Holes in my security

[sidkik23]

Okay, so I am a cadet in the schools technology department and we recently recieved a grant for new 11-inch macbooks. With these new MacBooks, I was given the task of finding any holes in the security system. Now so far I found diddly-squat. I was wondering if anyone could find holes that a regular student could find/use without causing damage to the Mac (I still have to pay if I break the MacBook regardless of my position). The security on the internet is pretty tight; we have LightSpeed Systems install on the Macs so online proxy will not work. We have FileWave installed so it controls the software pretty well, not to mention the fact that we made a new image file complete with parent controls, disabled features, etc. The startup keys (except for the recovery mode keys) and the Firmware Utility has a passcode. Here is a photo of the System Prefrences panel just to give you an idea:
I would appreciate some help with this as I cannot find any holes that a regular student could use (I can get past it, just not in ways that students would know).

 

[McBie]

The biggest vulnerability and the biggest threats originate in layer 8 of the OSI model ... that is the layer between the chair and the keyboard.

Awareness is the key towards a successful security environment. Make people aware of the risks they ( or the company ) are faced with and try to trigger a change in behavior, a new mindset.

Cheers ... McBie

 

[vansmith]

It's actually really hard to know without knowing the students. If these are "typical" secondary students, you're probably going to be fine (some will, though, find ways around things). I would encourage you to do what you can and simply remain vigilant. As McBie said, the biggest threat are your users and you can't know what they do until they do. While that is largely reactive, if security in IT tells us anything, at some point, you will have to react.

That said, we can certainly try to help. Is there any one particular thing that you have concerns about?

 

[sidkik23]

Thanks, I am mostly concerned with the security of the internet. LightSpeed can only do so much, however the students cannot open applications downloaded from the internet, so any downloaded program is out of reach.

 

[McBie]

What are the risks that you want to protect yourself from .... leave technology out of the equation for the moment.
Maybe we can approach it that way.

Cheers ... McBie

 

[sidkik23]

I would like to protect from students possibly bypassing this security set in place. Whether this be via Proxy or otherwise I do not know but any help in this is appreciated.

 

[McBie]

With all due respect, but that is not a risk you want to protect yourself against.
Maybe I should have been more clear.
A risk could be " downloading illegal content from the internet ". For that you can put controls in place.

When you want to protect yourself from students bypassing your current security set then the ONLY solution is to take away their computers.
You should be vigilant ( which you are ) but not paranoid.

Identify your risks, identify the vulnerabilities in the system and then build controls. Not the other way around.

Cheers ... McBie

 

[vansmith]

I would like to protect from students possibly bypassing this security set in place.

This may sound defeatist but you can't. If the history of technology teaches us anything, it's that people always find ways around things if they want. I remember myself being in high school and finding ways around the weird system in place on all the computers that was supposed to limit us to a select set of applications (by opening the help app for any application and then using the open dialog there to get access to other folders). The only answer here is vigilance, as McBie stated, as you can never know what students (a) know themselves and (b) what they're capable of. Perhaps the best defence is a frank conversation - honour the security and our efforts to keep the network and your machine intact and we will honour your efforts to use the computers effectively and we will support you as you learn.

 

[sidkik23]

Thank you everyone for your help. I have taken the advice, tips, and ideas into effect and feel like our system is safe (as safe as it can be for now).

 

[100% Apple user]

remember you are using one of the most secure if not the most secure operating systems on this planet, there are still risks but none that i would be extremely concerned about, people will always try to get around things so there is really nothing you can do to stop that risk except ask for and expect their cooperation. since you are using macs the best advise is to keep the operating system up to date as well as adobe and java software and let the computers keep themselves secure or as secure as they can be.

 

[lclev]

I do understand your issues. I taught for 30 years of which 9 of those were computer science. On one side you have the parents who do not want their kids exposed to the potential content and threats found on the internet - and truly believe their kid would NEVER do that deliberately! ;D On the other side you have the ever resourceful student who does not grasp the potential problems and does not want to be restrained from exploring and other things. Unfortunately, you will have a few students who are smart enough to come up with work arounds for your restrictions. And those that are usually show their friends "how to" so the problem expands.

You already have set up your defense. I am guessing by you referring to yourself as a cadet that you are a student? If so, you know who has the skills. Either enlist them or monitor them. No matter how secure you make your laptops or network there are always creative minds at work.

Lisa

 

[McBie]

I think Lisa made a great statement in the post above .... it is so true.

Those who believe that technology is the answer to their security problems do not understand the technology and do not understand the problems.
It is all about people and their behaviour.
Fix that and you wil make a big leap forward in reducing risks to your environment.

I realised this thread is old, but the issue is still very relevant and can not be stressed enough.

Cheers ... McBie