Bill MacKenty

  Home     Computing     Teaching     Bushcraft     Games     Writing     About  

Educational Network Security - part 2

Posted in Educational Tech Security on 26 - October 2006 at 05:23 PM (18 years ago). 298 views.

image

Part 1

What is security?

The process of ensuring confidentiality, integrity, and availability of computers, their programs, hardware devices, and data (source).

My list?

  • Making sure everything works
  • Ensuring data integrity
  • Only allowing authorized users to access data and resources
  • Keeping physical hardware safe
  • Ensuring data is keep private

Just a short list, I know.  I suppose it could be shortened to “keeping stuff safe”.

Where is the best place to implement?

The best place to implement security is low on the OSI chain.  Routers, switches, and network-level devices are an excellent place to start. These devices control communication, and are an excellent way to secure a network. All the other layers are important as well, but security without the low level stuff really isn’t secure, is it?

Information

Before an attack of infection happens, what is happening on our network? With the right tools, we can analyze traffic, and sniff packets in and around our network. We use router and switch logfiles to see from what MAC address is traffic originating from, shape traffic, prioritize traffic, etc…  This has the double advantage of being able to optimize our network, and troubleshooting problems as they arise. You also have a history to look back on when diagnosing problems.

After something like this happens, we need to gather as much information as possible. I ask who, what, when, why, where and how, applying each question to the issue at hand. I pay attention to disease vector (how did the virus spread, where did it start).

Being stupid

Of course networks and computers need to be secure. But if this security comes at the price of usability, it doesn’t make sense, does it?  I have seen corporate-types lock down a computer to the point of it being unuseable! I suppose we could build a metal box around a PC, unplug it and proudly exclaim, “She’s Secure, Sir!”  This leads us naturally to…

Multiple layers of security

The thinking of “stopping them at the beachhead” is good, but doesn’t really work in a very dynamic network.  Yes it is important to block as much as you can as it comes into your network, but it is equally important to keep each node protected - updated, current anti-virus, etc…

Moreover, it is important inside the organization to block unknown IP addresses, MAC addresses, and require authentication inside the network. Using an authentication server adds a degree of control to the network and creates a virtual paper trail should there be an issue.