Security software?

[Ryan Miller]

Does anyone have any good ideas for security and tracking software? Our school network was recently hacked - no clue how or who obtained the password.

[darkfiber1010]

How exactly was your school network hacked? And what kinds of security do you currently have now? Is the school using a domain with policies and restricted user accounts etc.? Is there any kind of firewall?

I used to work at a high school here's 7 things I recommend

(I know 10 would have sounded better but I ran out of ideas lol)

1. Use a domain server such as windows 2000 or 2003 and make a domain called "student" or something. Have a user name and password for each student. And make a group policy in active directory for all students that restricts access to everything you don't want them to have access to. This does two things. First it allows you to keep track of who did what a little better by using user names. Second it strictly defines what users can and can't do on the computers.

2. Before you let any student even get near a computer make sure it is locked down tight. All security patches, strong passwords on local administrator account, BIOS passwords, disable booting from anything but hard drives, etc. And don't use windows 98 if it can be helped (I know there are a lot of you who still like 98, it was good in its time, but it is a huge security risk when it is in a network environment, especially a school.)

3. Have a good hardware firewall I'm brainwashed into using Cisco PIX but they are pretty pricey so if it’s not in the budget, check out Sonic Wall or other vendors.

4. Have a good router, once again I'm a Cisco guy but I know they are expensive. Just don't rely on something like a Linksys model that was made for home use, get something made for serious work. Implement Access Control Lists on the router.

5. Use something for Internet filtering as in what students can and can't see on the internet. You can do this manually by blocking sites on the router etc. Or subscribe to a nice service like Websense that will do relatively everything for you and allow a wide range of management capabilities. I know the district I used to work for made it mandatory to use a product like Websense. Websens is costly though.

6. This might be a no brainer but use strong passwords at least 6 characters, letters, numbers, ASCII symbols @!#$, etc. No words and don't use the same passwords for the router, firewall and administrative accounts.

7. Make a strict computer usage agreement describing what the students can and can't do. Make them sign it and make sure they know what will happen to them if they break it.

I know I've focused mainly on students as a security risk so far but from my past experience it’s not a bad idea to enforce similar security school wide, meaning for the teachers and administration as well.

Hope this helps and let me know how things go, Jon.

[Ryan Miller]

I'm a volunteer techie and I think someone may have obtained the sam file from the local machine? That's just the "main" way I can think of.

We do have everything pretty tight though. They are not able to use run - so that takes care of some issues.

The problem is I have no clue how they would have obtained a sam file?

We're using Novell 6.5.

[darkfiber1010]

It is possible it was the SAM file, there are many programs such as SAM Rape that will allow this. It is also possible it was another password cracking program like LC5 (lopht crack) which has pre-compiled databases of possible passwords and is very effective. Most of these programs however only work if they can be booted to.

If you have the computers booting from hard drive only and are using BIOS passwords then this probably isn't the case. (Unless they physically opened the box, cleared the CMOS settings and changed the BIOS configuration but that is rare)

Another possibility is that the students might have copied the SAM file from the computer and cracked it off site. I would recommend restricting access to the search function on the computers and also hiding the C drive so they can not see or access it.

Finally they could have installed a program while they were logged on like a keylogger or password cracking software. However if you are restricting them from installing programs then this probably isn't the case.

I know your original question was about security and tracking software but if you have Novell already you should be able to create the correct policies in order to lock down the network. However, here is a list of possible choices. http://www.adminfavorites.com/cat_security/

I havn't tired many of them, but Fortress seems to be popular these days.

[Ryan Miller]

Thank you for the suggestions. I was wondering if there was a way to like clear the sam file on exit. Probably not, but it did come accross my mind.

I will forward these suggestions to my tech group.