11

Tony Shoyat – Product Sales Specialist

Network Security for K-12 – What you need to Know

Before - During – After

2

Discussion Topics• Cybersecurity:

What are the threats?

Why is it important?

• What are the Cybersecurity threats and needs for K-12?

• How can you protect your students and network?

3

Cybersecurity ConcernsInternalPolicies

Partners

Education

DOD8570

GovernmentRegulations

NISTPolicy

MS-ISAC

NERCCIP

IntellectualProperty

Theft Embarrassment

MoneyTheft

ProtectingStudent

Data

PII Theft

Reputation

RevenueLoss

InsiderThreat

AdvancedPersistent

Threat

Malware

Hackers

Customer

Damage

Anonymous

State Regulations

SAM 8500

EspionageDISASTIG

4

K-12 Security Implications

• Protecting the studentsWhat they are exposed toIdentity protection

• Network uptime

• Protecting your assets

5

SCHOOL DISTRICT HACKED FOR $80,000

October 22, 2013 WTRF 7News Colin Lawler - http://www.wtrf.com/story/23761350/hacker-targets-bridgeport-school-district

Officials with the Bridgeport (OH) School District say their bank accounts are the target of an unknown hacker. Now more than $80,000 is

missing. District officials say they received a call last week …alerting them to the situation. Authorities …say this was not an inside job and

that all evidence points to an outsider who is not local, hacking in using various technology.

K-12 Headlines

Austin-area district pulls all school websites after hackers post obscenities

December 23, 2013 Houston Chronicle Heather Alexander http://www.chron.com/news/houston-texas/texas/article/Austin-area-district-pulls-all-school-websites-5088235.php

A Round Rock Independent School District principal first reported the problem to officials late on Saturday after parents and students

noticed the dramatic change in the site's content. Education materials (were) replaced with obscene messages and racist threats.

66

The Threat

7

Cyber Activities

• 104% increase in reported incidents by US Government Agencies from 2009 – 20135

• 52% increase in attacks against US Critical Infrastructure 2011 – 20125

• 144% increase in incidents involving PII from 2009 - 20135

• More sophisticated every day – Minute Zero

Threat Landscape

Assets Targeted

• 75% Point of Sale systems

• 20% E-Commerce Systems

• 5% Other (espionage etc…)

1Verizon Data Breach Report; 2US House Intelligence; 3NSA; 4Bloomberg; 5GAO; 6 2012 Norton Cybercrime Report

Cyber Crime

• Money

• Embarrassment

• Espionage

8

Threat Evolution—Requires a Multi-Tiered Response

Reputation (global)

& Sandboxing

2010

APTsCYBERWARE

Anti-virus(Host based)

2000

WORMS

IDS/IPS (Network

Perimeter)

2005

SPYWARE /ROOTKITS

Today

INCREASED ATTACK SURFACE (MOBILITY +Cloud + IoT)

Intelligence & Analytics

(Cloud)

9

Workloads

Apps / Services

Infrastructure

public

tenantshybrid

private

Any Device, Any Cloud

IT Megatrends are creating the “Any to Any” problem

Endpoint ProliferationBlending of Personal

& Business Use Access Assets through

Multiple Methods Services Reside

In Many Clouds

10

Kaptoxa(Target)

Red October

DUNIHI

Shady Rat

Crypto Locker

Zeus (Zitmo)

Citadel

SpyEye (Spitmo)

Examples of Cyber Threats in the News

ThreatCharacteristics:

Bypass the perimeter(Initial Infection Vector)

Spread laterally on internal network where detection abilities were limited

(Propagation Mechanism)

Evade traditional detection techniques(Persistence Mechanism)

Sykipot

Night Dragon

Shamoon

Stuxnet / Flame

11

Cyber Threats – Initial Infection VectorEffectiveness of Phishing

- Verizon Data Breach Report - ThreatSim

More than 95% of all attacks tied to State-Affiliated espionage employed Phishing as a means of establishing a foothold in their intended victims systems.

12

Examples of Cyber Threats in the Education (publicly known, in the last 6 months)Date Name Records Notes

22-Apr-14 Iowa State University 29,780Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012

27-Mar-14The University of Wisconsin-Parkside

15,000The breach affects students who were either admitted or enrolled at the university since the fall of 2010.

20-Mar-14 Auburn University Unknown Compromised server within the College of Business network

6-Mar-14 North Dakota State University 290,000 290,000 current and former students and 780 faculty 

26-Feb-14 Indiana University 146,000 Information was stored in an insecure location for the 11 months

19-Feb-14 University of Maryland 309,079 The university commented at how sophisticated the attack was

7-Jan-14 Loudoun County Public Schools UnknownRisk Solutions International LLC, Contractor - More than 1,300 links could be accessed through a Google search

17-Dec-13 Radnor, PA School District 2,000An employee performing a transfer of personnel data left the data accessible - found and shared by student

3-Dec-13 Chicago Public Schools 2,000Vision exam dates, diagnoses, dates of birth, genders, identification numbers, students school names available online

27-Nov-13Maricopa County Community College District

2,490,000Breach may have exposed the information of current and former students, employees, and vendors. 

19-Nov-13 NY ,Sachem Central School District 15,000 Two breaches in the summer of 2013 and November of 2013

13

The Silver Bullet Does Not Exist

“Captive portal”

“It matches the pattern”

“No false positives,no false negatives.”

ApplicationControl

FW/VPN

IDS / IPSUTM

NAC

AV

PKI

“Block or allow”

“Fix the firewall”

“No key, no access”

Sandboxing

“Detect the unknown”

Cisco focuses on the totality of defending against threats

14

Cisco Threat Intelligence Security Intelligence Operation / Vulnerability Research Team

• 500+ security specialists / 24/7/365 / 40 languages• Telemetry from 1.6M devices worldwide• 30B+ queries daily, 30% of all Web traffic• URL reputation scores for Web , Email• >7,500 IPS signatures and >8 million rules daily

EMAILSecurity Appliances

SenderBase

WEBSecurity Appliances

Importance of Reputation• View into both email & Web traffic dramatically

improves detection• 80% of spam contains URLs• Email is a key distribution vector for Web-based

malware• Malware is a key distribution

vector for spam zombie infections

SIO/VRT Enables Email & Web Traffic Analysis, feeds Reputation Information to IPS etc…

SIO

• 2.1M Telemetry Points – Open Source Input• 6,000 Threat Reports / day• NSS Labs 100% Detection rate

VRT

1515

Requirements in Education

16

Digital Learning & Assessment

• One-to one learning• On-line Test Security – Anti cheat, privacy

• Protecting schools from embedded malware• Application Control –Device and Server

Student Data Privacy & Security

• Protect Personal Identifiable Information (PII) and other data – medical, testing, SSN, financial, address, etc.

• CIPA

K-12 Specific Needs

Application Protection & Control

Mobile Device Security

• Device Security – BYOD• GeoFencing• Segmented Access

17

Digital Learning and Assessment• One to One Learning

Device profiling with resource appropriate VLAN assignment

Tracking of One-to-One devices – MDM

• On-Line Test SecurityWireless network that is interference aware

Blocking malware

URL filtering

Malware detection on a web page

Detecting malware in the network

18

By the numbers

Systems Manager

AirWatch

MobileIron

Good

K 5K 10K 15K 20K 25K

22K

12K

6K

5K

Customer Deployments data pulled from vendor websites

0

19

The evolution of mobility management

MDMMobile Device Management

Get devices connected,

enforce device policies

MDM + MAMMobile Application

Management

Enable easy access and

management of mobile

applications

EMM (MDM + MAM+

MIM + …)Enterprise Mobility

Management

Maximize productivity

through comprehensive

mobile device, apps,

and data management

20

Network integrationSecure enterprise environments

with enhanced visibility into end

clients• Dynamically adjust network group

policy depending on device

compliance• Device compliance determines which

resources users can access

21

22

Student Data Privacy & Security• Protect Personal Identifiable Information

Access Control – role based access

Security Policies – strong passwords changed regularly

Proper firewall protection

• CIPAURL filtering

Blocking of encrypted connections or the decryption of those connections for further inspection

23

Mobile Device Security• Device Security BYOD

Checking status/posture of device when entering the network

• Geofencing for district owned devicesSolution to detect when the device has left a geofenced area and will issue an alert

• Segmented AccessGuest/Teacher/Student

Device profiling with resource appropriate VLAN assignment

VLAN/resource assignment based on identity

Bonjour management

24

Application Protection and Control

• Protecting Schools from embedded malwareBlocking malware

URL filtering

Malware detection on a web page

Detecting malware in the network

• Application Control – Device and ServerAccess Control – role based access

Layer 7 awareness and allow/deny capabilities

Intrusion Detection/Prevention

Application addition/deletion on mobile devices - MDM

25

Safe & Secure Learning Environments

• Content filtering with cloud-based signature updates

• Identity-based security, filtering, & application control

• Single-click Google and Bing Safe Search integration

• YouTube for Schools ensures safe video-based learning

Cisco Meraki MX Security Appliances make school security easy to deploy and manage, without the need for separate filtering and cache appliances. Wireless APs serve 100+ users each

26

Easy to Use Content Filtering Options

27

The New Security Model

BEFOREDetect Block Defend

DURING AFTERControlEnforce Harden

ScopeContain

Remediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Point in time Continuous

28

Mapping Integrated Solutions

BEFOREControlEnforceHarden

DURING AFTERDetectBlock

Defend

ScopeContain

Remediate

Attack Continuum

Malware Detection and Defense

Secure Identity & Mobility

Secure Internal Monitoring

Cloud - Virtual and Physical Consistency

29

repname@cisco.com