Network Monitoring: A 360-Degree Plan

3/15/2004 5:00:00 AM

In the movies, a safe and happy ending often comes from last-minute heroics. In the equally virtual reality of school computer networks, however, success more typically depends on day-to-day operations. School IT staff must be constantly vigilant about a large constellation of security concerns, including physical harm, electronic attacks, and even inadvertent problems created by normal use.

Last month, Part 1 of this series, "How to Perform a Security Audit," walked you through the basics of setting up a formal process for identifying these security-related concerns and implementing safeguards. This month, we continue the conversation from the perspective of system monitoring. That is to say, using a combination of techniques and technologies to keep regular tabs on your network, from tracking your school's bandwidth usage with network traffic analyzers to spotting firewall breaches via intrusion detection software. In addition, monitoring entails having a broader awareness of the computing environment and how the system meets user needs.

By taking a holistic approach to monitoring, you'll be able to fine-tune your operating procedures and user policies to reduce risk, and be better prepared to recover from the problems that will inevitably occur.

Staying Aware of the Context

An important aspect of system monitoring, often taken for granted and sometimes forgotten, is the overall framework in which you're operating. Here are two areas to consider.

External Threats

The importance of staying abreast of hidden threats lurking out on the Net cannot be overstated. In fact, experts estimate it would take a malicious user no more than three minutes to find enough code bits to assemble a potent virus or other types of harmful software. You can avoid being taken by surprise by monitoring the IT literature — for example, signing up for the weekly e-mail bulletin of new security vulnerabilities offered by the SANS Institute (www.sans.org).

Internal Needs

Keeping in touch with what your school's leaders and IT users want from your system — now and in the future — is the strategic foundation for successfully serving their needs, and gaining their support in maintaining security.

A good first step to addressing this issue is to create a questionnaire (or conduct a focus group or initiate a needs assessment). Some questions might include:

  • How are you currently using the provided technologies? What are the ways that the provided technology makes your work easier, more productive, or better?
  • What are the biggest frustrations about using the technology?
  • Do you foresee any significant changes in your long-term needs; for example, increased capacity for data collection and reporting?
  • What steps do you currently take to keep your own work safe and the overall network secure? Which of these procedures do you find most irksome and why?

Once you've gathered this data, apply it to your technology plan. Communicate with the community about how they can improve their security habits, change procedures that don't seem to be working, and shape any new initiatives based on user needs.

Operational Issues

Another critical area to monitor is your daily operating procedures.

Environmental Hazards

If you don't already have sensors checking the traditional HVAC concerns-heat, ventilation, and air conditioning — in your server rooms, install them. While you're doing that, don't forget about the possibility of water leaks, flaking plaster, or loose wires. The best monitoring tool is the human eyeball, either peering through a remote camera or peeking through a doorway. Set up a weekly or monthly schedule for inspections, or install a minicam in the more remote locations to bring key images to your desktop.

Physical Access

Installing security software does no good if someone can walk in and carry off the equipment — or just bang it with a sledgehammer. It's not uncommon for the server room to share space with the computer lab or for the wiring closet to also house brooms or other janitorial equipment. And these days nearly every room in a school has a networked computer. In multiple-use locations where students, custodians, school visitors, and others are in daily proximity to computers or other technology, make sure expensive equipment is locked down to a nonmovable anchor. In addition, where appropriate, consider using a security minicam.

System Integrity

A good network management system, usually a combination of hardware and software elements, should allow your school IT staff to observe the state of the network at any given moment. Using asset management software, look for patterns in the kinds of unauthorized and unlicensed software that most frequently appears, and decide if you want to provide some of it through purchase or license (or at the very least, increase user awareness about the penalties for illegal use by distributing copyright information). Regularly examine the reports generated by your firewall, Web filter, and other network applications. Check the usage patterns of any virtual private networks or other methods you use to provide external access to internal resources. (See "Monitoring Technologies.")

System integrity also depends on protecting yourself against unauthorized or unwanted intrusion, whether it's the system-clogging flood of spam into our e-mail boxes, or the endless flow of increasingly sophisticated blended attacks of viruses, worms, Trojan horses, and other malicious software. Proper intrusion monitoring will help you see — and then close — the security holes that attackers use. (Again, see "Monitoring Technologies" for specifics.)

Finally, monitor your system's defenses by conducting regular penetration and stress tests. As discussed in last month's article, numerous private firms perform such functions. Better yet, set up a team of your own students or students from a local college and ask them to find ways to break in to the network. Then ask them to help devise methods to plug those holes.

Data Privacy

Data storage should be centralized to facilitate regular back ups, encryption, and access controls — and ensure that users only get access to the data they're authorized to see, and only can perform the functions that they're authorized to do. That means setting up role-based or user-based permissions for network access (for more information on developing a network rights strategy, see "A Beginner's Guide to School Security"); periodically testing the strength of these protections; and using network traffic analysis tools to monitor usage patterns. Most importantly, all vital data-no matter what the format-should be backed up to off-site storage.

Outsourcing

Outsourcing is commonplace these days. But that means your system — and your liability-extend beyond the district limits to include your Internet service provider, your e-mail service, your payroll vendor, your data storage provider, your application service provider, and anyone else who is an integral part of your system. How secure are their systems? How safe is the data that passes to and from them? You need to ask tough questions about their procedures and past problems. Then you need to get written promises about future performance and acceptance of liability. As much as possible, monitor their actions: you might visit their server rooms; talk to their engineers; or stay in touch with their other customers.

Crisis Management

No matter how good your security system, no matter how hard you try, it's a given that eventually something will go wrong.

Therefore, every district needs to have a business continuity or crisis management plan that helps them minimize damage, recover from security breaches, maintain essential operations, and keep in constant communication with key players and stakeholder groups. The first rule of business continuity is redundancy. All essential data should be duplicated both in another part of your own system and off-site; all communication pathways should have a fall-back alternative; and all key equipment should be replaceable.

But just as having a spare tire in your trunk doesn't do any good if you've let it go flat, it's no use to have a backup system that's not ready to be used. Conduct dress rehearsals about every six months and correct any problems that are revealed. Most important: When the inevitable crisis does occur, treat it as a teachable moment. How do your operations need to be changed in order to prevent the likelihood of future problems?

It may not be the glamorous world of the movies, but the satisfaction of doing your job well can provide a happy ending to the little screen nearest you.



MORE@www.techlearning.com

For additional monitoring resources, see "Learn More".



Steven E. Miller, a former teacher, community organizer, and magazine editor, is executive director of Mass Networks Education Partnership.

Chris Seiberling is the manager of the technology audit and planning program for Mass Networks Education Partnership.

NEXT: Monitoring Technologies


Read other articles from the March Issue

Monitoring Technologies

We've compiled a list of tools to help you deal withh the various areas of monitoring, along with recommendations on how often to use them. The products names here are examples only and are not necessarily endorsed by the authors. Although not included here, multifunction hardware technology from such companies as 3Com, ServGate, SonicWall, and Symantec may also provide effective security solutions.

  Objective Sample Tools Frequency
Vulnerability Scanning Identify technical weaknesses in software, hardware, and system configurations. Some scanning tools include integrated patch management, registry repair, and software update utilities. Web servers:
Achilles (www.mavensecurity.com)
N-Stealth (www.nstalker.com)
SpikeProxy (www.immunitysec.com)
Network:
Microsoft Baseline Security Analyzer (www.microsoft.com/technet)
Nessus (www.nessus.org)
NetIQ Security Analyzer 5.1 (www.netiq.com)
Shavlik EnterpriseInspector (www.shavlik.com)
Sun Microsystems SunSolve (sunsolve.sun.com)
Symantec Vulnerability Assesment (enterprisesecurity.symantec.com)
Web servers should be checked when there are vulnerability advisories and significant Web site changes are made. Total network scans should take place at least twice a year. Firewall and e-mail servers should be scanned daily to weekly.
Network Traffic Analysis Monitor bandwidth usage to verify network performance; identify traffic patterns; and provide forensic evidence of intrusions and inappropriate network use. CyberGauge (www.neon.com)
Iris Network Traffic Analyzer (www.eeye.com)
ntop (www.ntop.org)
Snort (www.snort.org)
Monthly; daily, if problems are suspected
Password Testing Verify that user passwords are appropriate and effective. Cain & Abel (www.oxid.it/cain.html)
John the Ripper (www.openwall.com/john)
Same as number of days between password changes
Intrusion Detection Test the effectiveness of firewalls. dsniff (www.monkey.org/~dugsong/dsniff)
Norton Personal Firewall (www.symantec.com/sabu/nis/npf_mac)
Snort (www.snort.org)
Daily
Wireless Network Surveillance Detects unauthorized wireless access points. AirSnort (airsnort.shmoo.com)
Kismet (www.kismetwireless.net)
Yearly or whenever system changes are made
Virus Scanning, Spam Control, and Content Filtering Detect and eliminate viruses, worms, Trojan horses, and other malicious software; detect and reduce spam; and limit access to undesirable Web sites. Network Associates (www.nai.com/us)
Sophos AntiVirus (www.sophos.com)
Symantec AntiVirus (enterprisesecurity.symantec.com)
SurfControl (www.surfcontrol.com)
Daily
Malware Threat Monitoring Stay informed of current threats. Internet Security Systems Alert Center (gtoc.iss.net/issEn/delivery/gtoc/index.jsp)
SANS InternetStormCenter (www.isc.sans.org)
Symantec DeepSight Threat Management System (enterprisesecurity.symantec.com)
Daily
File Integrity Checking Verify whether data files have become corrupted and detect installation of unauthorized software. Tripwire (www.tripwire.com) Monthly
Review System Logs To remain informed of network and server activities. Backup logs
Server, firewall event, and virus detection logs
Daily

Return to Network Monitoring: A 360-Degree Plan > > >


Read other articles from the March Issue

Learn More

Want to do more research? The Web offers a surplus of information about monitoring and related security issues.

An annotated list of Unix, Linux, and Windows security tools: www.insecure.org/tools.html

Downloadable Unix tools: ftp.cerias.purdue.edu/pub/tools/unix

Comprehensive security guidelines from the National Institute of Standards and Technology Computer Security Resource Center (in particular, check out the NIST Guideline on Network and Security Testing): csrc.nist.gov/publications/nistpubs/index.html

OCTAVE risk assessment methodology: www.cert.org/octave

SANS InfoSec Reading Room, which provides background material on many security topics: www.sans.org/rr

Technical and user-oriented advisories from US-CERT's National Cyber Advisory System: www.us-cert.gov/cas/index.html


Read other articles from the March Issue

Want to read more stories like this?

Get our Free Newsletter Here!

comments powered by Disqus
Tweets
Photo GalleriesView All Galleries >
Acer C720-2844 Chromebook

(www.acer.com) The Acer C720-2844 Chromebook model delivers speedy performance, a quick boot time of seven seconds, and a matte anti-glare display tha...

Britannica ImageQuest

(www.britannica.com) Britannica Digital Learning has upgraded ImageQuest, a resource for schools and libraries that provides nearly three million rig...

ClassFlow

(www.classflow.com) Promethean has released ClassFlow, a free, all-in-one, cloud-based teaching tool that lets teachers create and deliver interactive...

Adobe Voice

(www.adobe.com) Adobe has released Adobe Voice, an animated video app for the iPad that lets users create and share video stories. The app incorporate...

DeskBoard

(www.boxlight.com) The BOXLIGHT DeskBoard mobile cart adjusts both height and tilt for the P8 ultra short throw interactive projector on a white surfa...

Core 36M

(www.bretford.com) Bretford has introduced Core 36M, a 36-unit charging cart that is optimized for Chromebooks but which also supports most tablets, l...

Edmentum Sensei

(www.edmentum.com) Edmentum Sensei is a mobile optimized solution that helps administrators visualize and track overall school, teacher, and student p...

HMH Player

(www.hmhco.com) HMH has released HMH Player, a new native app for iOS and Google Chrome that streamlines the learning experience for improved digital ...

Juice Power System

(www.bretford.com) Bretford has unveiled an easy-to-use modular power system with exchangeable power components. The Juice Power System uses unique &#...

LightSail

(www.lightsailed.com) LightSail Education has announced a literacy accelerator that combines books with in-text embedded assessments and real-time dat...

myON

(www.myon.com) myON has expanded its digital library to include a set of literacy tools to further personalize the reading experience for students whi...

Nervanix Clarity

(www.nervanix.com) Nervanix has released Clarity, an application that monitors student attention levels as they study and guides them to revisit conce...

MathBall

(www.robotslab.com) RobotsLAB has introduced MathBall, a smart sensor basketball and tablet system that offers curricula in algebra, pre-calculus, phy...

MobileAsset.EDU

(www.waspbarcode.com) Wasp Barcode’s MobileAsset.EDU solutions include everything administrators need to account for their assets, from software...

OpenEd Assessment Creation Tool

(www.opened.io) OpenEd has announced a free tool that lets teachers easily create assessments with the question types required by Common Core standard...

Panasonic TH-80LFB70U

(www.panasonic.com) Panasonic’s TH-80LFB70U interactive LED display features high-speed, multi-touch, interactive capabilities to promote partic...

penveu interactive display system

(www.penveu.com) The penveu interactive display system is a handheld device that turns projectors and large screen displays into interactive whiteboar...

PresentationPro

(www.califone.com) Califone has updated its PresentationPro speaker. The PA310 readily connects with computers, LCD projectors, mobile devices, intera...

PowerSync+ Mobile Companion App

(www.bretford.com) Bretford Manufacturing, Inc. has announced the availability of the companion app for its PowerSync+ enabled charge and sync produc...

PureCharge Carts and Stations for iPad

(www.bretford.com) Bretford Manufacturing, Inc. has debuted the PureCharge family of iPad and iPad mini charging carts and stations. By offering pre-i...

ProQuest Research Companion

(www.proquest.com) ProQuest’s new information literacy product, Research Companion, offers videos that guide users through the research process,...

Sphere2 & Class Send Student Engagement Software Platform

(www.averusa.com) AVer Information has developed a Student Engagement platform, providing teachers and students with the tools to transmit document ca...

TabChargeCT2

(www.averusa.com) AVer has released the TabChargeCT2 charge cart solution, which can hold up to 40 Chromebooks, iPads, Android or Windows tablets, lap...

VoiceLift with Instant Alert and Emergency Video Monitoring

(www.extron.com) The Instant Alert function of the Extron VoiceLift Microphone, combined with a PoleVault, WallVault, or PlenumVault classroom AV sys...

SMART Board 6065

(www.smarttech.com) The SMART Board 6065 is an ultra HD, 4K interactive flat panel that offers collaborative capabilities while ensuring lessons run s...

Gaggle Unity Partner Program

(www.gaggle.net) The new Gaggle Unity Partner Program provides free data integration services for all educational technology vendors. Through the Gagg...

Waterford Early Learning, Reading, Math & Science

(www.waterford.org) Waterford Early Learning Cloud can be used at home or to supplement lessons in classrooms. It can also be used for individual adap...

NetSupport School

(www.netsupportschool.com) The latest version of NetSupport School allows teachers to monitor and collaborate with any mix of technology. An enhanced ...

Camtasia

(www.techsmith.com/camtasia) TechSmith’s Camtasia gives teachers the tools to record lessons, create videos, and engage their audiences. Educato...

Panasonic 3E

(www.panasonic.com) Intel has teamed up with Panasonic to announce the Panasonic 3E, which uses the Intel Education 2-in-1 reference design. Designed ...