Cyber Security for the Digital District CoSN Newsletter, Summer 2006

Welcome to the Summer 2006 edition of the Cyber Security for the Digital District newsletter. We hope this information is helpful to you and we welcome your suggestions for future editions. Contact project director Linda Sharp at linda@cosn.org with comments or questions.

Tools Available

Maintaining a school's cyber security requires staying informed about the rapidly changing on-line environment. It is a shared responsibility of policymakers, technology leaders, users, and the community. CoSN has developed a set of tools, strategies and guidance that will assist your district as you identify security needs, risks and processes.

Tools to help school technology leaders analyze their network's current security status in comparison to other districts and against industry best practices, validating what they are doing well and giving them insight into how risk can be further reduced.

Strategies for developing and implementing a cost-effective action plan to strengthen security and handle crises.

Guidance for communicating the importance of security to the school community.

We encourage you to access these tools to help you learn to ask the right questions, analyze your district needs and communicate the information to leaders, teachers and community.

Share Your Story

We would like to hear from you. Please tell us about your successes, struggles, and needs relating to dealing with people, policies, or technology.
The June 2006 issue of ASBO's School Business Affairs magazine includes an article, Cyber Security in a Digital District, written by Robert Hamel, assistant to superintendent of Springfield Public Schools in Massachusetts and Linda Sharp, project director of CoSN's Cyber Security for the Digital District. The article, which covers basic understanding and procedures to consider when addressing security for digital information, would be a good way to start the discussion with business leaders in your district.

In the News

Microsoft issued a warning on August 10 about a new bug that affects all currently supported versions of Windows, can be exploited without end users needing to do anything, and according to some security watchers, rivals the bug that led to 2003's destructive MSBlast attack. The Windows 2000, XP, and Server 2003 patches for the MS06-040 Server service flaw can be obtained via Microsoft and Windows Update services, or directly from www.microsoft.com/technet/security/Bulletin/MS06-040.mspx. Additionally, eEye Digital Security has posted a free-of-charge tool that scans networks and Windows systems to identify those at risk. The tool can be downloaded at www.techweb.com/wire/security/191901534.

Apple Computer issued updates for its Mac OS X system to fix 26 security flaws. Several of the vulnerabilities effect the way in which Mac OS X handles images and file-sharing. These vulnerabilities could enable a variety of attacks. Apple released Security Update 2006-004 to address these issues. The update is available from Software Update pane in System Preferences on Mac OS X systems or through the Apple Web site.

Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks. Attackers could insert malicious JavaScript in content that is transferred to subscribers of data feeds. The problem doesn't only affect blogs, but RSS feed could potentially be used to transmit malicious content to a subscriber. Some vulnerable readers are Blogliness, RSS Reader, RSS Owl, Feed Demon and Sharp Reader. It is suggested that people switch to a nonvulnerable reader.

The Myth About IT Security, Security Is the CIO's Responsibility, in the May/June 2006 issue of Educause, written by Diana Oblinger and Brian Hawkins, would be valuable for those in charge of district security including CIOs, CTOs, and District Technology Advisors. It provides information about current security issues and strategic suggestions for addressing them.

Social Networking Sites

Although CoSN's Cyber Security for the Digital District project primarily focuses on district network security, we feel that issues impacting students and social networking are critical for educators to understand. Therefore, we will soon be adding a area to the Cyber Security web site that focuses on the news, issues, suggestions and available tools for schools as they deal with students and social networking.

The National Cyber Security Alliance, in conjunction with i-Safe Inc., has produced the Cyber Security Assembly In-a-Box Toolkit. This toolkit provides educators with a plug-in play solution for presenting cyber security awareness messages and tips to students in middle and high schools. The material is delivered in a way that is entertaining for students and easy to understand. The toolkit consists of a DVD, instructions for the assembly and an assembly script that can be delivered in a classroom, library or assembly setting. The materials are available at www.staysafeonline.org/basics/assemblyinabox.html.

On July 26, the House passed the Deleting Online Predators Act (DOPA). The bill, HR5319, would require schools and libraries that receive E-Rate funding for communications services to ban youngsters from accessing commercial social networking Web sites and chat rooms. This could have major implications for schools and libraries. Most educational organizations have written to Congress in opposition to the bill on the grounds that it would not substantially improve the safety of students, would place an added and unnecessary burden on schools, would usurp the authority of local school districts to determine what content should flow into classrooms, and does not address the real issue of educating children about the dangers of the Internet and how to use it responsibly and wisely. Please stay abreast of this issue as it impacts all schools that accept E-Rate funding.

MySpace gains top ranking of US Web sites. Internet tracking firm Hitwise said that MySpace.com ranked as the No. 1 U.S. Web site, accounting for 4.46 percent of all US Internet visits for the week ending July 8. MySpace captured nearly 80 percent of visits to online social networking sites, up from 76 percent in April. A distant second was FaceBook at 7.6 percent. MySpace has nearly 90 million registered users worldwide, with 250,000 new users signing up every week.