How To Protect Your Network

Here's How:

1. Disable drives
   Disable floppy drive access, USB ports and serial ports on networked computers. These are the most common entry points for mischief. Students do not need access to these drives. They can email or store data elsewhere in a safe 'scanned' environment.
2. Restrict Permissions
   Windows 2000 and 2003 server allow you to set permissions so that users can't run downloaded 'exe' or other executable files. If they receive a file which they need to run, you can scan it and run it for them. More work in the short term but in the long term a lot faster than rebuilding a server.
   Do not allow users to modify any system files. Always lock down your network clients so that they can only perform tasks which you and your administration have agreed on.
3. Block Instant Messenger
   IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens. Prevent worms and other viruses from spreading by disabling the ports which these programs use. Ditto for any file sharing programs like KaZaa.
4. Password Protect Your BIOS
   A BIOS without an administrator password is an invitation to mischief. Students love to 'explore' and what better place than a system BIOS! Make sure office and administrative systems are also secure. Many self-proclaimed 'experts' lurk in back offices and faculty lounges just waiting for the opportunity to show that they know more than you do.
5. Run AV Software
   Run anti-virus software on all your computers. Doesn't matter whether it is MacAfee, Symantec, Computer Associates or any other brand. License it. Run it. Maintain it. Insist that your clients turn off their systems so that a fresh anti-virus signature loads upon reboot. Keep your anti-virus software signatures up to date. Use the automatic download feature so that you have the latest and best to protect you in these days of extremely short mutation cycles.
6. Build Your Defenses
   Install a firewall or a proxy server. If you allow folks to apply online or look up marks and so on, you need the solid protection only a strong firewall and proxy server can give. Make sure you configure your equipment carefully. Never accept the default settings.
   Do not allow any networked system to access the Internet without firewall or proxy protection! Run software firewalls on your laptops. Use hardware for the network.
7. Beware Of Attachments From Unknown, Untrusted Sources
   Do not open attachments to email unless you trust the sender. Even then...use common sense. You can always call the sender if the subject or attachment seems untrustworthy.
   Install a filter to prevent users from accessing forbidden sites. If you accept eRate funding, you will be required so to do.
8. Monitor Your Ports
   Install a port monitor to prevent your ports from being scanned. Microsoft operating systems leak like a sieve through ports which untrained network administrators leave open. Open only those ports you absolutely need to function in your environment. Thousands of programs run 24/7 looking for your open ports, just waiting for you to let down your guard.
9. Encrypt Wireless Access
   Wireless is very popular on many school campuses. Use WEP to prevent access to sensitive files.
10. Keep Back Office Systems Off The Student Network
    It's a simple concept but worth implementing. Only administrators and faculty should have access to sensitive files. Use Windows 2000 and 2003 server to assign OU's and lock down unnecessary access tightly.
11. Require passwords to be changed frequently
    End users become complacent and use the same password over and over. Set your network policies so that the password has to be changed regularly, must not be the same as any of the previous twenty passwords, and must include an uppercase letter and a number. These kinds of passwords are much harder to crack.
12. Use CTRL+ALT+DEL to logon
    Windows 2000 and XP give you the option to logon on with using CTRL+ALT+DEL. Requiring that combination of key strokes adds an additional security layer because somebody physicially has to be at the computer to log on.
13. Stay Current
    Keep your networking skills up to date. Or hire folks who are paid to do so. It's cheap insurance against the unthinkable. Read tech journals regularly and attend webinars and conferences to keep abreast of current trends and threats.

Tips:

1. If you run a small school, don't throw up your hands in panic and do nothing. Firewalls needn't be complicated or expensive. Windows XP includes an effective Firewall. Or you could use BlackIce or [www.ZoneLabs.com ]ZoneAlarm [/link] if your network is 10 systems or less. The trick with Firewalls is to configure them correctly so they keep 'critters' out!
2. There are plenty of low cost and highly effective cyber-security solutions for small schools with small technology budgets. Check out McAfee, and CA for commonly used solutions.
3. Do NOT allow students control of your school's network! They know more than you do! They will leave back doors open and gain control of sensitive data.
4. Hide shared drives by appending a $ to the share name. A C drive becomes C$.
5. "Constant vigiliance! Trust and verify!" These are proven maxims for IT people.

What You Need:

• Cooperation from faculty and students
• An acceptable use policy appropriately enforced
• A secure, climate controlled room for your servers
• Adequate funding from your board
• Backing for cyber-security from your administration