LHRIC logo THE SCHOOL INTERNET, E-MAIL AND SECURITY PROJECT
LHRIC logo home | search | Contact | The School Internet, E-Mail and Security Project
LHRIC logo Protecting Students, Staff and Schools from the Hazards of the Internet
Top 22 School Security Risks

1-5 | 6-11 | 12-18| 19-22

1. Human issues such as leaving machines logged on when not in use are the major cause of security breaches in schools. Any user can sit down at a logged on station and have the full network rights of the individual whose computer they are using. Students would be able to get to teacher or administrator parts of the network.

2. There is No "firewall" to protect the school network. Firewall: A system or combination of systems that enforces a boundary between two or more networks. Firewalls protect one part of a network from another. They control the type of data, the source of the data, as well as destination of the data as it flows through various network connections. The school determines the business rules that the firewall will use to control the traffic. It will screen out unwanted traffic and allow all other traffic to move about normally.

3. The school network "Firewall" is improperly configured or not up to date on patches and software revisions. Some schools configure firewalls but create large holes for the outside to get in. For example, some schools allow students to update school websites from home. The firewall is configured to allow an outside user to FTP into the network to upload files. This is fine as long as hackers don't find the hole and use it to attack the network.

4. The school's Web server is on the wrong side of the "Firewall". Some schools put the web server behind the firewall and create a hole so that Internet traffic can get to it. Letting outsiders behind the firewall is a major security risk.

5. The school has not purchased a virus protection subscription. Schools who purchase desktop or server based virus protection but to not subscribe to regular updates and patches are vulnerable to the many new viruses that appear weekly. If you practice safe computing, your chances of getting a virus are small. Your risk of becoming infected is increased, however, if you engage in any of the following activities:
  • Receive and use programs on floppy disks from noncommercial sources (e.g., friends).
  • Use pirated, hacked, or otherwise illegal copies of programs, especially foreign software.
  • Have a public-access computer that runs all the time and that many different people use.
  • Download and run programs from unfamiliar BBSes without testing them.
  • Newly Discovered Viruses

1-5 | 6-11 | 12-18| 19-22

6. There is no regular testing of system backups and no disaster recovery procedures for the school. Many schools regularly backup their data but rarely test the backups to insure their validity. (Some schools have no policy on where data is saved. If it is saved to the C: drive then the backup of the server will not recover important end user data.) In addition, most schools do not have procedures for keeping backups off-site to protect them from disasters. Few have processes to put school data back into operation quickly in case of disaster.

Backup Procedure Slide Escalation Procedure Slides Disaster Recovery Procedures Slides

7. The school has no policy for password maintenance. Teachers, administrators, and students who do not protect their passwords well can easily compromise security. Passwords that are taped to computers, written on mousepads, or shared among students are the keys to major security problems.

8. The school does not restrict students at the computer desktop level. Students who can load software or files from floppy disks onto school machines can infect the system with viruses. Students can inadvertently change configuration files, find their way to network drives, and wreak havoc with the system.

9. The school has no process to monitor student files for unauthorized applications. Routine monitoring of student files to find .exe files, mp3 files, etc. is a fundamental part of maintaining network security.

10. Students in programming classes have access to key system resources. Teaching C++ or Visual Basic gives students access to many of the commands that can peel back network security.

11. Students, Teachers and administrator access E-Mail bombs and viruses.

1-5 | 6-11 | 12-18| 19-22

12. Teachers, administrators, or students who open attachments with e-mail borne viruses run the risk of infecting the entire school network. Popular examples of this type of security threat are the Melissa virus and the I LOVEYOU virus.

13. The school provides Dial-In/Remote Access to the school network without authentication. Any remote access to the network should utilize password authentication at a minimum. Dial-back authentication is preferred.

  • Authenticate: In networking, to establish the validity of a user or an object (i.e.communications server).
  • Authentication: The process of establishing the legitimacy of a node or user before allowing access to requested information. During the process, the user enters a name or account number (identification) and password (authentication).

14. The school allows remote maintenance on their networks. Creating a firewall hole for a legitimate user also raises the risk of a hacker finding and using the hole for a security breach. This access can be provided through a Virtual Private Network (VPN) set up for a single IP address. This greatly reduces the chance of hackers doing damage.

15. The school has installed a network operating system and not deleted generic "Guest Users". These userids can be an open door to hackers. They should be deleted immediately upon installation and set-up.

16. The school has shared hubs. These hubs can be probed by software to pick up passwords.

17. The schools district does not use VLANs. Not using VLANs increases the risk of having students find and attack administrative data.

18. Students or hackers spoof a server. Hackers compromise a web server and use it to send "spoofed" messages throughout the Internet with the school IP domain. CERT paper on Spoofing and remedies

1-5 | 6-11 | 12-18| 19-22

19. The school uses Microsoft Access databases for sensitive information. Microsoft Access has minimal security features.

20. Some schools use students to maintain their networked systems. This can be a security issue if students purposely or inadvertently compromise the network.

21. Schools do not have security policies, procedures, or monitoring processes and tools. CERT paper on Incident Reporting and Escalation

22. Students or hackers employ a Trojan Horse. While you are loading one application (i.e. a screensaver) the hacker is installing his software or capturing key data from your system.

A Trojan horse is a program that does something that the programmer intended, but the user would not approve of if he knew about it in advance. Because most current security systems are based primarily on user-level privilege rather than program-level privilege, any program that you run can read any object you have read-access to, write to any object that you have write-access to, and execute any program or command that you are authorized to execute.

A Trojan horse concealed in a random game program downloaded from your favorite newsgroup can read any file you have read-access to, and mail it anywhere in the world. It can erase, or just shuffle around a few bytes in, any file you can write to. It can send obscene messages to the White House, or post embarassing things to random newsgroups. And it can copy itself into any program that you have write access to. CERT paper on Denial of Service attacks and remedies

Top

Site Last Updated: April 19, 2001.
© Copyright Lower Hudson Regional Information Center (LHRIC).