5 Ways to Incorporate an Extra Layer of Network Security

Security vulnerabilities sometimes occur unexpectedly. University researchers from England and Sweden have designed a malware variant that can exploit a smartphone’s microphone to steal device passwords and codes. In 2019, 60% of businesses in the US, UK, France and Germany experienced a printer-related data breach. Even low-tech fax machines have security vulnerabilities that could allow a hacker to steal data through a company’s network.

These are just a few security vulnerabilities, but they should be enough to keep any K-12 school network administrator awake. Getting regular third-party security audits will help you sleep better. Using the following ideas to strengthen your security will also help:

Click on the banner below for personalized content and exclusive information when you register as an insider.

Check expired security certificates

Most organizations need SSL certificates to maintain the confidentiality of information on their websites and prevent unauthorized access. The IT department usually configures these certificates when first deploying a website.

Unfortunately, security failures can occur when security certificates are allowed to expire. It is the IT staff’s responsibility to ensure that all certificates are up to date, so be sure to include an annual certificate review in IT policies and procedures.

TO EXPLORE: Take the quiz to assess your district’s cybersecurity readiness.

Implement SSL/TLS protocols and keys

Transport layer security is a robust successor to SSL. Both security protocols encrypt data transfers between servers and devices. They also help authenticate user access.

SSL/TLS works with security certificates, but it is up to IT staff to configure SSL/TLS public and private data encryption and access keys for each server, network resource, and user so that only certain users (each with a private access key) can access network resources (which have public keys, because multiple people will use them).

Avoid storing LAN Manager hashes

On Windows machines, some organizations still use Microsoft LAN Manager hashing algorithms to convert user passwords to two Data Encryption Standard keys for security purposes. These keys are then stored in Windows.

Unfortunately, LM hash protection is vulnerable to quick brute force attacks. You can guard against this by disabling storage of LM hashes in Windows.

LEARN MORE ABOUT EDTECH: Protect your district from credential stuffing with these password tips.

Consider using server message block signing

Man-in-the-middle attacks occur when a bad actor inserts himself into the middle of a data transfer and pretends to be a legitimate participant so he can intercept valuable information.

If you are a Windows store, you can reduce the risk of MITM by implementing the Server Message Block protocol on Windows domain servers. SMB affects digital signing at the packet level of communication protocols, making it more difficult for MITM attacks to break through.

Perform regular third-party security audits

Computer security audits used to be a luxury. Now they should be an IT budget staple. You can never know enough about security or the next generation of risk, but security experts can help you stay informed and prepared.

Kevin M. Risinger