Security

Why K–12 Schools Shouldn’t Overlook Switches and Routers

Failure to regularly audit and configure network devices can expose districts to great risk.

Twitter

Banks, co-host of the Packet Pushers Podcast, has been managing networks for higher ed, government, financial services and tech organizations since 1995.

If you plug in a network switch or an internet router from your local big-box store, most of the time it just works. And while enterprise-grade gear requires a bit more effort, the minimum configuration usually isn’t complex. Vendors want the device to work for you.

That’s wonderful, right? Well, sort of. The downside of a network device “just working” is that it’s only minimally secured. Poorly secured network devices are risky. Compromised network devices can impact network stability and data privacy, and they can prevent a classroom from functioning smoothly. Here’s what school IT teams should know about banning risky practices to protect crucial network hardware.

WATCH NOW: Use these cybersecurity tips to protect school systems.

Firewalls Help but Don’t Address Internal Vulnerabilities

A well-configured internet firewall will keep some risks out, but attacks from within your school’s network can easily exploit vulnerable network devices.

Common vulnerabilities and exposures (CVEs) include denial of service, which prevents the device from functioning properly; privilege escalation, which occurs when an attacker gains improper access to the network device; and remote code execution, which an attacker can use to turn your network device into a platform for launching attacks.

Click the banner to discover more resources for updating your K–12 district's network.

Regularly Assess Your Network to Determine Risk

The key to discovering your active CVEs is to scan your network with a vulnerability assessment tool. Armed with a CVE report, you can assess risk and begin patching. Your network vendor will recommend software versions that have resolved the CVEs.

Alternatively, bring in a security consultant who can assess the network, rank CVEs by their level of severity and recommend a mitigation strategy.

Prioritize Patching Network Devices with the Most Risk

New CVEs are discovered constantly, so much so that even dedicated security professionals can’t keep up.

However, not all CVEs represent the same level of risk. Some are critical, while others are ranked high, medium or low. Critical CVEs represent serious risk and should be patched immediately. The others should be considered progressively less risky. Judging CVE risk is the job of an IT professional who understands your school’s network well.

Additional Configuration Steps Help Network Gear Survive Attacks

No amount of scanning and patching can replace proper configuration. However, school IT teams should ensure they are using authentication, authorization and accounting schemes to limit and log what administrators do. Vendor security hardening guides can help make a device resistant to attacks.

Monitoring network devices and collecting their logs can help admins detect unusual behavior that might indicate an attack. Periodic auditing of a device’s configuration and operating state can help ensure it is functioning in compliance with school policy.

DISCOVER: Build in an extra layer of network security with these tips.

Giada Canu/Stocksy