Software installation media should be stored in a centralized location with proper documentation of the number of licenses and number of installations. These media should be protected from harsh environmental conditions, such as excessive heat, moisture, and electrical and magnetic fields (EMF).
All software media should be backed up regularly to ensure that no data are lost. Periodic backups stored in a secure off-site location will make it possible to recover quickly from a catastrophe on site. The agency should take into account regional peculiarities when storing backups off site. For example, in areas prone to earthquakes, media should not be stored in high-rise buildings; in areas prone to flooding, media should be stored in a facility away from the flood plain. Some recommendations for software security are as follows: store software media in a locked cabinet within a proper environment; retain off-site storage for backups of installation media; test the process for restoring software; retain off-site storage of licensing and application documentation; maintain and back up licensing management and related documentation; allow access to applications through the use of network security settings to only those groups/users that require access; implement a software-auditing package to ensure license compliance and to ensure that no unauthorized software has been installed on the agency's system; standardize applications across the agency; use virus-scanning software with frequent definition updates (network-attached appliances are available for e-mail virus scanning); and use spamming prevention or filtering software to prevent unauthorized entry of email (e.g., do not allow web-based e-mail programs, such as Hotmail?). Unauthorized e-mail entry is a serious vulnerability that can lead to the entry of viruses into the network through a "back door." Securing the Network The same security procedures in place for server hardware apply to equipment that supports the network, including switches, hubs, routers, firewalls, access points, cabling, etc. Network equipment should be installed in an environment with proper ventilation and power requirements and should be protected from unauthorized access. The agency should place the equipment in dedicated building spaces. Access should be limited to staff that have a key, combination lock, key card, or other security device. Some basic precautions for securing network equipment are as follows: limit access to network equipment to authorized individuals; do not allow users to install unauthorized network equipment; use secure, encrypted passwords for "root" access (access to the "root" enables users to control entire systems or servers); and ensure proper cabling and cable protection by running cabling under a false floor, avoiding running cable over fluorescent lighting fixtures, and staying within cable/fiber length requirements. A fundamental action the agency can take toward maintaining a secure and reliable network is to hire a qualified individual to serve as the network administrator. Network administration is not a task for the average high school teacher/technology coordinator. Many agencies, however, cannot afford to hire an experienced network administrator for each school and often do rely on faculty for this position. If a teacher/coordinator is to be responsible for a school network, the agency must recognize training and professional development as priorities. Agency network policies and procedures should be clearly defined. These policies should be made readily available to anyone responsible for maintaining the network. Listed below are some items to consider for agencies managing their own networks. The responsibilities of a network administrator are, for the most part, very technical in nature. This reinforces the point that training is critical for anyone with the responsibility of running a network. Agencies should assign one individual to be responsible for network administration (and one individual as his/her backup); limit access to network equipment console screens by login credentials (either on the piece of network equipment or using an authentication server); limit access to Telnet sessions on network equipment through access lists and/or authorized workstations where only authorized users have access; limit protocols running on the network equipment; configure login banners to warn intruders of possible prosecution; use firewalls to prevent unauthorized access between external and internal systems; use unroutable IP addressing schemes within the internal network [Class A - 10.0.0.0-10.255.255.255 (10/8 prefix), Class B - 172.16.0.0-172.31.255.255 (172.16/12 prefix), Class C - 192.168.0.0-192.168.255.255 (192.168/16 prefix)]; utilize intrusion detection systems (IDS); inspect, analyze, and maintain router audit logs; provide ingress and egress access control list (ACL) filtering to prevent IP spoofing; and eliminate unauthorized network resource use by monitoring network traffic and bandwidth usage and protocols to ensure adequate bandwidth for applications; removing the ability to download unauthorized files; restricting remote access to network resources to authorized individuals with types of remote access including dial-up connections, virtual private networks (VPN), and Point-to-Point Protocol (PPP); implementing a multiple-authentication policy for authorized users or integrating into an authentication server; eliminating any "back-door" types of equipment (e.g., user modems installed on desktops); maintaining proper encryption of remote connections to ensure confidentiality; and using VPN technology with proper encryption to gain connectivity through the public networks such as the Internet. Wireless Networks Wireless communication is a rapidly evolving technology that is becoming increasingly prevalent in everyday life. The built-in security for wireless computer networks, however, is relatively weak. Technology coordinators need to pay particular attention to secure these networks properly, and the network administrator must keep up to date on emerging methods for securing wireless networks. Some security measures to consider when planning a wireless network are as follows: shut off Service Set Identifier (SSID) broadcasting and use an SSID that does not identify the agency by name; select a hardware vendor and software revision that has fixed the problem of randomization of initialization vectors (IVs); utilize applications like AirSnort or BSD-AirTools, which will be less likely to crack the agency's Wired Equivalent Privacy (WEP) keys; use 128-bit WEP and change WEP keys regularly. Select a vendor that provides a tool to rotate the agency's WEP keys; disallow access to resources at the first router hop other than the agency's VPN server, which ensures that the only host available to the wireless segment is the VPN server until a tunnel is established; place wireless access points on a dedicated virtual local area network (VLAN). Do not mix wired and wireless clients on the same LAN segment; implement a policy that limits the amount of connectivity a wireless client has to the agency's network. Assess whether students/faculty/staff need more access than TCP/80, TCP/443, etc.; utilize personal firewalls on the agency's workstations; and disable automatic IP address assignment (DCHP). If hackers are able to guess or crack the agency's WEP keys, they will not be able to access the remainder of the internal network because VPN and VLAN architecture with access lists will allow only authorized VPN clients to be routed to the network from a wireless VLAN segment. Hackers will be able to attack clients on the same subnet, however, and if one VPN connection is left up, it could be abused to access the rest of the internal network. back to top
Agencies located in areas where there might be earthquakes, hurricanes, or other natural disasters will understand the need for developing a backup procedure that uses removable media that can be transported off site. All agencies are vulnerable to some type of disaster. The solution is to have a backup plan and an off-site storage facility. Any of the following media are appropriate to use for archiving data: removable storage, magnetic tapes, CD or DVD devices, or network-attached storage. Some backed-up data should be available at all times. For example, while it may be critical to have payroll system backups available on hand, the same degree of urgency may not apply to student portfolio information. Creating a clustered server (i.e., a group of servers clustered together and used to back up the data in various ways) environment increases the likelihood that necessary data will be available when they are needed. The following architecture options are available for clustered environments: Load-balancing environments are clusters of servers arranged to share the load of user requests. Hot standby environments require an identical server attached directly to the primary network server (for monitoring) to immediately take over filling user requests in the event of a primary server failure. Cold-standby environments also consist of a secondary server to which data are frequently updated. In this case, the secondary server must be manually put into operation upon a failure of the primary server. One advantage of this option is that it removes the need to maintain identical servers with interlocking hardware. Documentation Documentation of data file structure, metadata, and system architecture design criteria is essential in any data security plan. In the event of a nonrecoverable failure, the need to recreate an identical architecture is much easier with proper documentation. In the world of technology, with staff moving from job to job, having proper documentation will help new employees. They will be able to provide appropriate maintenance much more quickly if they can refer to written documentation. Often documentation is provided when a network is first installed. It is up to the agency to allocate time so the technology personnel can update the documentation. Otherwise, the old documentation may be of little value. Documentation = Protection Out-of-date documentation = Very little protection Data Integrity Data integrity is vital for any organization. Having poor data is worse than having no data. Maintaining proper data constraints, validation rules, and application controls, such as those identified below, can help to ensure that data correctly input into the system remain intact: No person, other than the database administrator (DBA), should have direct access to data for input or change. Other staff should use applications or programs designed for data input and update. These programs usually have "edits" and other programmed devices to ensure that data are entered correctly. When data are input or changed directly in the database, this protection does not exist. Data applications must contain validation rules, format masks, and data-checking algorithms to ensure data integrity prior to committing to the database. Online applications must contain the same rules as data applications. Database servers should reside on a secure segment of the network (i.e., behind or inside the firewall). Applications should be constructed to a three-tier environment (i.e., database server, application server, and client). Security should be set so that the user logs into the application server ( not the database), with the application server having credentials to go to the database. Proper database design and implementation are essential for maintaining data integrity. Considerations should include archive log rollback segments and rollback log files. Back to top Database Security Database security employs similar security measures as those for operating systems. Database security, like OS security, utilizes logons and passwords to authenticate users. Users are assigned to certain types of groups, which in a database environment are called roles. Systems administrators, backup operators, and standard users are examples of roles that can be integrated into the OS, so that, for example, OS administrators are automatically assigned to the systems administrator role of the database system. Database security can be maintained discretely or can be integrated with OS security. The advantage to integration is that the user requires only one logon for both systems. Security measures implemented at the database system level are only truly effective if used in conjunction with proper security mechanisms implemented at the front-end application, such as dynamic web pages. Additionally, database design must include some security auditing measures, such as those that track when and by whom a particular data element was entered or updated. As described in the above section on OS security, database security should grant user access to data resources, as grouped by role and profile, based on the respective functions. This profile grouping process is preferable to a method that merely grants access to individual users. As with OS security, the default database access security setting should be to deny access. Transmission of data should be secured using protocol applications such as secure sockets layer (SSL) or secure shell (SSH), as described in the "Data Exchanges" section below. Virus Protection Staff training regarding virus protection is critical. Software programs are sets of instructions written in various programming languages. These instructions are compiled or translated into binary numbers that enable a computer's central processing unit to interpret and implement actions. Computer viruses are specific types of programs designed to cause damage to a computer system's data. Virus programs work in different ways and enter the computer via different methods. For example, a virus can be sent as an e-mail attachment, a macro (or mini-program) within a document, an executable program on a floppy disk, or by other means. Virus protection software is an important component of a security system. Virus protection software is a necessary system component that minimizes the possibility of data corruption due to a malicious virus by detecting and removing virus programs. Virus protection software can be purchased for individual computers, but it is most cost effective in large organizations to purchase a multi-user site license (an enterprise license) for the software. Once installed, virus protection software must be updated frequently. People are creating new, and more destructive, viruses all the time. It is vitally important to download and install the latest updates as soon as they are available to ensure adequate protection of computer data. The Family Education Rights and Privacy Act (FERPA) provides guidelines for the protection of student privacy. Data Exchanges With Agencies Inside and Outside the K-12 Community Education agencies have always exchanged data. Schools routinely send student transcripts to each other, and districts send transcripts to colleges and universities. The agency sending data must ensure that any transfer of student information meets the federal, state, and local regulations enacted to protect the privacy of students. 2b1af7f3a8