That data includes, but is not limited to, student records, personnel records, business, and accounting records. The explosion of networks and Internet related informational activities means that this sensitive data is more conveniently available to authorized staff in ways undreamed of even a few years ago but is also at risk. M-DDCD must address the issue of the security of this data in such a way that all avenues of access are strictly controlled and that the privacy and value of the data are not compromised.
The Office of Management and Compliance Audits (MAC), in concert with
Loss of funding (for example, FEET) due to the transmission of incorrect data to other agencies Unfair penalty or advantage to students due to the transmission of incorrect data (for example, incorrect transcripts resulting in unfair penalty or advantage to students applying for college and/or scholarships) Loss of negotiating or advantage by unauthorized disclosure of lists and other business assets to vendors Liability for incorrect data (including State and Federal penalties) Errors in business decisions due to inaccurate data Negative publicity surrounding the use of incorrect data and subsequent regulatory enforcement Inability to process business transactions in a timely fashion or not at all Sensitive data is defined as any data that should only be viewed by authorized personnel.
Data sensitivity is determined by, but not limited to, federal and state laws (including privacy acts), M-DDCD Board Policies, and decisions by senior staff and/or the data owners (see section 2. 1 of this document).
1. 3 Background of M-DDCD Data Security Historically, almost all M-DDCD data was kept on the M-DDCD mainframe at ITS and access was strictly controlled through the use of the mainframe IBM SO/390 Security Servers (RACE). As long as valuable data is kept on the mainframe, this accepted Trinidad-true method of protection will continue to be the mainstay of our mainframe security efforts. Moreover, it provides a model hierarchical protection scheme, which can be used in an expanded network security paradigm.
This includes the delegation of local authorization duties to an approved supervisor at the site. Approved supervisors include school principals and department heads. 2. 0 Scope In this document, authorized staff will hereafter be defined as all M-DDCD employees, consultants, vendors, auditors, students, temporary help, volunteers, and others authorized by M-DDCD to use the specific M-DDCD computer systems, applications, and information required for the performance of their Job or function. These specific Page 2 of 2 functions are determined and/or approved by the site supervisor. Authorizations without the site administrator’s approval is prohibited.
Modification of The following is a list of some of the individuals/resources the Network Security Standards apply to: All authorized staff, volunteers, students, and vendors as well as unauthorized parties seeking access to M-DDCD computer resources All M-DDCD mainframes, minicomputers, personal computers, outside timesharing reverie, outside suppliers of data, network systems, wireless devices, M-DDCD- licensed software, switches, routers, hubs, wireless devices, and computer workstations All M-DDCD data and reports derived from these facilities All programs developed on M-DDCD time or using company equipment All terminals, communication lines, and associated equipment on M-DDCD premises or connected to M-DDCD computers over physical or virtual links Any equipment not owned by M-DDCD but connected to the M-DDCD network.
All M-DDCD staff and authorized non-staff must be aware of the risks and act in the best interest of M-DDCD. These standards detail staffs responsibilities for computer security. Unauthorized persons who attempt to use M-DDCD computer resources will be prosecuted to the fullest extent possible. 2. 1 Owners of Data All computer files and data are to be associated with a user. In general, unless otherwise specified, the head of the department who requested the creation of the files and programs that store and manipulate the data on the computer is the owner of the data. The owner is responsible for specifying whether the data is sensitive and which user-ids will be authorized to access it, or who will be responsible for giving ouch authorization. 3. Physical Security Adequate building security (both physical and environmental) must be provided for the protection of all physical and logical M-DDCD computer assets and especially sensitive applications and data. Security includes, but is not limited to, lockable doors and windows, limited access, protection from water, fire, and the elements, alarms, access controls, and surveillance devices such as cameras and monitors. Site supervisors must protect all hardware and software assigned to their location. Administrative computers must be segregated from classroom computers. Students ND unauthorized personnel should never have access to administrative machines. Page 3 of 3 4. Non-Mainframe System Security Non-mainframe systems (Local Area Network (LANA) and Wide Area Network (WAN)) must have the same protection methodology in place as do mainframes to ensure MADCAP computer assets are secure. Programmatic methods are to be used to control access to non-mainframe resources. These methods include defining specific users or groups to specific system resources, and use of the “least privilege” concept for access to all system-level resources such as the operating system, utilities, and databases. Least privilege” is defined as a default of no access to these resources and the requirement of explicit permission and authorization by the owner based on need. Non-Mainframe systems must be provided with: 1 .
Auditing/logging of such security-relevant information as log-on information, resource access, and TCP/IP addresses whenever possible. 2. Security modifications and system administrator events. 3. Ability to audit [log specific users and resources on demand. 4. Ability to send specific security sensitive events directly to a specified administrator’s workstation, terminal, or e-mail, preferably with an audible alarm. . 1 M-DDCD Network Systems Security Network systems include any local area network (LANA)2, wide-area network (WAN)3, dial-up, Internet, servers, server connections, switches, hubs, routers, lines, software, and data that are outside the M-DDCD mainframe system.
The security must include both physical and logical layers of protection. As M-DDCD moves from storing and transferring sensitive information used within the M-DDCD in a “closed” network architecture utilizing private and/or leased lines to an “open” network architecture using Internet and TCP/IP networks, employees must pay particular attention to the security of these assets. 4. 1. 1 Network Structure, Hierarchy, and Requirements As a statement of direction, all administrative PC-type servers in M-DDCD should migrate to the Windows 2003 (or above) operating system. Microsoft no longer supports Windows NT or Windows 2000 and will not provide fixes or reports for vulnerabilities, including any new ones found.
No Windows NT servers are to be connected to the network and every effort must be made to remove Windows 2000 servers currently connected. Since these Operating Systems (SO) are unsupported, there is no anti-virus or patching available for them and they are therefore unprotected. Sensitive data should be moved to a server with a higher level SO. Applications should be updated to work on and be moved too higher level SO if at all possible. If an updated version is not available vendors must be notified that Page 4 of 4 they must provide an updated version of the application as soon as possible. All servers still using Microsoft Windows NT must be migrated to a Windows 2003 or above server platform immediately or disconnected from the network.
Administrators of servers currently using Novella, or any other PC network operating system should also strongly consider migrating to Windows 2003 or above Server. Desktops and laptops connected to the network should similarly be migrated to Windows XP SSP or above to take advantage of higher levels of security. 2. The District employs Active Directory Services (ADS), a hierarchical process similar to a pyramid. Information Technology Services has established and maintains the root ADS (the top of the pyramid) for MADCAP and determines local and group policy settings. In Microsoft terms, this structure is best described as a forest. All other District servers will be added to the ITS established Active Directory forest. Below the root in the forest are Organizational Units (Us) that are the school and administrative sites in the District. These local US are simply smaller networks with their own Domain Controllers (DC) that connect to the M-DDCD network. These Dos are under ITS authority and are not to be managed in any way by the local OH administrators. Local OH administrators must strictly limit access to their OH from other US as well as the outside. ITS must have Enterprise Administrator rights to all US in the District forest. ITS must provide advanced notification of group policy changes. 4. Computers with Windows xx or earlier are prohibited from being connected to any M-DDCD network.
The security features of this level of SO are extremely primitive and leave user accounts vulnerable to a variety of risks, including unencrypted caching of user-ids and passwords. As stated previously in this document, all Windows computer SO must be Windows XP SSP or above. This level SO provides protection from the various strains of worms, which propagate rapidly through networks via computers with a lower level SO. Although Windows 2000 workstations employ a better security paradigm than Windows xx, they are no longer supported by Microsoft and should be replaced and/or removed from the network as soon as possible, as described in preceding sections. 5. All locations must migrate from the original school and District networks to the decathlons network.
Most of these are old networks with weak security and must be removed from production immediately. 6. M-DDCD Board Policies/directives/standards regarding the following topics must be read and followed at all times: M-DDCD Acceptable Use Policy of the Network/Lenten for staff http:// www. Enola. Com/mediated-FL/search/policies/p07540. 04. HTML M-DDCD Acceptable Use Policy of the Network/Lenten for students http:// www. Enola. Com/mediated-FL/search/policies/p07540. 03. HTML Page 5 of 5 M-DDCD Board Policy regarding Copyright http://www. Enola. Com/mediated-FL/search/policies/p02531. HTML M-DDCD Board Policy regarding staff use of District e-mail systems http:// www. Lola. Com/mediated-FL/search/policies/p07540. 05. HTML M-DDCD Board Policy regarding student use of District e-mail systems http:// www. Enola. Com/mediated-FL/search/policies/p07540. 06. HTML The Office of Management and Compliance Audits (MAC) web site, which includes the School IT Audit Assessment http://Mac. decathlons. Net/audits/it. Asp 7. Each department or school must maintain a disaster contingency plan to provide for recovery of data in case of catastrophic loss. At minimum, all MADCAP data must be backed-up once a week and all mission-critical data must be backed-up daily. Data on the backup media will be verified as usable. 8.
Administrative computers are defined as non-classroom computers on which M-DDCD requisition and business functions, exempt student academic and demographic data, staff e-mail directives, staff tasks, etc. Are stored and/or viewed. These computers should be kept physically and virtually separate from instructional computers. Students are not to have access, either physical or virtual, to production servers or any administrative computers. 9. Every effort should be made to secure classroom machines on which student testing, test grading and evaluation, grade book activities, and staff e-mail functions are carried out. This includes: a. Installing application passwords and timeouts, b. Up-to-date anti-virus software, c. Separate computers for teacher use only, d. He most current version of the District’s patch- management software to ensure the computer has the most recent software and operating system security patches, e. Installation of anti-spare applications when available, f. Possible storage of grade and test data on removable (encrypted) media, and g. Limiting unsupervised student access as much as possible – individual student accounts or common student accounts (STUDENT) should be separate from teacher accounts. Page 6 of 6 10. All administrative computers and server consoles that are used to access or control sensitive data must have a screen saver timeout and password after a specific period of inactivity or some other lockout mechanism to prevent unauthorized persons from accessing the data via the logged-in user’s account.
The Windows timeout with password is available even if the specific application does not have one. Users should also be in the habit of locking their computer or logging off when they are finished or leaving the computer unattended, even for a brief time (See section 5. 1. 3 in this document). These computers may also have boot-up passwords. The timeout may be temporarily turned off by the local adman when the computer is to be used for presentations or other instructional activities but must be turned back on when the activity has been completed. 1 1 . Classroom computers are defined as computers used by students or servers that once instructional computers.
There are to be no administrative applications, especially mainframe sessions, installed on any of these computers or servers. 12. Outside access to M-DDCD networks should only be through “hardened” Web servers. This means that Web servers should have no other applications running on them and should not connect easily to the rest of the M-DDCD network. Information on Web pages must be kept as current as possible. 13. Access to critical resources should be managed by assigning individuals to a group. The group should be set up with the authority necessary to do the specific job/task or access specific data. This will provide management with a more efficient method to remove access authority when a user no longer is responsible for performing the task.
Group membership should be reviewed on a regular basis to ensure all members are appropriate. Under no circumstances should users be assigned data folder or application rights as an individual, except for home folders. 14. Locations maintaining their own network components must keep diagrammed documentation indicating how the network is physically conferred (I. E. , location of servers, switches, routers, etc. ). 15. All software that restricts, prevents or inhibits updates sent by ITS, including, but not limited to Deep Freeze, Fortress, Clean Slate, HAD Guard, and others of this type are not to be installed without written permission from ITS. 16.
No form of “Wake On Lana” (WOOL) tool should be used to automatically turn on computers unless it is for immediate maintenance purposes, such as imaging or to allow monthly updates to be sent. The use of this type of a tool undermines the purpose and effect of the new Power Management Program, which is a District-wide initiative that will save millions of dollars and help reduce emissions (See 5. 0. 17). In addition, local power management settings on PC’s should only be altered by ITS. Page 7 of 7 4. 1. 2 Data Access, Transfer and Communication 1 . Firewalls are servers that function as a barrier preventing unauthorized outside access to the M-DDCD network.
Exceptions requiring access from the outside must be documented by filling out It’s Remote Client Support Agreement IP Entry (FM-6045) (old), or either of the new VPN/Dial-Up Access Request forms (FM-6629, for vendors or employees). ITS will keep firewall audit logs and review them regularly for illicit activity against the firewall. 2. Access to secure mainframe applications via the network requires RACE authorization. 3. Dial-in to the M-DDCD network requires network authorization and access authentication. 4. Accessing District resources using Remote Access Services (RASA) such as Digital Subscriber Line (DSL), dial-in technology with a modem, from external providers may pose a risk to the network and the data. This provides a “back door” around network security by giving users a direct connection to a remote server.
If remote access is authorized and sensitive/confidential data is to be transmitted, the line must be secured by Virtual Private Network (VPN), Secure Socket Layer (SSL), or some other genealogy that encrypts the data so that it is never transmitted in clear text. Hackers using “sniffed” technology often scan transmission lines looking for data they can use. Examples include user-ids and passwords, account numbers and financial information, student data deemed exempt from public release by state law, or Human Resource (HRS) data. 5. The use of communications software that provides the ability to remotely “take over” a network connected PC is prohibited unless authorized by ITS. If it is used, it should be strictly controlled by the local administrator and user.
It should be turned on only when support is needed (and the user has given permission, if applicable) and immediately turned off once the support has been provided. Certain remote administration tools, like VAN freeware, are unsupported, have known security vulnerabilities, and are removed when found by the District’s anti-spare. ITS recommends district technical staff uses Damager as a low cost alternative to VAN. 6. Confidential data taken from the District, whether via laptop, Jump drive, removable media like a CD or floppy disk, PDA, e-mail, FTP, printed report, or any other method, must be encrypted, redacted, or otherwise terrorized so if the content falls in the wrong hands it cannot be misused.
Agencies outside the school system’s secure “cloud” that engage in File Transfer Protocol (FTP)5 operations or e-mail transmission with the District in which confidential data is transferred are to be encouraged to utilize an encryption process requiring asymmetrical (public and private) keys, such Page 8 of 8 as BGP (Pretty Good Privacy). Transfer of confidential data and any exceptions to the encryption process must be authorized by ITS. 7. Application software that has built- in security functions must have these functions activated when this software involves influential data. In addition, new software purchased to handle confidential data should have security capabilities as documented in sections 5. 1 Usuries and Passwords and 4. 0 Non-Mainframe System Security. 8.
Users should be aware that unprotected folders on the network are prey to many different forms of hacking. It is the responsibility of the local site administrator to ensure that this data is secure. 9. Network Administrators, including ITS staff, are prohibited from viewing or otherwise manipulating user files on the users’ local drive without the permission of he user or the approval of appropriate administrative, legal or police staff unless there is a critical need to do so. Critical need is defined as faulty system function, virus activity, illicit hacking or Internet activities, pornographic or other offensive material activity, or other violations of District policies.
These policies include, but are not limited to, the Network and Internet Acceptable Use Policy, the Staff and Student EMail Policies, the Copyright Infringement Policy, the Network Security Standards or any other District policy, Board Policy or directive relating to user conduct. It should e noted that the District e-mail policies discuss the lack of privacy in the e-mail system at length. 10. Personal or vendor-owned devices such as desktops, laptops, Personal Digital Assistants (Pads), etc. , or portable/removable storage devices/media such as Universal Serial Bus (USB) Jump drives should not be connected to any M-DDCD network without network administrator/site supervisor approval. These devices may carry applications, configurations, viruses, etc. That pose a risk to the network or may be used to remove sensitive data from the network. School system technicians may grant approval after,