Information Security in Schools
Sierra Lam
IT in Education Section Education Bureau
28-29 Nov 2017
ITE4
1 Infrastructure
2 e-Learning
resources
3
Curriculum &
pedagogy
4 Capacity
building 5
Involving stakeholders
6 Research &
evaluation
Six Actions of ITE4
URL: http://www.edb.gov.hk/en/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-edu/ite4.html
Development of ITE4
Relevance to information security
• Vendors
– Infrastructure under WiFi100 and WiFi900
• Schools
– Grants
• TSS / end users
– Information Security in Schools – Recommended Practices
• Students
– Information Literacy (IL) in curriculum
Infrastructure:
WiFi100 & WiFi900
Terms and conditions in the specifications relevant to:
Preventive measures
Detective measures
Responsive measures
Recovery measures
Preventive measures
Design a secure network…
Existing Network Facilities – not rely on any existing network facilities and cabling of the School, nor interfere with the existing WiFi network of the School. The Wi-Fi network shall be
physically separated from the school network.
The firewall policy should be applied to control network traffic
such that public users should be prohibited to access the internal network segments of the School.
Preventive measures
Enforce Network Security Policy…
The configuration settings of the appliance shall support blocking specific network ports, including ports of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Blocking denial of service (DoS) attacks and malformed packet attacks shall also be configured.
Preventive measures
Apply Access Control …
Authentication Method – use 802.1x standard based
authentication and Hong Kong Education City single sign-on services.
The WLAN system shall allow single or multiple devices per user account to be authenticated using 802.1x and Hong Kong
Education City single sign-on service.
The WLAN system shall suspend the session of the user once the session control is expired and the suspension time shall be configured by the school.
Detective measures
A proactive monitoring system is important…
Managed Service – operate the WiFi network using managed service model, provide end-to-end service with single point of contact including configuration, provisioning of service, proactive monitoring, maintenance and regular reporting.
Responsive / Recovery measures
Define a response mechanism…
Service Level Agreement – ensure at least 99.7% availability of the WiFi service, support four-hour response time and four-hour service recovery with active monitoring, helpdesk support with support hours from Mon to Sat 8:00 am to 6:00 pm, and provide monthly monitoring reports for the School.
CITG
$197,929 – 680,748 ($397,000 on average)
• IT‐related consumables
• Digital resource materials
• Internet fee
• Employment/hire of TSS
• Opening for school's IT facilities
• Maintenance, upgrading and replacement of IT facilities
Funding for ITE4
$48,530 to $121,340 ($70,000 on average)
• WiFi subscription
• Maintenance/
replacement of mobile devices
ITSSG
$300,000
• Employment/hire of TSS
• Additional technical support services such as data migration and cloud management
Recurrent
One-off
OITG ($200,000 )
• Mobile device
• Employment/hire of additional TSS
• E‐resource/platform
ITE4 ($100,000)
• Mobile device
Overview of ITE Grants
Support for TSS / End Users:
Information Security in Schools – Recommended Practice
http://www.edb.gov.hk/attachment/en/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-edu/WiFi900/IT_SecurityinSchools_RecommendedPractice_Aug2016.pdf
Information Security in Schools Security measures
Preventive measures
Detective measures
Responsive measures
Recovery measures
Image source: http://thinkapps.com/blog/post-launch/adaptable-data-center-it-infrastructure/
Suggestions to Schools
Security Incident Handling
Establish school-based
IT Security Incident Response Team
Setup proper reporting procedures:
• Report to the school’s
IT Security Incident Response Team
• School decision to report to
HKCERT? HKPF?
Part 3, Page 11, “Information Security to Schools – Recommended Practice”
http://www.edb.gov.hk/en/edu-system/primary-secondary/applicable-to-primary-secondary/it-in-edu/information-security.html
Information Security Website
Malware Prevention
Training and Education for End Users
Avoid opening suspicious electronic messages, and do not follow URL links from un-trusted sources to avoid being re-directed to malicious websites
Check attachments and downloads against malware before use
Perform regularly data backup and keep them offline
Prevent to use remote access software to connect to a school server or user workstation directly. Use secured channels (e.g.
VPN gateway) with two-factor authentication for better protection.
Use strong passwords and change password frequently
Handling Malware
Some of the ransomware infections and outbreaks in 2017 …
Crysis/Dharma, Bad Rabbit, Petwrap / NotPetya, WannaCry ransomware attacks
In case a computer is infected, users should take the following IMMEDIATE actions.
a) DISCONNECT the network cable of the computer to avoid affecting network drives and other computers;
b) POWER OFF the computer to stop the ransomware encrypting more files;
c) JOT DOWN what have been accessed (such as programs, files, emails and websites) before discovering the issue; and
d) REPORT the case to relevant personnel/ organisation, such as ICT coordinator in school, HKCERT, HK Police Force, etc.
Information Literacy
Source URL: http://www.edb.gov.hk/il/eng
Promotion of
Infographics, Posters and Leaflets
https://www.cybersecurity.hk/tc/resources.php
https://www.cybersecuritycampaign.com.hk/
The Way Forward
Migrate to Cloud Services Professional
Professional Development
Programmes for Senior Management and
Principal IT coordinators / IT team members
What are the needs of schools?
Any suggestions?
Update the
“Information Security in Schools –
Recommended Practice”
THANK YOU!
Enquiry
Use of Funds:(852) 3698 3606
Professional Development Programmes:(852) 3698 3610 Technical Advisory Services:(852) 3698 4148 / 3698 3566