Information Security in Education/Network Defenses

Introduction

edit

Computers have not only transformed society overall but they have also enabled schools to run more smoothly. Large amounts of student and employee data can be managed efficiently, teacher work time is cut down since everything no longer has to be written out by hand and students have access to a multitudes of information. Unargueably, computers have made life easier. However, with this access comes risks. Wherever there are computers there are also criminals waiting to perform malicious acts. School districts need to be especially careful since there can be both internal and external threats to security. This chapter will offer educators an introduction to various network defenses.


What are network defenses?

edit

Network defenses are actions that are taken to protect information, computer and networks from unauthorized activity. These defenses guard against disruption or denial of service, degradation or destruction. [1], Some examples of network defenses are firewalls, demilitarized zones (DMZ's), virtual private networks (VPN's), intrusion detection systems (IDS's), and vulnerability scanners.

Firewalls

edit

What is a firewall?

edit
 

A firewall, according to Schneier (2000)[2] is a piece of software or hardware that keeps intruders out and allows only authorized users in to a network. They act as boundaries between private networks and the vast public network. (Schneier, 2004)[2] Before the term firewall was used in computer lingo it described a wall in a building that was designed to keep a fire from spreading from one area to another (How Stuff Works)[3], A firewall in a computer acts in much the same way as a firewall in a building. A firewall in a network ensures that if something bad happens in one part of the firewall, the computers on the other side of the firewall won't be affected. Intruders to a school network can cause problems in various ways. For example, they can gain access to personal information of staff and students that could lead to identity theft, steal password information, spread viruses, or gain access to stored personal documents.

How does a firewall work?

edit

When a computer firewall is enabled, everything that goes in and out of the network is monitored. If information is flagged by the filters, it is not allowed through. For example, in a school district there may be hundreds of networked computers. In order to protect all of these computers from being directly accessible to anyone on the internet, firewalls are installed at every connection to the Internet. The IT department can then configure the firewall with a set of rules that determine what information is allowed in and out of the network. This allows greater security from hackers. Although school districts use firewalls and other security measures to protect their networks they cannot let all of this security give them a false sense of security. If anyone does get through these defenses, they can live on a network, doing whatever they want for as long as they want. Hackers can find vulnerabilities in networks and silently gather sensitive information or change a system and leave a back door so that he can come and go undetected whenever he wants. [IT Security][4], Because of this, school districts need to have other network defenses in place to safeguard their systems.

What are Demilitarized Zones?

edit
 

A Demilitarized Zone (DMZ) is a place on a network where public services would be placed. (Schneier)[2] Devices cannot direclty access the trusted network from an untrusted network so the DMZ acts as a "go between". For example, you would want to place devices like a web server in a DMZ so that people on the Internet can access the web server in the DMZ but not have access to the protected network. If the web server were to be compromised, this would limit the amount of information that an outside person has access to. The devices on the DMZ may have limited access to certain resources on your protected network such as a school district's student data base.

Intrusion Detection Systems

edit

What is an Intrusion Detection System?

edit

Intrusion detection systems (IDS), according to Schneier (2000)[2] are network monitors. They are devices that have the ability to listen for traffic on a network that may be suspicious such as attacks that are taking place. IDS's alert the people who are monitoring the system of an attack usually while it is happening. These alerts can come in the form of an email, page, text or pop up window. The alerts will let the monitor know how critical the attack is and exaclty what kind of attack is happening. The IDS will also suggest some kind of action that can be taken in order to prevent or stop the attack. To be most effective, IDS devices should monitor traffic both on unprotected and protected networks. The traffic on the unprotected network should be monitored in order to listen for threats before they get to the protected network. IDS devices should also monitor the traffic on the protected network in order to listen for internal threats.

How does an Intrusion Detection System work?

edit

The job of the IDS device is to listen to all the traffic on the network and look for certain patterns. It is used to perform the job that a firewall cannot do. When a hacker attempts to get into a secure network such as a school district's, a firewall blocks these attempts, however, they do not alert a network manager. Since access logs would need to be continuously checked, it could be a tedious job. This is where an IDS is beneficial. Any attempts that are made to get into a network will be logged by the firewall and the IDS will analyze this log. If there are a large number of request-reject entries, the IDS will notice this and alert the network manager. The manager can then see what is happening right after or even while the attacks are still happening [IDS][5], The network manager then has the ability to analyze the techniques being used, source of attacks, and methods used by the hacker [IDS][6],


Virtual Private Networks

edit

What is a Virtual Private network?

edit

A Virtual Private Network (VPN), according to Schneier, (2000)[2] is simply a secure connection over a public network which allows users to communicate just as they would if they were in the same building.

How does a Virtual Private network work?

edit

A Virtual Private Network (VPN) is a way of accessing resources such as printers, servers, and fileshares of a network to remote users. For example, teachers would be able to access the information on their school computer from home. This is done by creating a "tunnel" that is encrypted through an unprotected network. According to Schneier, (2000)[2] a VPN is like a hole in the firewall. A person with a VPN is allowed to tunnel through the firewall into the network. Both a home network and a school network could be considered protected networks. In order to get to the school network from home one needs to go through an unprotected network such as the Internet to access the data. It is important that this communication be encrypted to protect against hackers stealing protected information as it is being sent from the school district's network to a remote network. VPN's can also protect against wireless hijacking of data. Since wireless transmissions are able to be captured by anyone, VPN's can provide an additional level of security to protect against unauthorized viewing of the data.



Vulnerability Scanners

edit

What is a Vulnerability Scanner?

edit

Vulnerability scanners are computer programs that assess all devices on a network for known weaknesses where potential hackers can find a way in. This software finds security holes and classifies the weaknesses into how critical the security hole is. Most vulnerability scanners will also explain how to correct the weakness.

How does a Vulnerability Scanner work?

edit

A vulnerability scanner works by gathering information from the devices on the network by using a database of known vulnerabilities and then attempts to exploit each vulnerability that is discovered. The scanner will look for security holes in services running on the system or do a port scan to connect to a host that is listening for incoming connections. If the host is running an application that uses a certain port, the scanner will attempt to connect to that port and try to exploit the application running on the system.

References

edit
  1. http://www.thefreedictionary.com/computer+network+attack accessed April 17, 2010
  2. a b c d e f Schneier, B. (2000). Secrets and lies: Digital security in a networked world. Indianapolis, ID: Wiley Publishing, Inc. Invalid <ref> tag; name "Scheier" defined multiple times with different content
  3. http://www.howstuffworks.com/firewall.htm accessed April 17, 2010
  4. http://www.itsecurity.com/features/intrusion-detection-for-dummies-072906/ April 17, 2010
  5. http://www.skullbox.net/ids.php accessed April 18, 2010
  6. http://www.skullbox.net/ids.php accessed April 18, 2010