night Dragon
Shamoon
Stuxnet / Flame
11
Cyber Threats – Initial Infection VectorEffectiveness of Phishing
- Verizon Data Breach Report - ThreatSim
More than 95% of all attacks tied to State-Affiliated espionage employed Phishing as a means of establishing a foothold in their intended victims systems.
12
Examples of Cyber Threats in the Education (publicly known, in the last 6 months)Date Name Records Notes
22-Apr-14 Iowa State University 29,780Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012
27-Mar-14The University of Wisconsin-Parkside
15,000The breach affects students who were either admitted or enrolled at the university since the fall of 2010.
20-Mar-14 Auburn University Unknown Compromised server within the College of Business network
6-Mar-14 North Dakota State University 290,000 290,000 current and former students and 780 faculty
26-Feb-14 Indiana University 146,000 Information was stored in an insecure location for the 11 months
19-Feb-14 University of Maryland 309,079 The university commented at how sophisticated the attack was
7-Jan-14 Loudoun County Public Schools UnknownRisk Solutions International LLC, Contractor - More than 1,300 links could be accessed through a Google search
17-Dec-13 Radnor, PA School District 2,000An employee performing a transfer of personnel data left the data accessible - found and shared by student
3-Dec-13 Chicago Public Schools 2,000Vision exam dates, diagnoses, dates of birth, genders, identification numbers, students school names available online
27-Nov-13Maricopa County Community College District
2,490,000Breach may have exposed the information of current and former students, employees, and vendors.
19-Nov-13 NY ,Sachem Central School District 15,000 Two breaches in the summer of 2013 and November of 2013
13
The Silver Bullet Does Not Exist
“Captive portal”
“It matches the pattern”
“No false positives,no false negatives.”
ApplicationControl
FW/VPN
IDS / IPSUTM
NAC
AV
PKI
“Block or allow”
“Fix the firewall”
“No key, no access”
Sandboxing
“Detect the unknown”
Cisco focuses on the totality of defending against threats
14
Cisco Threat Intelligence Security Intelligence Operation / Vulnerability Research Team
• 500+ security specialists / 24/7/365 / 40 languages• Telemetry from 1.6M devices worldwide• 30B+ queries daily, 30% of all Web traffic• URL reputation scores for Web , Email• >7,500 IPS signatures and >8 million rules daily
EMAILSecurity Appliances
SenderBase
WEBSecurity Appliances
Importance of Reputation• View into both email & Web traffic dramatically
improves detection• 80% of spam contains URLs• Email is a key distribution vector for Web-based
malware• Malware is a key distribution
vector for spam zombie infections
SIO/VRT Enables Email & Web Traffic Analysis, feeds Reputation Information to IPS etc…
SIO
• 2.1M Telemetry Points – Open Source Input• 6,000 Threat Reports / day• NSS Labs 100% Detection rate
VRT
16
Digital Learning & Assessment
• One-to one learning• On-line Test Security – Anti cheat, privacy
• Protecting schools from embedded malware• Application Control –Device and Server
Student Data Privacy & Security
• Protect Personal Identifiable Information (PII) and other data – medical, testing, SSN, financial, address, etc.
• CIPA
K-12 Specific Needs
Application Protection & Control
Mobile Device Security
• Device Security – BYOD• GeoFencing• Segmented Access
17
Digital Learning and Assessment• One to One Learning
Device profiling with resource appropriate VLAN assignment
Tracking of One-to-One devices – MDM
• On-Line Test SecurityWireless network that is interference aware
Blocking malware
URL filtering
Malware detection on a web page
Detecting malware in the network
18
By the numbers
Systems Manager
AirWatch
MobileIron
Good
K 5K 10K 15K 20K 25K
22K
12K
6K
5K
Customer Deployments data pulled from vendor websites
0
19
The evolution of mobility management
MDMMobile Device Management
Get devices connected,
enforce device policies
MDM + MAMMobile Application
Management
Enable easy access and
management of mobile
applications
EMM (MDM + MAM+
MIM + …)Enterprise Mobility
Management
Maximize productivity
through comprehensive
mobile device, apps,
and data management
20
Network integrationSecure enterprise environments
with enhanced visibility into end
clients• Dynamically adjust network group
policy depending on device
compliance• Device compliance determines which
resources users can access
22
Student Data Privacy & Security• Protect Personal Identifiable Information
Access Control – role based access
Security Policies – strong passwords changed regularly
Proper firewall protection
• CIPAURL filtering
Blocking of encrypted connections or the decryption of those connections for further inspection
23
Mobile Device Security• Device Security BYOD
Checking status/posture of device when entering the network
• Geofencing for district owned devicesSolution to detect when the device has left a geofenced area and will issue an alert
• Segmented AccessGuest/Teacher/Student
Device profiling with resource appropriate VLAN assignment
VLAN/resource assignment based on identity
Bonjour management
24
Application Protection and Control
• Protecting Schools from embedded malwareBlocking malware
URL filtering
Malware detection on a web page
Detecting malware in the network
• Application Control – Device and ServerAccess Control – role based access
Layer 7 awareness and allow/deny capabilities
Intrusion Detection/Prevention
Application addition/deletion on mobile devices - MDM
25
Safe & Secure Learning Environments
• Content filtering with cloud-based signature updates
• Identity-based security, filtering, & application control
• Single-click Google and Bing Safe Search integration
• YouTube for Schools ensures safe video-based learning
Cisco Meraki MX Security Appliances make school security easy to deploy and manage, without the need for separate filtering and cache appliances. Wireless APs serve 100+ users each
27
The New Security Model
BEFOREDetect Block Defend
DURING AFTERControlEnforce Harden
ScopeContain
Remediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in time Continuous
28
Mapping Integrated Solutions
BEFOREControlEnforceHarden
DURING AFTERDetectBlock
Defend
ScopeContain
Remediate
Attack Continuum
Malware Detection and Defense
Secure Identity & Mobility
Secure Internal Monitoring
Cloud - Virtual and Physical Consistency