Botnets are robot networks, or better yet, Internet computers associated with malicious behavior and cyber crime. This zombie army can penetrate and evade firewall and anti-virus protections. They can keep K-12 district technology directors up at night—worrying. They are also the reason IT managers, and educators pushing the technology envelope, lock horns. Understanding Bots can be beneficial for both sides. While combating botnets needs to be a controlled and unified effort, working within a safe system can happen for creative Web 2.0 teachers.
Bots are scary because they are designed to leave networks and computers running seamlessly, by all outward appearances, while they tap data—sending it out to their "bot masters". The IT professional's goal in combating botnets and securing information is to minimize the chance of network penetration and, if an attack occurs, to isolate the threat and eliminate it. While districts may think they have protection in place, some may not have coordinated or organized that defense. Defense is really an individual solution for each school or district—and not cookie cutter.
A note from CDW-G this week had me thinking about some things to consider. So, here are a few bot plans for districts that aren’t all geek.
Install a Windows Firewall. A Windows firewall can block many network-based misuse, especially in K-12 environments, which tend to have huge populations of workstations in labs.
Disable AutoRun. The AutoRun feature, which automatically installs software, can be a problem if a foreign source wants to launch and cause havoc.
Password Trusts. Disabling computers from automatically connecting to each other closes the path that botnets take to spread through the internal network. That means district tech admins control local passwords tightly. While this is good for protecting the network, it can frustrate educators who want more freedom to teach in a 2.0 way.
Network Compartmentalization. If workstations do not need to communicate with each other across departments, IT managers can establish private virtual local area networks (VLANs), or access control lists (ACLs) between subnetworks to limit exposure. Schools already do this if they separate the administrator from the student network. Today, while this works great for data, educators who want to use video and voice options may have difficulty. IT managers will hear about it.
Provide Least Privilege. This is one that made me crazy as an educator trying to push the tech envelope. It always slowed me down getting district tech personnel to do things I could do easily, but from a district technology guarding position, when users are not administrators of their own workstations, it is much harder for malware to affect a system.
Filter Data Leaving the Network. Botnets establish communication with one or more remote servers that hackers use to retrieve private information. For K-12 implementation of outbound access control lists (ACLs) on the firewall should work.
Use a Proxy Server. While it is impractical to block all potentially hostile outbound traffic, forcing outbound traffic through a proxy server will give organizations a secondary point for monitoring and controlling Web access.
By spotting infections early, system administrators can act before the infection spreads too far.
Monitor DNS Queries. The way that a workstation responds to domain name system (DNS) queries is often an early warning sign that the workstation may be infected.