Information Security Boot Camp: Survival Techniques for Teaching Teachers and Students Information Security Basics Melissa Dark K-12 Outreach Coordinator CERIAS, Purdue University

Introductions  Name  Home  School Position  First or Favorite Technology Use  What do you hope to get out of this workshop?

If you don’t know where you’re going…. You’ll probably end up somewhere else. ---Yogi Berra

North Star Activity  Are we preparing kids for yesterday, today, or tomorrow?  Do our schools currently focus upon the skills of the past---or the skills of the future?

What is Information Security?  Refers to the protection of Data, Programs, and Information stored on disks, networks, hard drives, etc.  Includes the issues of: –Privacy –Ethics –Loss Prevention

How do You Protect Your Home ? Brainstorming Activity…..

ANALOGY: Information Security is very similar to the physical security of your home.

How do You Protect Your Computer ? Brainstorming Activity…..

IASEP Video  Joint Project Purdue’s School of Education and CERIAS  Video is shown nationwide  Provides a quick overview of the security concerns that teachers face.

Information Security: The Basics  Physical Issues  Software Practices  Password Protection  Encryption  Protocol  Integrating the Internet Safely  Privacy Primer for Educators

Software Security

The Case of the Snappy Screen Saver Download and install a screensaver. Computer stops working afterwards. The Case of Surfing the Net Download “free” software from the Web. Later named in a law suit for distributing student data.

Software Security : (Viruses, Trojans, Unwanted Access)  Only install necessary and trusted software.  Beware of *free* games, screen savers, and graphics.  Run and UPDATE anti-virus software!!  Keep a hard copy of the copyright release for all “free” products!

 1988: Less than 10 known viruses  1990: New virus found every day  1993: new viruses per week  1999: 45,000 viruses and variants Source: McAfee

Pikachu Virus: A K-12 Nightmare

This dialog box appears after the PIKACHUPOKEMON.EXE file has been activated. Worm: Accesses Outlook Address Book Embeds code to delete Windows and Windows Subfolders upon Restart. +: Does ask for permission to delete files with a “Y” command.

Viruses, Malicious Code, & Other Nasty Stuff

Examples of Nasty Stuff:  Viruses  Trojan Horses  Worms  Logic Bomb  Trapdoors

 Restrict Incoming and Outgoing Information  Provides you with control over your system.  Physical Firewalls v. Software-based Firewalls  Zone Alarm: –FREE –VERY Effective –Easy to Use –Blocks Incoming/Outgoing Firewalls:

Valuable Resources:

Physical Security

The Case of No Backups Hard Drive Replaced...erased all of your data. No Back-ups are available. The Case of the Stolen Laptop Laptop is stolen. No Backups are available. Unprotected confidential information.

Physical Security Practices (File Management, Lost Information, Lost Equipment)  Try not to advertise secure spots.  Minimize external access: –Maintain appropriate locks –Additional security features if necessary  Keep a “safe” climate –Fix the temp. between 50-80F

Physical cont’d…  Protect cables, wires, etc. from feet!  Lock laptops when not in use.  Use a log in for general Windows use.  Keep drinks and food away from equipment!

Physical Security cont’d….  MAKE BACK-Ups!!!!!!! –Store on a separate disk! –Keep the disk in a separate location! –Keep a hard copy of critical information. –Pay attention to where you are saving documents. –Clearly label disks and files. –Keep all magnets away from equipment.

Encryption

The Case of the Sniffer grades/files between school-home. Parent notifies that they have been denied insurance. The Case of Prying Eyes Support staff gains access to student data by using your POSTED password.

Encryption (Protecting sensitive information)  Encoding information –Secret Code Ring –Cryptoquip –Pig Latin  *Most* common applications offer password protection.  Confidential (not critical)---USE ENCRYPTION!!!!  NEVER send HIGHLY SENSITIVE information through . ( should *never* be considered secure!)

Encryption Practice

PGP: Pretty Good Privacy (approx. $20 per unit) Requires use of Public Keys Sample PGP encrypted

Without the proper keys... the message is unreadable.

Sample Encrypted Document:

Key Component to Encryption:

Password Protection 1. Do not post or store your password near your computer. 2. Require passwords to be at least 8 characters long. 3. Use non-alpha characters and capital letters. Boiler*makeR KaTis15 Ge+>Smar+ 4. Do not use easy to guess selections. password computer hello love

Passwords Continued… 5. Use non-personal selections. Avoid: name, spouse’s name, kids, ss# 6. Maintain zero tolerance for password sharing. 7. Warn users not to type their passwords when someone is watching. 8. Urge users to change passwords. (2-3 weeks!) 9. Always remember to log out! 10. Constantly reinforce the importance of password security.

Password Practice Write a “smart” password for the following fictional teacher. Be sure to follow all of the recommendations! Samuel W. Miller Greentown High School Social Studies Teacher Harvard Graduate Likes to play golf Has four children 1 wife named Betty Enjoys woodworking

BREAK!!!!!

Basics  is similar to a postcard.  is *not* secure—nor is it private.  Encryption is the only way to help in preventing others from reading your .

Security Fundamentals Question Unsolicited Documents. Use attachments only when necessary. Question ALL executable programs received via . Notify the sender of infected s! Pay attention to file extensions...

Common File Extensions Great Resource: ExtensionType.html.htmWebpage.docWord Document.gif.jpgGraphic.exeProgram—self extracting (*caution!)

Make sure that this box is *not* checked. Finding File Extensions in Windows-based machines: 1.Click on START. 2.Select SETTINGS 3.Select CONTROL PANEL 4.Select FOLDER OPTIONS 5.Select VIEW

SPAM  Internet “Junk” Mail  Unsolicited —usually sent to many people  According to the Gartner Group, a research firm, about 90% of users receive spam.

The Pros and Cons of Spam A Brainstorming Activity….

Why Should I be Concerned about Spam?  Costs Money. –Recipient of the advertisement pays for the connection time, disk space, bandwidth, etc.  Lost Productivity. –Time, Time, Time  Clogged . –May be prevent receipt of important messages.  Discourages Internet Use. –May discourage others from seeing the benefits of the WWW.

Types of Spam  Chain Letters: –A message that urges readers to pass the letter on in order to receive a reward.  Hoaxes: –Chain letter that is based upon a fictitious scenario or circumstance.  Urban Legends: – messages providing “safety” messages or warnings.

Resources to Find the Truth About Spam:     

Ways to Reduce Your Daily Intake of Spam  Use a “dummy” account for online promotions, games, etc.  Request that your information be removed from Internet “white pages”.  Be sure to HIDE your information when joining a listserv or mailing list.  Cut and Paste funny stories, poems, etc. –Encourage others to do the same!

Acceptable Use Policies Link to the CERIAS AUP website.

Develop Classroom Technology Guidelines  Supplement to overall AUPs  Details expectations of the students  Opens dialogue on infosec issues  Protects the teacher---responsibility is placed upon the choices made by students

Reducing “RISK” of Internet Use  Guide students on the Internet---keep them on track and task orientated.  ALWAYS supervise students using the WWW!  Remember that a filter cannot be 100% secure  Beware of “FREEBIE” offers!  Never open attachments that you do not expect OR that are from someone you do not know!  Update your anti-virus software frequently!

Recommended Search Engines-- -for teachers or secondary students  Google  Yahoo  Lycos  AltaVista  Dogpile (meta search engine)

Kid-Friendly Search Engines  Yahooligans  KidsClick  Ask Jeeves for Kids  Awesome Library  Supersnooper  Searchopolis All available CERIAS’ K-12 Site!

Practice: Regular Search Engine v. Kid-Friendly Search Engine  Keyword: MERMAIDS  Try it in: Lycos or Google – –  And then, in Yahooligans: –

General Searching Tips for Teachers:  Think about ALL of the different words to describe your topic. (ex. Technology Resource Center)  Use as many keywords as possible.  Watch for mispelled words!  If you are unsuccessful with one search engine, try using a metasearch engine.  Become familiar with one search engine--- and read its list of suggestions!

Why Should I Use Scavenger Hunts?  Excellent technique to guide students on the Internet.  Increases student time on task.  Lessons can be used repeatedly with a small amount of modification.  Provides students with an opportunity to increase their technical skills.  Increased student motivation!

How Can Scavenger Hunts be Used?  Individual Assignment  Small Group Activity  Whole Class Activity  Enrichment Activities

Important Elements to Include:  Introduction  Specific Task (written or verbal)  Clearly Defined Steps  Set of Information Source (WWW or other)  Evaluation  Conclusion (remind them what they’ve learned!)

Level 1 Sample:  Using this site:  Answer the following question: Legend has it that Henry VIII wrote the song Greensleeves for whom?

Level 2 Sample: Find the answers to the following question by accessing the websites listed below: What is the motto of the National Wildlife Federation?

Level 3 Sample: Find the answer to the following question. Be sure to include the answer and the URL of the website where you found the answer: Where did Neil Armstrong earn his Bachelor's Degree?

Privacy Primer

What is Privacy?  Privacy refers to “the ability to control the degree to which people and institutions impinge upon one’s life” (Hildreth & Hoyt, 1981)  Also, privacy refers to “the right claimed by an individual to control the disclosure of personal information about themselves” (Adams, 2000)

Privacy Concerns...  Privacy issues out ranked world war, terrorism, global warning, economic depression, racial tensions, guns, and overpopulation as the main concern for Americans as they entered the 21 st century. (Adams, 2000)

Online Methods of Collecting Personal Information:  Direct Data Collection: online users voluntarily complete surveys or information requests in exchange for a benefit.  Indirect Data Collection: Web site owners obtain information by depositing “cookies” onto your hard drive. These cookies are small files that could include any of the following: name of your ISP, the “specs” of your machine, passwords, past online purchases, last site visited, areas viewed on current site, etc.

Online Privacy Rights:  Notice: consumers have the right to be notified that data are being collected, how the data will be used, and to whom it will be disclosed.  Choice: consumers should be able to limit the use of information beyond what is needed to complete the transaction  Access: consumers should have a timely and inexpensive way to view data gathered about them and contest its accuracy  Security: organizations that gather data from consumers must reasonably ensure that the information they keep is secure against loss of unauthorized use  Enforcement: effective enforcement against privacy violators is critical to the protection of personal information

Privacy Legislation for Educators  FERPA: –Family Educational Rights and Privacy Act (1974) requires that educators demeonstrate “due diligence” in protecting student data, information, records, and other sensitive information. –Teachers can be personally held liable for failing to maintain the integrity of such data.

Legislation continued...  COPPA: –Children’s Online Privacy Protection Act (1998) requires that commercial Web sites targeted at children under the age of 13 must follow a detailed series of procedures (including obtaining parental permission and review) prior to gathering data. –In a school setting, teacher may grant such permission for educational purposes.

Practical Privacy Techniques for Teachers: 1. Practice Proper Information Security Techniques 1. Awareness 2. Download Precautions 3. Close the Cookie Jar 4. Read Privacy Statements 5. Set up a Second Online Account

Collection of Children’s Information  1999 Survey: 16 million children ---14% of US citizens under the age of 18 regularly use the Internet. (1999)  Study conducted by Cai and Gantz (2000) indicated that the majority of Web sites targeted at children collect personal information from their under-age users.  Children also readily provide personal data in return for a “great prize” (Carlson, 2000)

Dissemination of Privacy Practices to Students:  Fundamentals of protecting privacy is a “new” skill that schools should address (Willard, 2000)  Privacy issues need to be embedded within the curriculum as readily as technical skills (FTC, 2001)  Short lessons and natural teaching moments work well for identifying the topic.  Teachers must serve as a role model for privacy protection practices.

Need for Additional Research:  Few studies have been conducted to determine the current status quo of privacy protection within the K-12 environment.  Institutions of educational research should readily explore the issues surrounding technology integration as well as its effectiveness in the schools.

Privacy Conclusion:  As technology is introduced into schools, it is critical to combine the technical skills with the soft (ethical) skills surrounding the media.  Attention needs to given to both teachers and students upon this topic.  Teachers must practice privacy techniques daily---to protect the information and serve as a positive role model.

Applying this workshop to YOUR world... Working in groups... Identify at least 5 ideas, concepts, or activities that you will be able apply to your school environment.

Methods of Professional Development  Share creative methods of motivating teachers.  How do you fit professional development into an already busy school day?  What are some critical elements involved with professional development?

Questions???