jisc e safety presentation aoc 2014
TRANSCRIPT
Nigel Ecclesfield, Lee Harrigan-Green, Katie McAllister
20/11/2014 E-safety: safer systems, safer users
E-safety: safer systems, safer users 20/11/2014 2
Speakers
»Nigel Ecclesfield, Head of change implementation support programmes - Further Education and Skills, Jisc
»Lee Harrigan-Green, Senior CSIRT member, Jisc»Katie McAllister, Student support and enrichment
manager, Peterborough Regional College» Jackie Milne, Legal information specialist, Jisc
E-safety: safer systems, safer users 20/11/2014 3
Internet safety and security
E-safety is about safe and responsible practice with technology and the sensible management of risks presented by the digital world. Jisc e-Safety infoKit
E-safety: safer systems, safer users 20/11/2014 4
Purpose of session
»Explore e-safety issues for providers»Safety policies
› Setting objectives and priorities»Safe systems
› External safeguards and support› Internal systems
»Safe users› Safe practices› Increase awareness of e-safety
Jackie Milne, Legal information specialist, Jisc
E-safety and social media - risky mix or recipe for success?
6
Social Media
E-safety: safer systems, safer users 20/11/2014
“The most influential and powerful voice of the people… needs to be regulated”Chloe Madeley
“Ability to give a voice to people who would never have been heard”Bill Gates
“A catalyst for the advancement of everyone’s rights”Queen Rania of Jordan
“Just a buzz word until you come up with a plan”Unknown
7
Storm in a T cup?
E-safety: safer systems, safer users 20/11/2014
FB comments result in sacking Think before you tweet or risk arrest
Sexting pressure on the rise
Social network is social nightmare
Internet trolls may face two years in jail
Teacher in FB meltdown
We don’t need any new social media lawsHalf of child exploitation happens on social networks
8
Which legal duties do you have?
E-safety: safer systems, safer users 20/11/2014
Statutory All of theseContractual Common law
Lee Harrigan-Green, Senior CSIRT member, Jisc
Janet Computer Security Incident Response Team (CSIRT) and keeping yourself safe
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
10
Overview
» About Janet CSIRT (Computer Security Incident Response Team) and our role
» An overview of the incidents we see
» Some examples of incidents
» What can you do to help yourself
» If you have any questions please just interrupt me
11
What is CSIRT?
» Janet CSIRT (Computer Security Incident Response Team)
» CERT© or CERT-CC, IRT, CIRT, SERT
» Names can vary in different organisations, but they all carry out similar tasks:
› Coordinate with our community and other CERTs, ISPs
› Provide advice and assistance in relation to security with confidentiality
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
12
What do we do?
» Incident Response»Proactive Monitoring»Advice and Expertise
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
13
What we don’t do!
» We don’t hack systems
» We don’t probe systems looking for vulnerabilities to advise owners
» We are not the internet police
» We don’t pass information onto the Government / CIA... but we do work with them
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
14
How we detect security incidents
» Netflow data
» Emails or alerts from 3rd parties
» Website monitoring
» Telephone calls
» Keeping up to date with the security landscape / vulnerabilities
» Google searches
» Post incident analysis
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
15
Types of issues we deal with
» Compromise
› Data, usernames, passwords, personal information
› Systems
» Copyright notices
» Denial of service
» Queries
› Law enforcement agencies requests for information (RIPA)
› Legal / policy advice
› Networking / security advice
» Other issues: scanning, phishing, social engineering, unauthorised use, unsolicited bulk email (SPAM)
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
16
Incident type 2012 2013 2014 to date
Compromise 1487 1329 363
Copyright 2000 91 (1293) 2815
Denial of Service 43 127 430
General query 59 82 154
LEA query 46 29 31
Legal / Policy query 7 9 4
Malware 3209 5148 4133
Misconfiguration 0 0 275
Net / Security query 115 89 162
Other 114 196 682
Phishing 243 427 307
Scanning 578 380 137
Social engineering 16 6 1
Unauthorised use 39 42 28
Unsolicited bulk email 238 256 144
Total 8194 8212 (9505) 9666
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
17
Regulation of Investigatory Powers notifications
»Regulation of Investigatory Powers Act 2000
»Graded 1 (critical), 2 or 3
»Must originate from a single point of contact (SPoC)
»CSIRT can verify a SPoC exists in Home Office database
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
18
Recent activities with the National Crime Agency (NCA)
» Gameover Zeus (Zeus-p2p) and Cryptolocker
» Advanced warning of the botnet takedown
» Worked with the NCA and FBI to establish the best course of action from a UK perspective
» Distributed the list of known domains associated with the malware
» Issued advice and guidance to affected customers on the global day of action
» Taken positive action within our resolver service so that our customers are protected from this malware.
» More in the pipeline …
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
19
Example of a hacked website
» A small website was vulnerable to a SQLi attack
» Details of usernames, passwords, and email addresses were dumped
» Automated email received at 23:15
» By 9:30 the following morning we had sent notifications to 42 different sites about the breach
» We also alerted the site that was hacked. They were not aware and took the site offline and also notified all users in their database about the breach
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
20
Example of a Moodle system hack
» Content of usernames and hashed passwords were put on pastebin approximately 3500 unique hashes.
» Investigation started at 08:50 the following day
» A Janet connected organisation system was compromised due to running a old version of administration software on a Moodle server
» 48% of the passwords were cracked
» Site advised of the very weak passwords
» They rebuilt system
» A student at the site was responsible
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
21
Policies are there when you need them
There are many different types of policies that you require to keep yourself safe.
» Disaster Recovery
» Acceptable Use
» Incident Response
» Backup
» And more
We recommend:
» Testing your policies to make sure they work in practice
» Review your policies regularly - trigger points might be a yearly review, change in legislation or a security incident
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014
22
What can you do to keep yourself safe?
» By following best practices you can keep yourself safe
» Logging is the most important of these – Firewall, proxy, DHCP, email and web server
» Use a system log (syslog) to keep them in one easy location
» Keep systems up to date with latest patches and security updates
» Maintain up to date security contacts with CSIRT
» Contact us at CSIRT if you have any security related questions or queries, including advice on policies and practice to keep your systems and users safe
E-safety: safer systems, safer users 20/11/2014 23
Lee Harrigan-Green, Senior CSIRT Member
Lumen house, Library Avenue, Harwell, Didcot Oxfordshire OX11 0SGT 0300 999 2340
Except where otherwise noted, this work is licensed under CC-BY-NC-ND
Katie McAllister,Student Support and Enrichment Manager,
Peterborough Regional College
Equipping learners to be safe
Safeguarding & E-Safety
• The college, in light of the growing child sexual exploitation issues, potential extremism and increasing e-safety concerns, was determined to ensure both staff and learners participated in a constructive dialogue relating to their safety.
The starting point
• Addressing the (potential) increase in cyberbullying, extremism, child sexual exploitation etc
• Meeting our legal and statutory duties relating to ICT whilst reducing any risks
• Identifying all of the across college areas we would need to consider such as our hosting liability and data protection
• Educating employers, contractors, parents/carers
The Challenge
• A rigorous evaluation of our current practices including Jisc guidance & the use of the 360 degree safe self review tool It’s free to access!Provides subject areas (top line and in detail)Provides action plan as you go Identifies AFIs and best practices Is online so a whole college approach is possibleCompares your own responses to others who have completed it
Review tools
Areas for review
Each element has strands.
Each strand has aspects.
The Safeguarding Toolkit
• Resources and documentation to support a tailored recruitment and enrolment process for learners.
• An enhanced induction for Looked After Care (LAC) learners.
• Designated mentors and progress support meetings for LAC learners.
• Online and magazine based hints, tips and guidance (staff and students).
The Safeguarding Toolkit
• HE debates. • Tutorials and across college calendar of events covering
personal safety and resilience for a range of levels/abilities (sexual health, alcohol, mental health, e-safety, being street wise).
• Development of activities and resources to embed within teaching and learning sessions.
Multi Agency work
• Multi agency partnership with housing, city youth workers, council, police, schools and Local Safeguarding Children Boards (LSCB)– members shared expertise and resources which resulted in a
proactive approach to child sexual exploitation, monitoring of city wide tensions and action cohesion work.
• Approach is being adopted by other police forces and was recorded for a Panorama documentary.
Training
• The College Welfare Advisor and a College Youth Worker were specifically trained to support Looked After Care leavers - more vulnerable to child sexual exploitation and radicalisation.
• Staff training incorporating extremism awareness and reporting (WRAP, Prevent).
Training
• Prevent training to over 1000 students by the local Prevent officer.
• The college completed a business continuity plan and staff training with the National Counter Terrorism Security Office (NaCTSO).
• E-Safety handbook/toolkit.• Updated induction staff training.
Impact in 2013/14
• 98% of learners felt safe whilst at college. • 92% retention for LAC learners (9% increase on 12/13).
• 88% retention for unaccompanied minors (5% increase on 2012/13).
• Safeguarding embedded into teaching and learning - differentiated across the levels/abilities.
• Significant, collaborative partnerships with quicker identification of and action to issues.
Impact in 2013/14
• Ongoing, robust self-assessment• The safeguarding toolkit has successfully contributed to
the College receiving:– the BIG award (Bullying Intervention)– Gold ROSPA– the Buttle Quality Mark (Exemplary)– Customer Service Excellence & Matrix– The South West Grid for Learning Trust 360 degree safe award
(first FE college).
Information
• Freshers Fayre Event (1 Oct)• Anti-bullying & Resilience Stand (17 Nov)• Wellbeing Team Stand (E-safety: 1 Dec)• Safer Internet Day Stand (10 Feb)• Be Healthy, Stay Safe, Be Green Event (19 Mar)
Summary
• The College has taken a proactive and passionate stance against these contemporary issues that are affecting our learner’s wellbeing, and our ongoing actions are positively removing barriers and ensuring the learners are able to fully engage with their studies.
• For more information contact: [email protected]
Q&A panelQuestions?
Find out more…
39
Find out [email protected]
www.jisc.ac.uk/internet-safety
Except where otherwise noted, this work is licensed under CC-BY-NC-ND