1. Securing the System A K-12 Case Study

2. Background Rural School District 93% Free and Reduced Lunch 1100 students 3 Schools 1 Systems Administrator

3. Regulations CIPA – Child Internet Protection Act NCLB – No Child Left Behind HIPAA – The Health Insurance Portability and Accountability Act FERPA – Family Educational Rights Protection Act

4. Problem Frequent Server Crashes No Backups Patch Levels Out of Date Overlapping Policies Generic Logins Sketchy Licensing Lack of System Security No Technology User Agreement No Valid Technology Plan

5. Steps Taken Redefined the Technology Team Director of Technology Systems Administrator Network/Computer Technician Streamlined and Consolidated Servers and Connections Consolidated the districts data aggregation point Centralized Management of System Established a Backup Procedure

6. Steps Taken Established logins for all students at the middle/high school Required a Technology User Agreement signed and on file Restricted access thru all ports Purchased an I-Prism content filtering solution

7. Steps Taken Deleted all policies and started from scratch Set alarms and monitoring procedures in place to monitor the system Restricted access to the SYS folder to the Technology Team Set up home directories for both students and faculty Re-imaged computers with standard settings

8. Is It Secure? The system, while better, is still at risk for a serious security breach.

9. What Now? To secure the system further: A tiered security policy system needs to be implemented Teachers need to be trained on the use of class monitoring software The district should implement an annual security audit to ensure that all new threats are addressed promptly Money should be budgeted in the general fund for upgrades and future needs

10. What Does It Look Like? Internet Firewall Technology Department District Office Elementary School Middle/High School Novell Gwava I-Prism Sophos 7 Servers 2 Servers

11. Questions?