NETWORK SECURITY...users; including but not limited to Psiphon, Betternet, Ultrasurf, SurfEasy,...
Transcript of NETWORK SECURITY...users; including but not limited to Psiphon, Betternet, Ultrasurf, SurfEasy,...
NETWORK SECURITY
PRESENTED BY
KAREN BOULANGER
EXECUTIVE DIRECTOR, IT
DEFINITION
Network security is the protection of access to files
and directories in a computer network against
hacking, misuse, and unauthorized changes to the
system.
Common Network Security Threats
•Viruses, worms, and Trojan horses
•Spyware, malware, and adware
•Denial of service attacks
•Data interception and theft
• Identity theft
Malware
Software created to act maliciously and destroy or access a computer’s
information without the knowledge of the user. It is often launched through a
link on a website or email that installs in the background.
Phishing
Phishing is the practice of using deceptive email messaging and websites to trick
users into giving up confidential – often financial – information. If often looks
like it is coming from a trusted brand or institution, including your employer. The
name is related to the idea of “fishing” for leads.
Protection Measures and Tools
• Accounts with strong passwords(8 character minimum; 3 of 4 required - capital, lower, number, or special)
• Regular computer updates(requires machines to be shutdown and restarted daily)
• Endpoint Protection
• Palo Alto Firewall
• iBoss Web Filter
• ClearPass Wireless Management
How can staff and students help?
• Use individual network accounts and not share login info with others.
• Keep strong, difficult-to-guess passwords and do not post them in
easy-to-find locations.
• Do not click on links or open attachments in suspicious-looking emails.
• Be sure you are on a secure site for confidential and financial
transactions. Look for “https” prefix, not just “http”.
• Shutdown ALL machines nightly (to prevent intrusion and to obtain
critical security updates and patches).
• Submit help desk ticket if Endpoint Protection
is not running on your district/school machine.
LOOK FORs
• A mismatched URL - Hover over the link to see the actual address
• Misleading domain name that seems to be legitimate
such as microsoft.emailtest.com
• Poor spelling or grammar
• Requests for personal information
(such as username, password, credit card number, answer to a security question)
• Any requests for money
• Offer seems too good to be true - If received in an email, it probably is!
• You didn’t initiate the action and/or you were not expecting to receive the link or
attached file, even if it seems to come from someone you know.
• Unrealistic threats or extremely urgent need for response
If something just does not look right, investigate and verify!
If you receive unwanted emails, please simply report it by
clicking the “Report Spam” icon:
Incidents Seen and Addressed in our Schools
• Cyber bullying, Vulgar language, Misuse of Chatexample: Enfamil attack last year
• Viewing pornography on school computer; filming/sending video by cell phone
• VPN/Proxy Apps for filter avoidance (on phones and USB drives)
developed primarily for bypassing or avoiding the web filtering policies that are currently in place for all
users; including but not limited to Psiphon, Betternet, Ultrasurf, SurfEasy, Avast secure line, etc.
• Botnetcollection of infected computers used to perform malicious actions on a hacker’s behalf
• Keylogger softwaretype of spyware used to record a user’s keystrokes; used to attempt to replicate passwords/usernames
• Executable files (on shared drives and USB drives)
These files are being brought in as standalone applications on student’s flash drives that they are in turn
using to running gaming applications, other operating systems, and proxy avoidance in our environment.
Also, many viruses enter our network via .exe files, from email links, email attachments, and flash drives.
Information Technology Code of Conduct gr 6-12
Violation Levels
Strict Enforcement
is required to
protect RRPS!
High School Student Discipline Matrix (Middle School is nearly identical)
Violation
Level 1
Violation
Level 2*
Violation
Level 3*
* RRPD referral may be filed on all Level 2 and 3 infractions.
Please help spread the word!
Please communicate network security concerns to all staff, students, and
parents. Help everyone understand how to protect themselves and the RRPS
network with the items on slides 7-9.
Related IT Topics
•Personal devices with filter avoidance apps
•Continued enforcement of violations on district devices
•Pilot of RRPS-provided student e-mail
•CIPA Compliance and Internet Safety Education
•USB Drives
QUESTIONS?