Last year our CEO asked if I would be interested in starting a Girls Who Code club in our local school system. He had been inspired by the Girls Who Code founder to take action and help close the gender gap in the technology industry. I was excited to jump in and work for a cause that I passionately support. As an educator, I firmly believe that encouraging all my students to share diverse opinions improves our classroom environment. I’m excited to extend this attitude to my technology career. As we encourage diversity in the technology field, we make our teams, our companies, and the industry stronger. Let’s take a look at how encouraging diversity can benefit your organization.
The first blog in this series discussed the importance of including information security in the strategic planning of any educational institution. In today’s blog I would like to take a closer look at the problem of data breaches in education. Cybersecurity is a big topic in the news these days. We are constantly hearing about a new vulnerability or exploit that can infiltrate software or devices. Regrettably, these attacks have led to the exfiltration of sensitive data in many forms. It’s no wonder that education IT professionals have rated information security as a top concern in many EDUCAUSE surveys. Symantec’s 2016 Internet Security Threat Report found that the cost of data breaches in education is the second highest of all industries. These organizations already have tight budgets and dealing with an attack takes away some of those already precious resources. What can you do to protect your assets? A 2016 Ponemon Institute study found the three root causes of data breaches in the education sector are: malicious attacks, process failure, and human error. Keep reading for some tips you can use to lower your chances of a data breach at your institution.
Proactive Network Threat Detection with Monitoring Software
It is important for IT professionals to know the traffic on their network top to bottom. With this in mind, having a powerful tool to break down and analyze the traffic makes that job easier. In addition, network monitoring has gone beyond optimizing network bandwidth and uptime. Insightful flow data gives security conscious IT professionals a new way to stay on top of how the network is used. With this data you can detect out-of-the-ordinary behaviors like data exfiltration or botnets before they become out-of-control problems. For more information on how we can help you get detailed information on your traffic, check out the blog Adding Context to Detection with Netflow.
Review Security Processes and Policies
We’ve all participated in drills that test the plans in place for fires and tornadoes. It is just as important to have an IT security plan in place to protect the data stored at your institution. A well thought out security strategic plan allows administrators and employees to see where they are expected to go and focus their efforts in the right direction. Unfortunately, many educational institutions do not have an up-to-date information security plan, if they have one at all. Some even claim to have a strategy to prevent data breaches in education networks, but really don’t. Creating plans and policies to promote security-conscious behaviors and protocols will help to keep your data safe from potential thieves. Some items you might want to outline in your security plan include:
- Antivirus and encryption solutions
- Access control policies
- Data backup solutions
- Policies that focus on staying up to date with security patches
Are you unsure where to start your security planning? EDUCAUSE offers many resources to assist in the creation of policies that reduce cyber risks.
Educate Students and Staff
Human error is the cause of 25% of data breaches in education. The Symantec 2016 Internet Security Threat Report lists examples of human error, which include someone leaving a computer unlocked, writing a password on a sticky note, losing a device, and behaviors that make an individual susceptible to phishing attacks. Making user education a priority can save you many headaches in the future. It is important to have a plan that includes regular education to promote awareness, along with security audits to verify that the message is being reflected in staff and student behaviors.
The data available at educational institutions are a high-value target for cybercriminals. Becoming proactive by creating a security
The Plixer team recently had the opportunity to attend the 2016 EDUCAUSE Annual Conference in Anaheim, California. Over the course of the show we got to meet with many security, network and executive teams. We listened as they shared with us the problems they are facing every day. Networking teams need efficient and timely ways to monitor the performance and saturation of their resources. Executive teams need reports to help them plan and manage the networking infrastructure. Security teams need to protect assets with the least user restriction possible. As a former educator and technology integrationist this issue resonates with me. There are so many demands on the educational IT professional and they are often working with limited resources and budgetary restraints. Our industry-leading security analytics and incident response system called Scrutinizer helps to provide efficient cybersecurity and threat visibility management for schools and universities, making the most of the resources available to you.
Today’s Cyber Threats are becoming more and more sophisticated. M-Trends 2016 Cyber Security report highlights two new trends from the past year. First, more system breaches were made public in the news media. Second, the attackers were from a wider range of locations and their goals were more varied. These attackers disrupted business, stole personal information, and invaded routing and switching infrastructure. The report states, “Disruptive attacks are likely to become an increasing trend given the high impact and low cost…in that they can cause a significant and disproportionate amount of damage without requiring attackers to possess large amounts of resources or technical sophistication.” How do we stay vigilant with these unpredictable and ever changing tactics? The answer is adding context to detection with the flow data you are already collecting.
Recently some customers questioned if we provide APCON netflow support. APCON, a company headquartered near Portland, OR, develops innovative, scalable technology solutions to enhance network monitoring, support IT traffic analysis, and streamline IT network management and security. They saw that NetFlow is traditionally generated by routers and switches at key locations across the network. There are disadvantages to this approach, however, including the performance impact on key production network routers/switches, the use of network bandwidth to transmit NetFlow records, and the added complexity of collecting records from many sources across the network. Read more
NetFlow Security Analytics
Detecting threats and intrusions on your network is an ongoing, evolving process/battle. Keeping up with NetFlow Security Analytics is something we strive for with each rendition of Scrutinizer. Our algorithms were engineered to effectively identify security breaches, suspicious behavior and provide timely incident response. Read below for some of our latest additions.
VMware IPFIX support and our IPFIX collector, Scrutinizer, give you visibility into the ‘cloud’. In this blog, I will show an example of a communication between two hosts (called tenants) on separate Virtual Machines. Read below, there’s nothing but blue skies.
Today we’ll focus on ZyXEL sFlow Configuration, in order for the switch to monitor traffic and export sFlow to a collector for analysis. Supporting our international customers and future customers, I was unaware of the presence that ZyXEL has internationally. It’s the first choice of many tier-one service providers, connecting hundreds of thousands of companies and millions of end users. Read more
Providing detailed visibility and contextual awareness into network traffic is essential to secure and optimize business operations. While NetFlow and IPFIX reporting have proven to provide these details, sharing this data between multiple vendor applications in an organization can be challenging. Enter, the Scrutinizer NetFlow Application Programming Interface (API).
EDIT 5/30/18: There is a newer version of this article available.
In order to configure Cisco ISE NetFlow, we’re going to take advantage of Scrutinizer’s API (Application Program Interface) by enabling ERS (External RESTful Services), on the ISE appliance.
You probably already know about Cisco ISE (Identity Service Engine) profiling using the NetFlow Probe. However, the ISE appliance can be integrated into your Network Response System, in order to give you contextual details into who is generating traffic on your network.
First, enable ERS and create a new user with ERS Admin, ERS Guest, Super Admin, and System Admin permissions, as these (and only these) privileges will allow queries.
To test your configuration outside of Scrutinizer, use POSTMAN to do a GET, using this URL:
*tip: when using POSTMAN, first navigate to the server with your browser, tell chrome it is OK to use a bad certificate and leave that window open.
Next step is to add the user you just created in Scrutinizer, via command line:
# ./plixer/scrutinizer/bin/scrut_util.exe -ciscoisenode add –host [host] –port [port] –user [user] –pwd [password]
That’s it. For all your hard work, Scrutinizer will poll the ISE appliance every 5 minutes to get updated username information. By going to Status>Views>Cisco ISE, you will see a list of users with details like username, IP address, MAC address, access time and more:
Similarly, you can search the entire database for username, host, domain name, or MAC address:
If you’re already investigating a report, you can click on a host and select the Cisco ISE option from the “Other” menu to quickly figure out what user is responsible for this traffic. Let’s see what applications Maciej is using:
Available on your Scrutinizer appliance, virtual and/or hardware.
If you have any questions, need help with your Cisco ISE NetFlow configuration, or would like to add username reporting to your incident response system, please contact Plixer.