教育网络——连接和安全的难题

格雷格Kovich

2018年10月23日

随着BYOD在校园里成为现实, a multi-layered strategy that secures networks from within is key to protecting data and devices.

It’s a digital explosion of 设备和东西, and it’s happening all around us. 问题是，你准备好了吗?

In recent years, the education sector has become not just a target, but rather 有利可图的目标，用于恶意的网络活动. 成千上万的学生, 工作人员和网络管理员都处于高度戒备状态, and institutions have been disrupted due to threats as extreme as a murder, 或者索要过高的赎金.

The sheer number of devices that flood a campus network on any given day can overwhelm most IT departments. Plugging the holes of vulnerability and devising new methods to protect against attacks from hackers and outsmart criminals is a full-time job.

One of the reasons that cyber attackers target schools is that the networks are easy to crack. In fact, school districts often set up wireless systems to make connecting easy for students. Unfortunately, it also makes it easy for those with bad intentions. With free Wi-Fi in school buildings and students glued to their devices, t在这里 are thousands of opportunities for hackers to gain access to school networks.

和, 如果蓄意的恶意攻击不足以应对, what about the unwitting student who finds a USB drive left on a desk in the school library and plugs it into a computer unleashing a virus that takes down the school’s network. These are the realities faced by network administrators every single day.

应对安全挑战

你从哪里开始呢? 首先要制定整个机构的安全策略. Most institutions have adopted the best practice advice of ‘defense in depth’ – meaning that t在这里 are multiple security layers which persons of ill intent would have to thwart.  In the era of GDPR, defense in depth has been expanded to mean securing both data and devices. It’s no longer about just setting up a firewall to protect a campus from exterior threats at the network perimeter and between servers. It’s about having a multi-layered strategy that protects the network from within by creating policies and procedures at the user, 设备层和应用层.

物联网 containment is one example w在这里 you can create virtual and segregated environments. These environments are known as ‘containers’, and exist within a single converged network. With 物联网 containment, specific connected devices can be isolated and managed using a set of policies. 该策略允许您将一组公共设备组合在一起, 只有一组定义的用户和服务器可以进行交互.

One example of this strategy would be in a college campus environment w在这里 only authorized security 工作人员 could access the IP security cameras. The cameras would be grouped in a ‘container’ and only able to communicate with the application that controls them. Defining a specific set of cameras in the group to only transmit video data would protect them, 并防止他们发送意外数据, 以防摄像头受损. 策略管理可以让IT人员看到完整的网络, which gives them the power to restrict or limit the privileges of devices and users to prevent deployment of unauthorized devices. 你可能还记得 2016 DDoS攻击 on the DNS provider DYN – if the compromised 物联网 devices had been containerized, 袭击就不会发生了. 大家可以想象, this containment strategy is quickly being adopted to ensure a cybersecure network.

你准备好了吗??

So what happened when the student plugged that wayward USB into the library computer? 嗯，这取决于网络设备. Some network devices can automatically detect known threats and isolate or quarantine them.  即使你的设备没有这些功能, 纵深防御, 最终你的IPS, id, NMS or Firewall will detect the anomalous traffic and alert you.

The reality is that students are going to continue to bring their devices and the campus network is going to continue to increase the number of 设备和东西 that need to be managed. 好消息是, a solid security strategy that creates policies and procedures at the user, the device and the application layers are ready to take on today’s security challenges.

Learn more about how the education sector is digitally transforming to ensure a secure environment for students, 工作人员, 设备和东西. 访问:http://www。.7858a.com/en/company/news/ale-expands-its-mobile-campus-solution