Protect your school against APTs

Back in the 1990s, as IT systems were making serious inroads into education, business, healthcare and industries, the security landscape was simple. IT professionals primarily had to guard their organisations against two kinds of threats:

• Scattershot probes looking for completely unsecured systems.
• Hit-and-run attacks by hackers who’d move onto an easier target if they hit a serious security layer.

Today, things are different. Cyber criminals are organised, determined and often highly skilled. They can employ a wide (and ever-expanding) variety of attack types and formats, and when attacking an organisation they don’t always just make one attempt, then leave if unsuccessful. Instead, they keep on attacking, probing weaknesses and learning about the target’s systems until they succeed.

These attacks have a name – advanced persistent threats (APTs) – and they’re highly likely to succeed if the target organisation’s IT team hasn’t:

• Built an infrastructure that resists the threats.
• Backed it up with staff training to help resist social engineering attacks.

Security in depth is the answer. This is the idea that you deploy multiple layers of protection, so an attacker can’t mount a successful attack based on defeating just one type of system.

The final layer of protection assumes all the other layers have failed and that an attacker is inside your network. It’s the layer of last resort that will give you a chance to correct serious issues.

Install a firewall first

Even though many attacks bypass firewalls entirely, a good firewall will screen out ‘background noise’, which may be thousands of probes and attacks each day, so that the security team and deeper security appliances can deal with more serious threats.

Then add intrusion detection

The next layer usually comes in the form of an intrusion detection system, or IDS. This detects threats at a different level of the network stack than the firewall uses. If it detects an intrusion attempt it will immediately alert IT staff. It can also alert other security appliances, so they can be shut down immediately.

Filters and packet inspection deepen your defences

Filters and packet inspectors come next, adding the ability to identify addresses, traffic types, and specific contents (like numbers in the pattern of a credit card number). Working together, they aim to identify suspect information and make sure it doesn’t enter the network (or, in the case of data theft, to make sure it doesn’t leave).

Your last line of defence: intrusion prevention

Finally comes the intrusion prevention system (IPS). An IPS has two key differences from and IDS:

• The IPS can act against forbidden traffic on its own, without relying on another appliance.
• The IPS can also examine traffic within the network.
• The IPS, then, is the security layer that comes into play when everything else has failed.

The threat of attack is real. Criminals want students’ personal information and financial records as well as research data that can be confidential and highly valuable. They may also want to use university resources to host illicit and illegal files. Build security in depth, and you’ll make sure that no attack gets all the way through your defenses. And if someone does succeed with an intrusion, you want to be confident it’ll be detected and shut down before any serious harm is done.