Information Security Boot Camp:
Survival Techniques for Teaching
Teachers and Students Information
Security Basics
Melissa Dark
K-12 Outreach Coordinator
CERIAS, Purdue University
http://www.cerias.purdue.edu/education/K-12
dark@cerias.purdue.edu
Introductions
Name
 Home
 School Position
 First or Favorite Technology Use
 What do you hope to get out of this
workshop?

If you don’t know
where you’re
going….
You’ll probably end
up somewhere else.
---Yogi Berra
North Star Activity

Are we preparing kids for yesterday,
today, or tomorrow?

Do our schools currently focus upon
the skills of the past---or the skills of
the future?
What is Information Security?


Refers to the protection of Data,
Programs, and Information stored on
disks, networks, hard drives, etc.
Includes the issues of:
– Privacy
– Ethics
– Loss Prevention
How do You Protect
Your Home?
Brainstorming Activity…..
ANALOGY:
Information Security is
very similar to the
physical security
of your home.
How do You Protect
Your Computer?
Brainstorming Activity…..
IASEP Video
Joint Project Purdue’s School of
Education and CERIAS
 Video is shown nationwide
 Provides a quick overview of the
security concerns that teachers face.

Information Security:
The Basics







Physical Issues
Software Practices
Password Protection
Encryption
E-mail Protocol
Integrating the Internet Safely
Privacy Primer for Educators
Software Security
The Case of the Snappy
Screen Saver
Download and install a screensaver.
Computer stops working afterwards.
The Case of Surfing the Net
Download “free” software from the Web.
Later named in a law suit for distributing
student data.
Software Security:
(Viruses, Trojans, Unwanted Access)

Only install necessary and trusted software.

Beware of *free* games, screen savers, and
graphics.

Run and UPDATE anti-virus software!!

Keep a hard copy of the copyright release
for all “free” products!
Virus Growth
60000
50000
40000
30000
20000
10000
0
1988




1988:
1990:
1993:
1999:
1990
Less than 10 known viruses
New virus found every day
10-30 new viruses per week
45,000 viruses and variants
Source: McAfee
1993
1999
Pikachu Virus: A K-12 Nightmare
This dialog box appears
after the
PIKACHUPOKEMON.EXE
file has been activated.
Worm:
• Accesses Outlook Address Book
• Embeds code to delete Windows
and Windows Subfolders upon
Restart.
•
+:
Does ask for permission to
delete files with a “Y” command.
Viruses, Malicious Code,
& Other Nasty Stuff
Examples of
Nasty Stuff:
Viruses
 Trojan Horses
 Worms
 Logic Bomb
 Trapdoors

Firewalls:




Restrict Incoming and Outgoing Information
Provides you with control over your system.
Physical Firewalls v. Software-based
Firewalls
Zone Alarm: http://www.zonealarm.com
–
–
–
–
FREE
VERY Effective
Easy to Use
Blocks Incoming/Outgoing
Valuable Resources:
http://www.zonealarm.com
http://www.urbanlegends.com
http://www.vil.mcaffee.com
http://www.cerias.purdue.edu/K-12
Physical Security
The Case of No Backups
Hard Drive Replaced...erased all of your
data. No Back-ups are available.
The Case of the Stolen Laptop
Laptop is stolen.
No Backups are available.
Unprotected confidential information.
Physical Security Practices
(File Management, Lost Information, Lost Equipment)
Try not to advertise secure spots.
 Minimize external access:

– Maintain appropriate locks
– Additional security features if necessary

Keep a “safe” climate
– Fix the temp. between 50-80F
Physical cont’d…

Protect cables, wires, etc. from feet!

Lock laptops when not in use.

Use a log in for general Windows use.

Keep drinks and food away from
equipment!
Physical Security cont’d….

MAKE BACK-Ups!!!!!!!
– Store on a separate disk!
– Keep the disk in a separate location!
– Keep a hard copy of critical information.
– Pay attention to where you are saving documents.
– Clearly label disks and files.
– Keep all magnets away from equipment.
Encryption
The Case of the Sniffer
Email grades/files between school-home.
Parent notifies that they have been denied
insurance.
The Case of Prying Eyes
Support staff gains access to student
data by using your POSTED password.
Encryption
(Protecting sensitive information)

Encoding information
– Secret Code Ring
– Cryptoquip
– Pig Latin

*Most* common applications offer password
protection.

Confidential (not critical)---USE ENCRYPTION!!!!

NEVER send HIGHLY SENSITIVE information
through email. (email should *never* be
considered secure!)
Encryption Practice
PGP: Pretty Good Privacy
(approx. $20 per unit)
Requires use of Public Keys
Sample PGP encrypted email:
Without the
proper keys...
the message is
unreadable.
Sample Encrypted Document:
Key Component to Encryption:
Password Protection
1.
Do not post or store your password near your
computer.
2.
Require passwords to be at least 8 characters
long.
3.
Use non-alpha characters and capital letters.
Boiler*makeR
4.
Iam@1016
KaTis15
Ge+>Smar+
Do not use easy to guess selections.
password
123456
computer hello
love
Passwords Continued…
5.
Use non-personal selections.
Avoid: name, spouse’s name, kids, ss#
6.
Maintain zero tolerance for password sharing.
7.
Warn users not to type their passwords when
someone is watching.
8.
Urge users to change passwords. (2-3 weeks!)
9.
Always remember to log out!
Constantly reinforce the importance of password
security.
10.
Password Practice
Write a “smart” password for the following
fictional teacher.
Be sure to follow all of the recommendations!
Samuel W. Miller
Greentown High School
Social Studies Teacher
Harvard Graduate
Likes to play golf
Has four children
1 wife named Betty
Enjoys woodworking
BREAK!!!!!
E-mail Basics
E-mail is similar to a postcard.
 E-mail is *not* secure—nor is it private.
 Encryption is the only way to help in
preventing others from reading your
e-mail.

Email Security Fundamentals

Question Unsolicited Documents.

Use attachments only when necessary.

Question ALL executable programs
received via email.

Notify the sender of infected emails!

Pay attention to file extensions...
Common File Extensions
Great Resource:
http://www.matisse.net/files/formats.html
Extension
.html .htm
.doc
.gif .jpg
.exe
Type
Webpage
Word Document
Graphic
Program—self extracting (*caution!)
Finding File
Extensions in
Windows-based
machines:
1. Click on START.
2. Select SETTINGS
3. Select CONTROL
PANEL
4. Select FOLDER
OPTIONS
5. Select VIEW
Make sure that this
box is *not* checked.
SPAM
Internet “Junk” Mail
 Unsolicited email—usually sent to
many people
 According to the Gartner Group, a
research firm, about 90% of email
users receive spam.

The Pros and Cons of Spam
A Brainstorming Activity….
Why Should I be Concerned about
Spam?

Costs Money.
– Recipient of the advertisement pays for the
connection time, disk space, bandwidth, etc.

Lost Productivity.
– Time, Time, Time

Clogged Email.
– May be prevent receipt of important messages.

Discourages Internet Use.
– May discourage others from seeing the benefits of the
WWW.
Types of Spam

Chain Letters:
– A message that urges readers to pass the letter on
in order to receive a reward.

Hoaxes:
– Chain letter that is based upon a fictitious scenario
or circumstance.

Urban Legends:
– Email messages providing “safety” messages or
warnings.
Resources to Find the Truth
About Spam:

http://www.urbanlegends.com

http://www.urbanmyths.com

http://www.earthlink.net/internet/security/spam

http://www.mcs.com/~jcr/junkmail.html

http://www.junkbusters.com
Ways to Reduce Your Daily
Intake of Spam




Use a “dummy” account for online promotions,
games, etc.
Request that your information be removed from
Internet “white pages”.
Be sure to HIDE your information when joining a
listserv or mailing list.
Cut and Paste funny stories, poems, etc.
– Encourage others to do the same!
Acceptable Use Policies
Link to the CERIAS AUP website.
Develop Classroom
Technology Guidelines
Supplement to overall AUPs
 Details expectations of the students
 Opens dialogue on infosec issues
 Protects the teacher---responsibility is
placed upon the choices made by
students

Reducing “RISK” of Internet Use






Guide students on the Internet---keep them
on track and task orientated.
ALWAYS supervise students using the
WWW!
Remember that a filter cannot be 100%
secure
Beware of “FREEBIE” offers!
Never open attachments that you do not
expect OR that are from someone you do
not know!
Update your anti-virus software frequently!
Recommended Search Engines---for teachers or
secondary students
Google
 Yahoo
 Lycos
 AltaVista
 Dogpile (meta search engine)

Kid-Friendly Search Engines






Yahooligans
KidsClick
Ask Jeeves for Kids
Awesome Library
Supersnooper
Searchopolis
All available online @
CERIAS’ K-12 Site!
Practice:
Regular Search Engine v. Kid-Friendly
Search Engine
Keyword: MERMAIDS
 Try it in: Lycos or Google

– http://www.lycos.com
– http://www.google.com

And then, in Yahooligans:
– http://www.yahooligans.com
General Searching Tips for Teachers:

Think about ALL of the different words to
describe your topic. (ex. Technology Resource Center)

Use as many keywords as possible.
Watch for mispelled words! 


If you are unsuccessful with one search
engine, try using a metasearch engine.

Become familiar with one search engine--and read its list of suggestions!
Why Should I Use Scavenger Hunts?
Excellent technique to guide students
on the Internet.
 Increases student time on task.
 Lessons can be used repeatedly with a
small amount of modification.
 Provides students with an opportunity
to increase their technical skills.
 Increased student motivation!

How Can Scavenger
Hunts be Used?
Individual Assignment
 Small Group Activity
 Whole Class Activity
 Enrichment Activities

Important Elements
to Include:
Introduction
 Specific Task (written or verbal)
 Clearly Defined Steps
 Set of Information Source (WWW or
other)
 Evaluation
 Conclusion (remind them what they’ve learned!)

Level 1 Sample:

Using this site:
http://www.contemplator.com/america/index.html

Answer the following question:
Legend has it that Henry VIII wrote the song
Greensleeves for whom?
Level 2 Sample:
Find the answers to the following question
by accessing the websites listed below:
What is the motto of the National Wildlife Federation?
• http://www.volcano.und.edu
• http://www.nhm.ac.uk/interactive.html
• http://www.nwf.org
Level 3 Sample:
Find the answer to the following question.
Be sure to include the answer and the URL of the
website where you found the answer:
Where did Neil Armstrong earn his Bachelor's Degree?
Privacy Primer
What is Privacy?

Privacy refers to “the ability to control the
degree to which people and institutions
impinge upon one’s life” (Hildreth & Hoyt,
1981)

Also, privacy refers to “the right claimed by
an individual to control the disclosure of
personal information about themselves”
(Adams, 2000)
Privacy Concerns...

Privacy issues out ranked world war,
terrorism, global warning, economic
depression, racial tensions, guns, and
overpopulation as the main concern for
Americans as they entered the 21st
century. (Adams, 2000)
Online Methods of Collecting Personal Information:

Direct Data Collection: online users voluntarily
complete surveys or information requests in
exchange for a benefit.

Indirect Data Collection: Web site owners obtain
information by depositing “cookies” onto your hard
drive. These cookies are small files that could
include any of the following: name of your ISP, the
“specs” of your machine, passwords, past online
purchases, last site visited, areas viewed on current
site, etc.
Online Privacy Rights:





Notice: consumers have the right to be notified that data
are being collected, how the data will be used, and to
whom it will be disclosed.
Choice: consumers should be able to limit the use of
information beyond what is needed to complete the
transaction
Access: consumers should have a timely and inexpensive
way to view data gathered about them and contest its
accuracy
Security: organizations that gather data from consumers
must reasonably ensure that the information they keep is
secure against loss of unauthorized use
Enforcement: effective enforcement against privacy
violators is critical to the protection of personal information
Privacy Legislation for Educators

FERPA:
– Family Educational Rights and Privacy
Act (1974) requires that educators
demeonstrate “due diligence” in
protecting student data, information,
records, and other sensitive information.
– Teachers can be personally held liable for
failing to maintain the integrity of such
data.
Legislation continued...

COPPA:
– Children’s Online Privacy Protection Act (1998)
requires that commercial Web sites targeted at
children under the age of 13 must follow a
detailed series of procedures (including
obtaining parental permission and review) prior
to gathering data.
– In a school setting, teacher may grant such
permission for educational purposes.
Practical Privacy Techniques for Teachers:
1.
1.
2.
3.
4.
5.
Practice Proper Information
Security Techniques
E-Mail Awareness
Download Precautions
Close the Cookie Jar
Read Privacy Statements
Set up a Second Online Account
Collection of Children’s Information

1999 Survey: 16 million children ---14% of US
citizens under the age of 18 regularly use the
Internet. (1999)

Study conducted by Cai and Gantz (2000) indicated
that the majority of Web sites targeted at children
collect personal information from their under-age
users.

Children also readily provide personal data in return
for a “great prize” (Carlson, 2000)
Dissemination of Privacy Practices to Students:




Fundamentals of protecting privacy is a
“new” skill that schools should address
(Willard, 2000)
Privacy issues need to be embedded within
the curriculum as readily as technical skills
(FTC, 2001)
Short lessons and natural teaching
moments work well for identifying the topic.
Teachers must serve as a role model for
privacy protection practices.
Need for Additional Research:
Few studies have been conducted to
determine the current status quo of
privacy protection within the K-12
environment.
 Institutions of educational research
should readily explore the issues
surrounding technology integration as
well as its effectiveness in the schools.

Privacy Conclusion:



As technology is introduced into schools, it
is critical to combine the technical skills with
the soft (ethical) skills surrounding the
media.
Attention needs to given to both teachers
and students upon this topic.
Teachers must practice privacy techniques
daily---to protect the information and serve
as a positive role model.
Applying this
workshop to YOUR world...
Working in groups...
Identify at least 5 ideas,
concepts, or activities that you
will be able apply to your school
environment.
Methods of Professional Development
Share creative methods of motivating
teachers.
 How do you fit professional
development into an already busy
school day?
 What are some critical elements
involved with professional
development?

Questions???