Are script kiddies hacking your system? How to fight the onslaught of cyber attacks.In the time its takes you to read this article, your network will have been scanned by someone who means to manipulate, damage or outright destroy your school's data. Your adversary may be out in the parking lot right now--a student sitting in a car with a laptop and wireless connection to your server, silently scanning thousands of files. Or the attack may come from an apartment in a European city, where a bored exgraduate in computer programming is watching reruns on TV, while in another room a computer running a virus program he wrote is relentlessly seeking targets. Or in the tiny town of Edcouch, Texas Edcouch is a city in Hidalgo County, Texas, United States. Edcouch is located at the intersection of Hwy 107 and FM-1015. Although in use as ranch land, it was only sparsely settled prior to the 1900s. , near the Rio Grande Rio Grande, city, Brazil Rio Grande (rē`  grän`dĭ), city (1991 pop. , a sixth grader who is supposed to be at home with the flu is crossing his Fingers as he prepares to launch a program script he found in a chat room that promises to brown-out school networks in seconds. Yours, maybe? "On average, 15 seconds after a new Web site appears on the Internet, it's been scanned by a hacker," says Jason Matlof, vice president of marketing and business development at Neoteris, a maker of computer security products. "There are people who do practically nothing else except look for chances to break into networks," he adds. "Some are 'script kiddies'--just inexperienced wannabe hackers fop lowing a program they found on the Internet. Others are criminals looking to steal credit card information. And a few are genuine cyberterrorists--enemies of the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. who try to disrupt government functions. In this last category of targets, schools can be easy pickings." 20,000 Attacks a Bay Probably nowhere else in the networked world is privacy as important as it is in schools. To protect a student's academic standing and health information, schools must comply with the Family Educational Rights and Privacy Act The Family Educational Rights and Privacy Act of 1974 (FERPA or the Buckley Amendment) is a United States federal law codified at 20 U.S.C. 1232g, with implementing regulations in title 34, part 99 of the Code of Federal Regulations. and the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when , to say nothing of federal and state initiatives requiring schools to keep data on students secure for years, even decades. And yet never have schools been faced with so many threats to student privacy, mad to their deep cyberstructure of record-keeping, data storage and curriculum management. The tip of the iceberg tip of the iceberg n. pl. tips of the iceberg A small evident part or aspect of something largely hidden: afraid that these few reported cases of the disease might only be the tip of the iceberg. has already appeared on college campuses. The University of Arizona (body, education) University of Arizona - The University was founded in 1885 as a Land Grant institution with a three-fold mission of teaching, research and public service. , for instance, averages 20,000 hits a day from people trying to find vulnerabilities in its network connecting more than 30,000 computers-the largest non-Defense Department system in southern Arizona Southern Arizona is a region of the United States. It is the southernmost portion of the 48th state, Arizona. Southern Arizona's boundaries are not well defined, but certainly include all of present-day Cochise County, Pima County, Graham County, and Santa Cruz County. . In July 2002, a University of Delaware [3] The student body at the University of Delaware is largely an undergraduate population. Delaware students have a great deal of access to work and internship opportunities. student allegedly hacked into her school's database to change her grades from F's to A's. Yale accused Princeton last year of hacking into its online admission system. And at Oregon State University Oregon State University, at Corvallis; land-grant and state supported; coeducational; chartered 1858 as Corvallis College, opened 1865. In 1868 it was designated Oregon's land-grant agricultural college and was taken over completely by the state in 1885. , a man hacked into the university's system and used stolen credit card numbers to wire money. The problem has become so widespread that the University of Calgary is offering a course on virus writing, with an eye toward virus prevention. Titled "Computer Viruses and Malware," the course will require students to write and test their own viruses on a dosed network to ensure that none of their creations spread beyond the classroom. Another program in rural Maine allows nigh nigh adv. nigh·er, nigh·est 1. Near in time, place, or relationship: Evening draws nigh. 2. Nearly; almost: talked for nigh onto two hours. school students who are performing poorly in academic subjects but have an aptitude for computers to hack test systems in a controlled environment. The intent of the Maine program is to foster awareness of computer security as a career choice and perhaps to turn some of these students into Maine-based computer security specialists. It's just an indication of the lengths some educational institutions are taking to beat back attacks on their systems. Others, of course, are fighting fire with fire and upgrading their technology defenses. (See "Strengthening the First Line of Defense," p. 60) Off the 'Easy Pickings' List At Somerset Area School District, a suburban district with 2,800 students located southeast of Pittsburgh, the administration took steps this past summer to remove itself from the "easy pickings" list. As part of a $1.8 million IT renovation, which includes computers for teachers in every classroom, more than 400 new computers in the student labs, and numerous online curricula and administrative tools, the district realized the need for secure remote access to resources as more systems moved online. "As we continue to migrate processes from paper-based systems to electronic forms," says Julio Velaquez, Somerset's director of IT, "our teachers and administrators now rely heavily on computer-based systems Computer-based systems Complex systems in which computers play a major role. While complex physical systems and sophisticated software systems can help people to lead healthier and more enjoyable lives, reliance on these systems can also result in loss of for everything from grading to curriculum development to accessing a variety of internal and other school related information available in our district intranet." Working with Neoteris, Velaquez and his colleagues wove wove v. Past tense of weave. wove Verb a past tense of weave wove, woven weave a security system that would not be compromised over compatibility issues with different client PCs or Internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. . But with 99 percent of all public schools connected to the Internet, according the National Center for Educational Statistics, how many are battened-down like Somerset against attacks? Still Wide Open "In general, compared to business, schools are wide open," says Peter Reilly Peter Reilly is a fictional character on the FX drama Rescue Me. The character is played by Neal Jones. Peter is the gay son of Chief Jerry Reilly. Peter is also a firefighter. Peter and Jerry are not close, as his father is a homophobe. , director of Educational Technology for the Lower Hudson Regional Information Center, a nonprofit organization Nonprofit Organization An association that is given tax-free status. Donations to a non-profit organization are often tax deductible as well. Notes: Examples of non-profit organizations are charities, hospitals and schools. providing administrative and technology support to 62 districts in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of state. "Ask a superintendent how much of his or her budget is devoted to computer security, and the usual answer is, 'Nothing.' In terms of investing in computer security as an important line item, schools are just beginning to pay attention." What makes schools vulnerable, says Reilly, compared with businesses is that businesses have firewalls in place against outside attacks. But in schools, the attackers are often already inside the defense perimeter. "The people to worry about are inside the wall--kids," says Reilly. "Sometimes the breach in security is accidental, of course. A student clicks on a server and sees files he shouldn't have access to. But there's nothing accidental about a student sitting in the school parking lot on a Friday night using a laptop that school has checked-out to him to log-on through a wi-fi network See wireless Ethernet and 802.11. to unprotected servers inside the building." Reilly attributes part of schools' defenselessness to a double-standard. "If a student breaks into the school at night and spray paints the lockers, that's burglary and vandalism. There's no question the school would take steps to prosecute and protect itself against further incidents. But if another student hacks into the system and does $4,000 worth of damage, the reaction is, 'Wow! That kid is so bright! Who would have thought it? Kids these days sure know a lot about computers.' Burglary is burglary and vandalism is vandalism. We should not send a mixed message about destructive behavior. For a member of years now, we've winked at hackers." Have a Security Audit Done Every administrator in a school environment, says Reilly, has an obligation to be knowledgeable about cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. security, including district-level administrators, such as superintendents, community directors and finance managers, as well as school-level administrators, such as principals, guidance counselors and libraries. "Safeguarding computers is not just for technology professionals," he adds. "Take the teacher who allows a to take attendance on a networked computer. If the student doesn't log-off, the program stays open until the student stops by the computer lab later in the day and accesses it to his heart's content. Educate the teachers in security issues." On the other hand, says Reilly, it's a big job, especially for small districts "cobbling together IT" to devote the amount of time necessary to maintain a safe system. "You may have a part-time teacher who's also the part-time IT director. Updating patches for the system and downloading new virus protections requires regular attention." The best thing any district can do and invest in, Reilly says, is to have a "basic security audit done. Have someone come in from the outside, an expert, and check out your system. You'll find there are three to four easy things the school can do to address 80 to 90 percent of the problems you might face. I always tell IT coordination, 'If I was in your school, I'd have an audit done that compares what you're doing to best practices. There's just no compromising.'" RELATED ARTICLE: Elements of school security. Anti-virus software anti-virus software n → Antivirensoftware f Every computer and server in your network should be protected with anti-virus software. Virus updates come out monthly and are often included in the price of the original software purchase. Districts should take advantage of the latest downloads. Firewall protection A firewall is software or hardware designed to block hackers from accessing your computer network. Data backup Backing up system data and storing it off site is an integral part of any cyber security plan. Regular data backups protect schools in the event of hardware failure or accidental deletions. District administrators need to make sure that backup files are created at appropriate intervals and stored off site. E-mail Make it a rule that both students and adults should only open e-mail from people they know. If an e-mail address See Internet address. e-mail address - electronic mail address is unfamiliar, they should delete it without reading the message. Passwords Set up a district or school plan for proper password maintenance and security. Passwords should be meaningless, change every 90 days, and be available to select personnel only. Passwords should never be shared with students or kept in a location where students can access them (either on paper, or electronically). Charles Shields is a contributing editor A contributing editor is a magazine job title that varies in responsibilities. Most often, a contributing editor is a freelancer who has proven ability and readership draw. . |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion