Logical+Security-Physical+Security

It is essential for school divisions to secure all facilities that maintain critical assets. Technology equipment requires two types of security: physical and logical. Physical security prevents and provides access to actual equipment. Logical access prevents and provides access to information stored on a network.

Technology-based asset management can supply the practices and procedures by which physical technology components (hardware, software, and related items) are managed and tracked. Issues such as location, ownership, usage, configuration, maintenance, and disposal may be managed electronically through appropriate software or outsourcing. One such solution is radio-frequency identification (RFID), which relies on data storage devices, called //transponders//, to transmit identifying information remotely. The device is attached to or incorporated into a product; the signal is read with radio waves.

School divisions should consider incorporating both physical and logical security into one technology-based asset management package. Both security types can be integrated through a dual-authentication system, which merges physical access technologies with identity management and user authentication technologies. This system grants users logical access to a network and applications after passing physical access. Both security types also require outlays for new access-control systems and recurring budgets for end-user training. Physical access technologies increasingly depend on TCP/IP networks, servers, and digital storage mediums—resources that previously have been the domain of information technology. These technological shifts, along with budget constraints, make convergence of these systems a consideration.

Schools should understand how their information infrastructures can be threatened. Develop a security architecture that defends against malicious attacks, is highly adaptable, and provides a protection level that matches the value of the information assets being protected. The architecture also should identify the basic services needed to address security in both current and future electronic environments and the various technologies available to implement the desired services. The following are some of the primary security categories and the supporting technologies required to protect a school’s information infrastructure: · Network-penetration testing uses tools and processes to scan a network for vulnerabilities. Performing penetration tests regularly helps uncover network security weaknesses that make data or equipment vulnerable to Trojan horses, denial-of-service attacks, or other intrusions. · Monitoring and filtering tools verify and monitor any networked device and send immediate alerts via audible alarm, message, e-mail, or third-party software when a connection fails. · Intrusion-detection software completes tasks such as file-integrity checking. It is difficult to infiltrate a system without altering a system file. A file-integrity checker computes a checksum for every guarded file and stores this information. At a later time, the new checksum can be computed again and tested against the stored value to determine if the file has been modified. · Backup and recovery tools schedule ongoing backups of critical files. Regular backups are vital because it is impossible to guarantee the safety of any data that exists in only one place. · Virus protection software tools should not only scan and detect existing viruses, they should also protect against additional infection and provide the options to clean, replace, or remove infected files. Utilities can repair boot sectors that have become infected by viruses; this is particularly important when the viruses cannot be removed by reformatting the hard disk.
 * Identification—the process of distinguishing one user from all others; technology components include user IDs and biometrics
 * Authentication—the process of verifying the identity of the user; technology components include encryption, secure sockets layer (SSL), public key infrastructure (PKI), certificates, and digital signatures
 * Authorization and Access Control—the means of establishing and enforcing rights and privileges allowed to users; technology components include encryption, security protocols, firewalls, virtual private networks (VPN), and directory-based authentication and authorization
 * Administration—the functions required to establish, manage, and maintain security; technology components include domains, zones, registration authorities, key recovery, and key escrow
 * Audit—the process of reviewing system activities, enabling the reconstruction and examination of events to determine if proper procedures have been followed; technology components include vulnerability tools, monitoring and filtering tools, intrusion-detection software, backup and recovery tools, and virus protection software

When implementing new technology components or new configurations of existing components (e.g., firewalls, content filters, monitoring tools, virus protection, etc.), it is necessary to ensure compatibility with online SOL testing software prior to administering SOL tests. Minor changes to network or workstation software and hardware can have significant impact on the ability to successfully administer online SOL tests. Network and workstation tests for compatibility and connectivity are highly encouraged prior to administering online SOL tests in order to avoid any unintended consequences that could impact student SOL testing. Current recommended configurations and guidelines for hardware and software are provided in the Virginia Online Testing Technical Guidelines at __ http://www.doe.virginia.gov/VDOE/Assessment/Online/ __. These guidelines should be reviewed prior to each online SOL test administration (fall, spring, and summer test administrations) and when change in network environment or desktop environment is being considered and evaluated.