Return to Headlines

Educational Security Tips

Educational Security Tips for the New School Year 2024

This guide provides educational institutions with essential security measures to protect their network, data, and users in 2024.Monitoring Resources (Updated):

  • Shodan.io:  This website remains valuable for identifying publicly exposed information on your network. They still offer a free premium account for educational institutions.
  • Multi-State Information Sharing & Analysis Center (MS-ISAC):  Their mission remains the same, and their weekly Malware IPs and Domains list remains a valuable resource. Consider subscribing to their threat advisories for updated information.
  • Have I Been Pwned (HIBP): This site remains crucial for monitoring domain breaches. Additionally, consider exploring their free "Breached Password" notification service for staff email addresses.

Email Security (Updated):

  • Blocking Malicious Files: Block known malicious file types as before.  Consider adding password-protected archives (e.g., .zipx) to the list to further reduce phishing risks.
  • Geolocation Blocking: Blocking emails from high-risk countries like Russia and North Korea remains a viable option. However, consider a more dynamic approach by blocking specific IP addresses associated with malicious activity, identified through resources like MS-ISAC.
  • DMARC/DKIM/SPF Blocking: Enabling these email authentication protocols remains essential. Utilize the latest guides from the Global Cyber Alliance for implementation.

Email Client Security (Updated):

  • Disable Automatic Downloads:  Disabling automatic image and script downloads in email clients is still important.
  • HTML Mode vs. User Experience: While disabling HTML email can enhance security, consider a compromise.  Enable a "view source" option for users who need to see full content while maintaining some protection.
  • Email Usage Reports:  Configure reports to track outbound emails per user.  Monitor for sudden increases in outgoing emails, which could indicate a compromised account.

Web Filtering:

  • Blocking Unknown Websites: Using a web filter to block unknown websites remains a proactive approach.  However, consider integrating threat intelligence feeds to dynamically block malicious URLs identified by security researchers.

Firewall/Web Filter Enhancements:

  • SSL Decryption (if feasible):   If all devices are managed, enabling SSL decryption can provide valuable insights into applications bypassing firewall rules and help detect malicious data exfiltration. However, ensure proper handling of decrypted data for privacy reasons.
  • Blocking Outbound Ports: Continue blocking outbound ports commonly used by malware, with the list updated for 2024:
    • TCP: 8081, 4444, 6660-6669, 135, 137-139, 445, 4500, 500, 81, 161, 8083, 8080
    • UDP: 4500, 500, 137-139

Network Segmentation:

  • VLANs: Segmenting the network with VLANs for different purposes (wireless, wired, phones, servers) remains a best practice.
  • Access Control Lists (ACLs):  Continue using ACLs to restrict access between VLANs.  Student/Staff networks should not have direct access to core infrastructure. Update access rules based on current device communication needs.

Windows Client Security:

  • Limited User Accounts:  Remove local admin access from user accounts.  If software installation is necessary, utilize Active Directory Group Policy Objects (GPOs) for centralized deployment.
  • Patch Management:  Aggressive patching remains critical. Configure GPOs for automatic download and install of security updates with a scheduled maintenance window to minimize disruption.

Staff Security:

  • Security Awareness Training:  Regular training programs remain crucial to teach staff about cybersecurity best practices and phishing scams.
  • 2-Factor Authentication (2FA):  Enable and enforce 2FA for all staff accounts to add an extra layer of protection.
  • BYOD Policy:  Maintain a strict web-only policy for Bring Your Own Devices (BYOD) and restrict internal resource access unless specifically needed. Consider implementing a Mobile Device Management (MDM) solution for stricter control over devices accessing the network.
  • Strong Password Policy:  Enforce strong password complexity requirements and encourage frequent password changes. Consider password managers to help users create and manage complex passwords.

Additional Considerations:

  • Phishing Simulations:  Regularly conduct simulated phishing attacks to test staff awareness and preparedness.
  • Incident Response Plan: Develop and maintain an incident response plan to effectively respond to security breaches and minimize damage.
  • Data Backups: Maintain regular backups of essential data with appropriate redundancy and security measures