Saturday, February 26, 2011

Security - Network Access Control for Educational Institutions

Network Access Control for Educational Institutions

ForeScout CounterACT helps educational institutions ensure network security, compliance, and guest network access.

Challenges for Educational Institutions

Network security is difficult for any enterprise, but educational institutions face a unique set of challenges including:

  • Seasonal spikes in malware introduced by students returning from holiday break
  • Huge diversity of unmanaged devices connecting to the network - laptops, smart phones, etc.
  • Enabling free information flow while protecting students and faculty
  • Exposure to legal liabilities through P2P application abuse

ForeScout CounterACT Network Security for Educational Institutions

Today's students expect continuous connectivity to each other, to their teachers, and to the Internet. But security is rarely high on their priority list. ForeScout helps educational institutions address key concerns around network security:

Keep the network safe from unmanaged endpoints and rogue devices

When students arrive on campus, their laptops may be infected with malware and have risky applications like P2P already installed. They may totally lack antivirus software. Students can also bring networking gear from home - wireless access points and wiring hubs - and try to connect it to the campus network.

ForeScout CounterACT lets you enforce security requirements for student laptops, such as up-to-date security software. If the laptop has no anti-virus, CounterACT lets you install anti-virus to the student system.

After the student's laptop is connected to your network, CounterACT will continuously monitor the behavior of the laptop for signs of infection or malicious activity. If danger is detected, CounterACT gives you a wide range of controls to help deal with the situation.

CounterACT can also immediately detect and block any rogue devices such as wireless access points and unauthorized wiring hubs. CounterACT gives you detailed visibility into any equipment connecting to the network, including its physical location.

Enable free information flow while protecting student and faculty privacy

How do you protect private information such as student exam data or other personal records? Passwords will take you some of the way there, but many educational institutions are turning to ForeScout CounterACT for a simple network-based solution.

ForeScout CounterACT can separate students from faculty at the network level, while still allowing authorized communications between the two networks. A number of different technologies can be deployed to create and maintain these "Chinese walls" including VLANs, access control lists, and virtual firewalls. See more here.

Prevent illegal file sharing activities with visibility and control over P2P applications

Illegal file sharing and downloads of copyrighted material was officially criminalized under the 1998 Digital Millennium Copyright Act (DMCA) and later reinforced under the Higher Education Opportunity Act of 2008. Although liability limitations exist for network administrators, Section 512 of the DMCA indicates that if subpoenaed, they must disclose the identity of the offending subscriber. They must also terminate accounts of repeat offenders.

By preventing P2P applications on the campus network, educational institutions are able to protect themselves against legal action by digital content owners. Using industry-leading host interrogation technology, ForeScout Counter ACT can scan the end-user system for active P2P applications. CounterACT gives you a range of control options to deal with P2P such as:

  • Audit Mode: Monitor for P2P use across student population and identify potential problem areas
  • Notifications: Can be sent to users to remind them of their liability if illegally sharing copyrighted content. An auditable end-user acknowledgement enables tracking of non-compliance warnings to users.
  • Blocking: For repeat offenders or users suspected of engaging in illegal file sharing, these P2P applications can be blocked from running on their systems.

Sindh Educational institutions given security blueprint

Sindh Educational institutions given security blueprint

Sindh govt recommends establishment of security cells under retired Army officials; deweaponisation of hostels; banning political events inside campuses

Karachi:The Sindh government has approved a security plan for educational institutes in the province in view of recent terrorist incidents in the country, especially the attack at the International Islamic University in Islamabad, according to a statement issued on Wednesday by the press secretary of Sindh Governor Dr Ishratul Ebad Khan.

The heads of the institutions concerned have been directed to take immediate necessary action in this regard.

A meeting regarding law and order and security arrangements at the educational institutions was held on October 21 under the chairmanship of the Sindh governor. A committee was constituted under the Chairmanship of the principal secretary to the Sindh governor. Members of the committee include vice-chancellors of public- and private-sector universities, as well as representatives of Pakistan Rangers Sindh and the Sindh police.

The comprehensive security plan prepared by the committee and approved by the Sindh governor has been forwarded to the heads of institutions concerned for immediate necessary action.

The plan includes the establishment of a “Campus Security Cell,” which should be headed by a well-trained security officer, preferably retired armed force officers. Security staff, preferably ex-servicemen, should be enrolled after necessary security clearance and verification from the special branch. These security staff will be equipped and trained by the police or the Rangers, and the security officer should maintain close contact with the local wing commander of the Rangers as well as the town police officer concerned.

The security in-charge and all related personnel are to have all emergency numbers such as those for police stations, the fire brigade, and ambulance services, as well as the cellphone numbers of the relevant SHO, DSP, DSP, SP, DPO, TPO, and the Rangers wing commander.

Protective measures in the plan include walling campuses, repairing broken wall, raising the heights of fences, and installing barbed wire on walls.

Gates are to be installed at all entry and exit points. Moreover, there should be multiple entry and exit points for use during an emergency; all gates should be manned by armed guards.

Tracks should be developed along perimeter walls to enable mobile patrolling by internal security staff of the respective universities.

Moreover, vegetation along the perimeter should be cleared, concrete road blockers should be placed in a zig-zag way at the gates to force vehicles to reduce their speed and discourage forced entry. Sandbag pickets or guard rooms should be installed at the gates and at various identified locations within campuses.

Close-circuit cameras and communication networks should be installed at gates, as well as other major points and the central security control office.

Emergency phones should be installed at various locations within the campus, and should be connected to the security centre. A map should be made of the whole campus, indicating the positions of various buildings and entry and exit points, and should be handed over to the security officer for use during an emergency.

Separate maps of every building should also be made, indicating each and every room; the number of students who can possibly be present in a particulars class, depending upon enrolment, should also be indicated in every room.

Active measures indicated in the plan include cleansing hostels of weapons and ammunition.

No one should be allowed to carry firearms within campus premises. Entry without ID cards should be banned, and students, faculty members and employees should be made to carry ID cards at all times.

Visitors or guests will be allowed inside campuses only after the submission of original CNICs at the gate. Students and visitors will be searched through metal detectors and walkthrough gates. Vehicle passes will be issued and no vehicle will be allowed inside campuses without a pass. All vehicles should be searched at the gates; glass reflectors must be used to check below vehicles.

Moreover, places where students gather in large numbers, such as canteens, libraries and auditoriums, should have multiple entry and exit points.

Motorcycle or bicycle patrols should be arranged inside campuses to a keep watch on suspicious people and activities. Walkie-talkie sets should be provided at all pickets and mobile guards should remain in contact with the security centre.

Apart from these, the plan encourages the administration of educational institutes to motivate students and parents to cooperate with law-enforcement agencies; sensitise students travelling in university buses to check unknown people; institute a dress code to facilitate the overall security insides campuses.

Political gatherings and events should not be allowed within universities; weddings and other functions should not be held within campuses; professors and officials should be encouraged to cooperate with law-enforcement agencies for maintaining peace and security inside the campus.

Staff vehicles should not be used by students for moving inside the premises, and a complete record of the residents of staff colonies should be maintained. The plan calls for these security arrangements to be put in place immediately.

The local TPO and Rangers wing commander will visit all educational institutions after November 10 to assess adopted measures, and to suggest further improvement in security arrangements.

Moreover, the plan states that the suggested measures may be taken as “broad guidelines,” and authorities concerned are free to adopt other measures in consultation with the local police and Rangers.