e-Security:10 Steps to Protect Your

School’s Network

http://www.nen.gov.uk

NEN – the education network

Background: NEN advice & guidance

• Developed by NEN Technical Strategy Group

• Information Sheets & Guidance Notes

• Bring Your Own Device (BYOD), Cloud Computing, School Broadband Requirements, Filtering

• NEN e-Security advice: based on CESG advice

• CESG is UK government’s National Technical Authority for Information Assurance, part of GCHQ

• CESG advises organisations on e-security/cyber security

• Government takes this seriously

NEN – the education network

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/395717/10_steps_infographic.pdf

10 steps to protect your school’s network:

1. Ensure e-security is recognised at a senior level

2. Maintain inventories of hardware and software and keep them up to date

3. Make sure technical measures are in place to protect your network (firewalls, filtering)

4. Set user privileges appropriately and enforce strong passwords which must be changed at regular intervals

5. Undertake regular education and training for all users (staff and children)

NEN – the education network

http://www.nen.gov.uk/wp-content/uploads/2015/01/e-Security_-_10_steps_to_protect_your_school_s_network_November_2014.pdf/

10 steps to protect your school’s network:

6. Establish and maintain processes to log and learn from any e-security incidents

7. Ensure technical protections are in place to detect and prevent malware – malicious code or content

8. Network monitoring ensures attacks and other e-security incidents can be detected and responded to quickly

9. Manage the use of removable media (for example, USB flash drives)

10.Establish a strategy for home and remote/mobile use of school facilities

NEN – the education network

http://www.nen.gov.uk/wp-content/uploads/2015/01/e-Security_-_10_steps_to_protect_your_school_s_network_November_2014.pdf/

HMG Cyber Essentials Scheme:

1. Boundary firewalls and internet gateways –prevent unauthorised access to or from private networks

2. Secure configuration – ensure that systems are configured in the most secure way for the needs of the organisation

3. Access control – ensure only those who should have access to systems to have access and at the appropriate level.

4. Malware protection – ensure that virus and malware protection is installed and up to date

5. Patch management – ensure the latest supported versions are used and all necessary patches are applied

NEN – the education network

https://www.gov.uk/government/publications/cyber-essentials-scheme-overview/

Critical security controls - five quick wins:

1. Application whitelisting – allow only authorised software to be used

2. Use standard, secure system configurations

3. Patch application software within 48 hours

4. Patch system software within 48 hours

5. Reduce the number of users with administrative privileges

NEN – the education network

http://www.cpni.gov.uk/advice/cyber/Critical-controls/

NEN – the education network

http://www.nen.gov.uk/wp-content/uploads/2015/01/NEN_e-Security_Checklist_November_2014.pdf

NEN e-Security Checklist:

http://arstechnica.com/security/2015/04/eighth-grader-charged-with-felony-for-shoulder-surfing-teachers-password/