School Net (Hong Kong) Limited
School Network
Security Vulnerabilities
Teachers
Server
Intranet Server
General
Suggestions:
•
•
•
•
Security Audit
Upgrade Firewall
Update Systems and Applications FREQUENTLY Wifi
Change Password FREQUENTLY
 Systems (Win2000, RH7.2)
 Application (Web, PhPBB, FTP)
Workstations
Router
WebSAMS
Crystal Report
Workstation
Application
Firewall
Network
Firewall
Internet
Network
Server Attack
Attack
WebSAMS
Server
WebSAMS
HTTP Server
School Network
Teachers
Server in Daily
Intranet
Server
Difficulties
Operation:
• Method and types of attacks change
General Suggestions:
•
•
•
•
rapidly, difficult
Wifi
for schools
Security
Auditto follow the latest updates.
Upgrade Firewall
Systems
and Application
•Update
Heavy
teaching
workFREQUENTLY
load makes it difficult to
Change Password FREQUENTLY
maintain and update such an complicated network security
environment by teachers themselves.
• Limited resources
for schools to afford
Workstations
expensive solutions
and services for commercial use.
Application
Router
Firewall
• Many companies only sell products and lack skills,
knowledge and the right to modify the
WebSAMS
product
Crystal
Reportthey provide.
Workstation
WebSAMS
Server
WebSAMS
HTTP Server
Network
Firewall
Internet
School Network
Teachers Server
Intranet Server
Wifi
Workstations
Router
Application
Firewall
Network
Firewall
Internet
 Regular update managed by Professional
Team who developed SCHOOLWALL.
WebSAMS
Crystal Report
Workstation
 Tailored for Schools in Hong Kong.
WebSAMS
Server
 User Friendly Interface – reduce time to
learn and operate.
WebSAMS
Server price
HTTP
Affordable
Latest and Upgraded Functions:
•
•
•
•
User Friendly Interface
Packet Filtering
URL Filtering
Classroom Control
 Finer access control
 Bandwidth control
• Application Protection
 Web
 FTP
 Email
• Statistics
• Expansion Module
New User Friendly Interface
Packet Filtering
• Static NAT
NAT Mapping
Filter Rule
URL Filtering
Transparent Proxy (TCP/Port 80)
Global default deny list
Classroom Control
• Additional control on a set of fixed IP addresses
– Examples: IP range for staff, computer rooms
• Domain Blocking / Unblocking
–
–
–
–
Allow List : Default deny all but allow exception in domains
Deny List : Adding domain block list to global deny list
Deny All : Deny all access, no exceptions
Allow All : Allow all access (no blocking)
• Bandwidth Control
– Guarantee Bandwidth
– Maximum Bandwidth
Classroom Control
• Example of adding “Deny List”
+
URL filter
• Sendspace.com
+
Zone control “Deny List”
• yahoo.com
Classroom Control
• Bandwidth Control
Testing URL:
ftp://download.speedtest.com.hk/100mb.zip
G – Guarantee Bandwidth
M – Maximum Bandwidth
Maximum Bandwidth limt the download speed
Application Protection - Web
• Example of blocking SQL injection
Setting up
Receiving Request
Analysis
Denied If not allowed
Application Protection - FTP
Set a password retry limit to the connection.
If exceed the limit, the IP will be banned for a fixed period of time.
Application Protection - Email
• Sender blacklisting
Anti-spam mechanisms:
Self define White / Black list
• DNSBL
• Greylisting
• SPF
• DKIM
• Sender White / Black Listing
Statistics - Network Traffic
Bandwidth Graphs
Statistics - Network Traffic
Email Gateway Statistics
Expansion Module – Server Certificate
Comparison
Network Protection
Investment
Consequence
$0
Serious!
Self Developed
Firewall
Time of
Teachers
Very difficult to upgrade
Commercial
Firewall
Very
Expensive
Lack maintenance and support
Very
Affordable
Install, Update, Upgrade, Support
- VPN, Lab, Proxy, Filter
No Firewall
~The End~
Thank you!