Dec 30 2021

5 Ways to Build In an Extra Layer of Network Security

After deploying security tools, take these often-overlooked configuration steps to better fortify your K–12 network.

Security breaches sometimes happen in unexpected ways. Academic researchers from England and Sweden designed a malware variant that can exploit a smartphone’s microphone to steal the device’s passwords and codes. In 2019, 60 percent of businesses in the U.S., U.K., France and Germany suffered a printer-related data breach. Even low-tech fax machines have security vulnerabilities that could allow a hacker to steal data through a company’s network.

These are just a handful of security vulnerabilities, but they should be enough to keep any K–12 school network administrator up at night. Getting regular, third-party security audits will help you sleep better. Using the following ideas to beef up your security will also help:

Click the banner below for customized content and exclusive insights when you sign up as an Insider.

Check for Expired Security Certificates

Most organizations need SSL certificates to keep information private on their websites and prevent unauthorized access. The IT department commonly sets up these certificates when first deploying a website.

Unfortunately, security breakdowns can occur when security certificates are allowed to expire. It is incumbent on IT staff to ensure that all certificates are current, so be sure to add an annual certificate review into IT policies and procedures.

EXPLORE: Take the quiz to grade your district's cybersecurity preparedness.

Implement SSL/TLS Protocols and Keys

Transport layer security is a robust successor to SSL. Both security protocols encrypt data transfers between servers and devices. They also help authenticate user access.

SSL/TLS works with security certificates, but it is up to IT staff to set up the SSL/TLS public and private data access and encryption keys for each server, network resource and user so that only certain users (each with a private access key) can access network resources (which have public keys, because more than one person will use them).

Avoid Storing LAN Manager Hashes

On Windows machines, some organizations still use Microsoft LAN Manager hash algorithms to convert user passwords into two Data Encryption Standard keys for security purposes. These keys are then stored in Windows.

Unfortunately, LM hash protection is vulnerable to fast, brute-force attacks. You can guard against this by disabling the storage of LM hashes in Windows.

MORE ON EDTECH: Protect your district from credential stuffing with these password tips.

Consider Using Server Message Block Signing

Man-in-middle attacks occur when a bad actor inserts himself in the middle of a data transfer and pretends to be a legitimate participant so he can intercept valuable information.

If you are a Windows shop, you can reduce the risk of MITM by implementing Server Message Block protocol on Windows domain servers. SMB affects digital signing on the packet level of communications protocols, which makes it tougher for MITM attacks to break through.

Perform Regular Third-Party Security Audits

IT security audits used to be a luxury. Now, they should be an IT budget staple. You can never know enough about security or the next generation of risks, but security experts can help you stay informed and prepared.

aaa 1

Register