Pandemic Could Make Schools Bigger Targets of ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

tdsan,
User Rank: Ninja
6/12/2020 | 9:50:06 AM

Re: Interesting post

Our students often made attacks on servers with grades and personal data...This factor should be legitimate and free. This is the right way to identify malicious attacks - lafnian1990,

I was not sure if you saw that, but I reiterated that we need to strike a balance between the kids and the admin staff to work together to address some of the issues found on the network, not just malicious attacks, but attacks that were found open from untrained staffe members who place IOT devices on the network and don't provide a "secured template" (this is from an admin perspective).

The kids on the other hand (who have been identified as being talented) need to be put in a sandbox (once they have been identified) so they can hack away, I do think learning comes from various sources but I don't think the kids need to be the only source of knowledge when it comes to malicious attacks, there needs to be an oversight group (remote monitoring), proper training, develop a sandbox for testing, educate the students about white-hat processes (provide them with proper guidance), follow system hardening practices (DISA Stigs) and work collaboratively together to identify potential holes.

Now this is the way as a group we need to mitigate attacks from various educational sectors, not just one source but a collective source of thought and guidance.

The Hacker School Experience | WIRED

Reply | Post Message | Messages List | Start a Board

50%

tdsan,
User Rank: Ninja
4/16/2020 | 2:01:13 PM

Interesting post

I think with the schools, it is the administrative staff that does not put emphasis (money) into the schools IT, education and training. They are more concerned with the bottom-line as opposed to external threats.

For example, a number of applications that I identified still had the admin user name and password, no one took the time to change it and there are a number of applications and devices that are still set to default settings, they just take it out fo the box, configure it for the network and attach it for kids to use.

Ransomware Hit Over 1,000 U.S. Schools in 2019

Ransomware Hit Over 1,000 U.S. Schools in 2019

In addition, the kids who are in the schools have been causing some of the attacks because they have found holes or vulnerabilities where they continue to exploit and use for their own purposes.

What needs to happen is that for every device that enters into the school, there needs to be a preconfigured template they use (planning will play a big part) and then deploy the solution without intervention from the admin IT staff (that is usually one person who has been appointed to do the job), provide adequate training to people who have done this before and look into other applications other than Windows (someone said that if the schools would create a team of well trained students to help with the Ransomeware issue, they could help the admin staff - a type of project - address the IT needs, empowering the school and the kids as well).

Todd

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

Webinars

Securing and Monitoring Networks in the 'New Normal'

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches

ROI and Beyond for the Cloud

Webinar Archives

White Papers

Improving Your Enterprise's Protection With Cyber Resilience

Eliminate East-West Traffic Hair-Pinning

MPLS, SD-WAN and SASE

The Network for Whatever's Next; A CxO Guide

Two-Factor Evaluation Guide

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Your password expired and you have been locked out of your machine. Give me your new 2FA code to continue.

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-12512
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

CVE-2020-12513
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

CVE-2020-12514
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

CVE-2020-12525
PUBLISHED: 2021-01-22

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVE-2020-12511
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]