My first job out of school was an administrator role at a local hospital (bear with me, I do have a point). I was excited about my new job because the money it promised would pay for my ‘new’ (read ‘old’) car – and the new mag wheels I had just acquired for it. The car was a 1990 Honda Integra, black, and I loved it.

I arrived at the hospital at 8.45am and parked in the hospital’s secure carpark, activated the car alarm and then reported to the referrals manager for duty. At 11am the phone rang “Is this Mr Duff?…Yes… is your number plate… Yes… can you come to the carpark please?” I assumed my alarm was going off and I needed to switch it off – no biggie.

Arriving at the car park I discovered that my alarm was indeed going off but that wasn’t the only issue. My pride and joy no longer had the $2500 wheels I had just purchased on finance a week earlier. They were gone. Along with the contents of the car. The car wasn’t even on blocks, it had been unceremoniously dumped on the ground. Discarded.

I was shocked, angry and disappointed. I had a car alarm,  I had parked in a secure carpark – I thought I had done the ‘right things’ to secure my possessions and yet I now had a car with significant damage and no wheels. I was also confused – how had nobody noticed all this take place in broad daylight?

It turns out that the original intent was to take the whole car. The alarm (which included an engine kill switch) successfully foiled this plot. It also turns out that I should have listened to the Mag expert and spent the extra money on locknuts to secure my new wheels. Lesson learned.

For me this story serves as a reminder that:

  1. There are bad people out there (and they are often pretty determined).
  2. Security isn’t one-dimensional.
  3. Safe and secure isn’t absolute and requires collective responsibility.

Let’s put this in context: Think of your school’s network as my car and you’ve parked in a secure carpark (the Managed Network). N4L manages the security of the carpark and successfully prevents a LOT of threats occurring across the network (159.8 million in the last quarter of 2016). As much as we’d like to, we can’t prevent everything by ourselves. The reality is that your car is still your car and requires additional security measures. Particularly if, like me, you’ve modified it to suit your tastes/requirements.

So have you protected your vehicle? What haven’t you considered? Will the wheels come off in an attack?

Ok, enough of the analogy already, I’m aware your network doesn’t actually have wheels. It does, however, have many complex moving parts which means there isn’t one blanket security measure to secure them all.

Providing a safe and secure network is only as safe as its weakest link – we all have a part to play. Part of us doing this is providing schools with a secure internet connection but it’s also providing advice when we see practices occurring within schools that compromise their internal network.

From time to time we do notice some common ways schools make themselves vulnerable to threats. So we thought we’d provide you some top tips that we’ve learnt from past experience:

Tip #1: Protect IT

This one seems pretty obvious but a robust password management policy is essential to locking down your network. It sounds so simple, but if you really want to get serious about security, you need to get serious about ensuring robust passwords are used to access your network.

As a general rule it’s encouraged that school passwords:

  • Use long phrases (or passphrases)
  • Consolidate sign in practices via Single Sign On (SSO)
  • Implement Two Factor Authentication (where possible)

The Connected Learning Advisory (CLA) offers some great recommendations for developing a secure password strategy – you should definitely check it out (here).

As a starting point, encourage staff and students to test password strength by using Kaspersky Secure Password Check. While users of the service shouldn’t enter their actual passwords, the site is great at demonstrating how quickly similar passwords can be compromised.

You may be surprised by the result.

Tip #2: Virtualise IT

Remote Desktop Protocol (RDP) is an easy way for teachers to access your school’s data remotely. While this is hugely beneficial for staff – especially at report writing time – the problem is that standard RDP can expose an ‘open door’ for bad people to access your network (and we’ve already established that they’re pretty determined to break or hack your stuff).  These bad people can then use your network as a ‘hop point’ and divert illegal activity through your network or can try and take over your network for financial gain (e.g. via ransomware).

Providing remote access isn’t the problem. In fact, these days remote access is essential. It’s just a matter of ensuring that access to your network is authenticated using a Virtual Private Network (VPN).

Naturally, we recommend our Remote Access Service (RAS) because it provides multi-layer protection by offering access to verified devices with robust passwords – but do have a chat with your ICT provider to discuss your VPN options.

Tip #3: Scan IT

If you’re not already doing this, make sure that your network is regularly scanned for viruses and malware. If at any point you suspect you have been attacked – rebuild the server (or servers) you believe were exposed. An attack can be dormant on the server for some time before forging an attack. The only way to be sure that you have eliminated the threat is to rebuild. It’s an inconvenient truth but failing to rebuild your server after an attack – even a suspected attack – will lead to regret. Maybe not today, maybe not tomorrow, but soon and for the rest of your life (too dramatic?).  

Don’t just take my word for it. Raise these tips with your ICT providers, your Client Manager here at N4L,  the CLA and/or Netsafe. We’re all here to ensure you have the best ability to make informed decisions surrounding the safety of your network.

I think we can agree that cars are more useful when they have wheels. Learn from my mistake – install the locknuts to protect your network and keep the wheels in motion.

Gregs Car

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *