Cyber security is the responsibility of the IT director, teachers, administration, and the board. Loss of valuable, confidential data, downtime and damaged systems are not pleasant issues to deal with. They cost plenty financially. The public relations fallout can be devastating.
While network security is an infinitely complex and dynamic subject, implementing these simple measures will go a long way to protecting your school's LAN.
Disable floppy drive access, USB ports and serial ports on networked computers. These are the most common entry points for mischief. Students do not need access to these drives. They can email or store data elsewhere in a safe 'scanned' environment.
Restrict Permissions. Set permissions so that users can't run downloaded 'exe' or other executable files. If they receive a file which they need to run, you can scan it and run it for them. More work in the short term but in the long term a lot faster than rebuilding a server. Do not allow users to modify any system files. Always lock down your network clients so that they can only perform tasks which you and your administration have agreed on.
Block Instant Messanger. IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens. Prevent worms and other viruses from spreading by disabling the ports which these programs use. Ditto for any file sharing programs like KaZaa.
Password Protect your BIOS. A BIOS without an administrator password is an invitation to mischief. Students love to 'explore' and what better place than a system BIOS! Make sure office and administrative systems are also secure. Many self-proclaimed 'experts' lurk in back offices and faculty lounges just waiting for the opportunity to show that they know more than you do.
Run AV software. Run anti-virus software on all your computers. Doesn't matter whether it is MacAfee, Symantec, Computer Associates or any other brand. License it. Run it. Maintain it. Insist that your clients turn off their systems so that a fresh anti-virus signature loads upon reboot. Keep your anti-virus software signatures up to date. Use the automatic download feature so that you have the latest and best to protect you in these days of extremely short mutation cycles.
Build your Defenses. Install a firewall, content filter, and if possible intrusion detection. If you allow folks to apply online or look up marks and so on, you need the solid protection only a strong firewall. Make sure you configure your equipment carefully. Never accept the default settings. Do not allow any networked system to access the Internet without firewall! Run software firewalls on your laptops. Use hardware for the network.
Beware of Attachments from Unknown, Untrusted Sources. Do not open attachments to email unless you trust the sender. Even then...use common sense. You can always call the sender if the subject or attachment seems untrustworthy. Install a filter to prevent users from accessing forbidden sites. If you accept eRate funding, you will be required so to do.
Monitor your Ports. Install a port monitor to prevent your ports from being scanned. Microsoft operating systems leak like a sieve through ports which untrained network administrators leave open. Open only those ports you absolutely need to function in your environment. Thousands of programs run 24/7 looking for your open ports, just waiting for you to let down your guard.
Encrypt Wireless Access. Wireless is very popular on many school campuses. Use WEP at the very least to prevent access to sensitive files.
Keep Back Office Systems off the Student Network. It's a simple concept but worth implementing. Only administrators and faculty should have access to sensitive files. Use Windows 2000 and 2003 server to assign OU's and lock down unnecessary access tightly.
Require Password to be Changed Frequently. End users become complacent and use the same password over and over. Set your network policies so that the password has to be changed regularly, must not be the same as any of the previous twenty passwords, and must include an uppercase letter and a number. These kinds of passwords are much harder to crack.
Use CTRL+ALT+DEL to Login. Windows 2000 and XP give you the option to logon on with using CTRL+ALT+DEL. Requiring that combination of key strokes adds an additional security layer because somebody physically has to be at the computer to log on.
Stay Current. Keep your networking skills up to date. Or hire folks who are paid to do so. It's cheap insurance against the unthinkable. Read tech journals regularly and attend webinars and conferences to keep abreast of current trends and threats.
Original Source