It is important to have policies in place, but at times these policies may not be followed and this can cause security problems.
As an IT leader we need to consider who or what we are protecting: access to people, access to data, access to resources (finances/equipment).
There can be diversity from district to district in terms of security - some enforce policies more than others.
When putting in a server room an IT leader should consider:
- Who has access?
- How secure is the equipment at a physical level?
- How secure is the data that is being transmitted?
- How simple or complex are the passwords that are being used? (i.e. a strong password will include symbols, numbers and letters in both upper and lower case)
- Are there policies in place for password sharing?
- Is there a policy for passwords? Length is important, the more complex the password, the more secure it is.
- Are there policies for password sharing?
- Can/should a group policy be set up to run screen saver ever x number of minutes to force log on? This can be tricky though, 15 min. is too short when teachers are teaching SMART lessons, but 2 hours would not be secure enough. Maurice suggested that context is an important consideration (student/teacher/sub, versatility is key).
- Is email secure? When data is encrypted it is more secure but in the end, assume that all data transmitted through email can be "read" by others in plain text.
Lyle explained how "honey pot" is used for defence against potential hackers. This provides false opportunities for a hacker to attack and can derail them by getting them caught up in decryption.
Redundancy provides other paths (back up generators, dual hardware etc.) to ensure continued operation if there is a single point of failure. This type of duality can enable consistent service.
Maurice also talked about provisioning for back up storage and he reminded us to consider policies for on-line storage as this can be tricky (Patriot Act in the States for example allows US government to access your information anytime).
An interesting software program we learned about today is Wireshark, which can test a network to see if data is transferring how you want it to. This software hooks into a port on the switch.
The greatest "ah ha" today arose when Lyle stressed how insecure email is!
Our networking activity today involved setting up remote services using Virtual Box Virtual Machine.
No comments:
Post a Comment