Episode 175 – Cyber Bunker

Tony and Patrick and talking Cyber Security (more like Cyber Fear) and Patrick’s quest to find a good wireless streaming option for classrooms other than Apple TVs. As always please subscribe to us on your favorite podcasting app or on Apple Music.

  1. Tony’s Fired Up about CYBERSECURITY PANIC

  2. Connecting your computer wirelessly to a display
    1. Barco ClickShare – https://www.barco.com/en/clickshare
    2. Mersive Solstice – https://www.mersive.com/products/solstice/
    3. Crestron AirMedia2 – https://www.crestron.com/Products/Featured-Solutions/Airmedia
    4. Airtame – https://airtame.com/
    5. Apple TV – https://www.apple.com/shop/buy-tv/apple-tv-hd/32gb
    6. Miracast – https://www.microsoft.com/accessories/en-us/products/adapters/wireless-display-adapter-2/p3q-00001
    7. Look at rooms differently – not one solution for all spaces
    8. Hurdles for schools and companies

As always you can listen to it HERE!

Posted in Podcast | Tagged , , | Leave a comment

Streaming in the classroom: Introduction

I’m on a quest! I’m on a quest to find the best wireless streaming solution for a classroom. 2020 is nearly here and there are more than a few options out there and at a wide variety of price points.

Unfortunately, I cannot look at every possible Frankensteined configuration so I will be focusing on some of the big names that are already out there and their solutions. Right now here is what’s on our table to demo and review.

  • Mersive Solstice Airpod
  • Barco Clickshare
  • Airtame 2
  • Crestron AirMedia 2
  • Apple TV (latest generation)

To be fair we already have a deployment of Apple TV’s so I will probably start with that device first. My school just recently received a demo unit of the Mersive Airpod so that will most likely be the next post after that. Then we will just see.

Why?

Our teachers and staff use Apple laptops and the Apple TV’s are really good for that. However, the inexplicably drop the teacher connectinos, sometimes had serious lag with video and sometimes just don’t want to cooperate at all. We are looking for a device that will allow teachers to stream video and mirror their displays with very high reliability all the while maintaining high resolution and not dropping too many frames.

We (the IT team at my school) would also like to be able to manage them remotely from a single dashboard. This allows us to control when to update them, how to configure them and to download logs to analyze or send to the manufacturer for technical assistance.

Goal

Obviously to find a solution that works and that is reasonable in price that is relatively straight forward to use. Will our school find a solution? I am not so sure but it is certainly worth exploring and you, my friendly reader, are invited to join me on this journey.

Posted in Patrick Cauley, Review | Tagged , , | 3 Comments

CyberSecurity Part 1: Social Engineering

By Tony DePrato | Follow Me on LinkedIn

I have noticed an uptick recently in schools moving resources, money and time, to address cybersecurity concerns. The motivation for addressing security issues is genuine, but the approach and implementations I am reading about are less than effective.

Over the next few weeks, I will be writing a series of posts to address what schools should do to improve cybersecurity. Nearly every suggestion will require a change in process or culture, but not any significant financial investment.

Social Engineering

Even if you’ve got all the bells and whistles when it comes to securing your data center, your cloud deployments, your building’s physical security, and you’ve invested in defensive technologies, have the right security policies and processes in place and measure their effectiveness and continuously improve, still a crafty social engineer can weasel his way right through (or around).

Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data. ~ https://www.csoonline.com/article/2124681/what-is-social-engineering.html

Physical access to any space is the holy grail. Hacking begins with collecting information, watching people, finding the weak links within the organization, and studying how systems and people work.

Having an open friendly campuses means exposing information systems to a variety of threats that exist outside the network controls.

Allowing students, teachers, and staff to freely move around campus with few limitations or consequences, creates multiple opportunities for data to be collected on areas of the campus that generally are part of the plant or backend operations. These areas are designed for small teams of workers to keep the campus running, and these areas allow access to systems that control things like water, gas, electricity, etc. The plans and operational guides for these areas are not public, but people taking a regular stroll through these spaces eventually collect enough information to execute an exploit.

Maybe the exploit is simply students finding a way to sneak off-campus, but when one group creates a loophole, another group has the opportunity to use it. Social engineering practitioners are looking for loopholes and they are looking to mix with trusted groups of people. Their access begins with a bad policy or the improper enforcement of a policy.

It is far easier to use social engineering tactics to attack a school’s data and assets than to try and exploit the network externally. Not only is it easier, it is less risky. Generally, school policy is granting a person physical access, and therefore they are not trespassing. Whereas any attempt to breach the network would be a crime.

Before worrying about the network, the cameras, and the technology as a whole, it is imperative to reduce physical access and to design policies that balance community with access.

Defending Against Social Engineering in a Friendly Manner

Schools are not banks or government facilities. They are generally friendly and trusting environments. Implementing security measures should not create a panic, and should not create a culture a fear. Every measure taken needs to connect to another logical reason that the community can understand. Here are some ways you can reduce the risk of threats through social engineering:

  1. Let everyone know, they are free to call security and report anyone or anything they see that seems “off.” This means, not punishing people if they misidentify someone. Make the process easy, and make certain security personnel follow through and keep records. Social engineering often requires a few visits to a campus, and studying reports could identify a pattern.
  2. Lunchtime is always important on a school campus. Set a simple policy for business and operational offices to either rotate their lunchtimes and /or lock their offices. Lunchtime rotation is an excellent countermeasure. It ensures that every day, a few people are always in an office, the offices are open so people can access services, and the schedule of activity is difficult to predict.

    An example would be the following: Four people work in accounting. On Mondays, Wednesdays, and Fridays, person 1 and 3 choose to do lunch at 11:30AM; On those days person 2 and 4 choose to do lunch at 12:30 PM.

    Locking offices for an hour is safe, but it is not going to be as popular as using a rotation.

  3. Any closet or room containing computer network equipment, phone system equipment, etc. should not be used for storage. Why is this important? Because the moment a room or closet is accessible for storage, the number of people who will be opening the door becomes unpredictable. The equipment in that space would allow easy access to all the data that flows through the school.

    A common mistake schools make, is to use these network/electrical closets to store cleaning supplies.  Cleaners are usually very friendly and trying to help people, as well as maintain safety. So, if I wanted to access the closet and exploit the network, I would create a spill of liquid and wait for the cleaner to get into the closet. I might even distract them long enough to slide a small piece of paper between the lock and door jamb.

    The cleaner is doing their job, and I have gained access to the space after the cleaner is finished.

  4. Guests/Parents should have their own network. It goes without saying that allowing anyone aside from students and employees on the academic network is risky. A guest network SSID is highly recommended if the public or parents are allowed to use the WiFi. The more I consider this, the more I believe that a better policy is to simply improve the mobile network reception, and direct people to use their own data.

    A school can invest in repeaters and other technology to make the mobile signals from various providers strong and robust.

    Schools can also use services like Kajeet to deploy better mobile access. In many cases, schools qualify for FREE mobile hotspots. Why spend time and resources giving the public and parents access to limited and/or filtered academic networks anyway? Using mobile reduces the chances of a data breach, and virtually eliminates the liability a school would incur.

  5. Encourage and incentivize teachers to work outside their offices, in higher traffic areas. Teachers know each other, they know parents, and they know students. Teachers also have good instincts for spotting odd behavior. These statements are from anecdotal evidence, but if you have worked at a school for a long enough time, then you realize teachers are truly on the pulse of the organization.

    Teachers working in school cafes, libraries, etc see and hear more than they would if they are isolated in offices.

    Setting up conference rooms with glass walls, or creating PD opportunities in more public venues would greatly improve the random and increased presence of teachers on-campus.

    Remember, the idea is to create unpredictable patterns and to make it more difficult for someone to find a weakness and the confidence to act. The mere presence of staff in public spaces is a deterrent.

  6. Assume a good Social Engineer can get on-campus with an ID check, and plan accordingly. The core group defending against social engineering would most likely be the security team, operations team, and technology team. They should work together to plan scenarios and action plans. School leadership needs to make certain that those teams are focusing on those individuals who have enough skills to get through the external layer of security.

    Making assumptions that the camera system, front gate ID check, etc., will somehow prevent access, is going to create a false sense of security. Good social engineering requires imagination and creative thinking. Good defense will require the same.

  7. Work with parents to test your security and access. Parents want what is best for the school and their children. Parents also have come from a variety of backgrounds. They are a trusted group that will be honest and help measure improvements.
  8. Educate yourself first, and seek outside advice second. There is a massive amount of information about social engineering. It is worth educating a core group of people on security topics so they can inform practice and direct consultants. Remember, consults will only be useful until they leave. Build your team, and give them the time they need to learn. Much of what people need to know is free, time is the only factor.

I hope this posts stirs the pot and creates some discussion on school campuses. I am placing some resources below, including some very informative and entertaining videos on the subject of social engineering and physical penetration testing.

I am happy to do a live debate on this subject or webinar for anyone interested. Please email me at tonydeprato@gmail.com

 

Resources

 

  1. DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)- https://www.youtube.com/watch?v=JsVtHqICeKE
  2. I’ll Let Myself In: Tactics of Physical Pen Testers- https://www.youtube.com/watch?v=rnmcRTnTNC8

  3. What is Social Engineering: https://www.csoonline.com/article/2124681/what-is-social-engineering.html
  4. Passwords are Still a Problem: https://www.nextgov.com/cybersecurity/2019/01/why-computer-passwords-are-still-problem-2019/154086/
  5. Cybersecurity Stats: https://www.varonis.com/blog/cybersecurity-statistics/

 

 

 

Posted in cyber awareness, Educational Technology, social network, TIEONLINE, Tony DePrato, Uncategorized | Tagged , , , | Leave a comment

Episode 174 – Law & Tech

Tony and Patrick have got law questions. This means that we had to go out and get a real, honest-to-God lawyer in the form of Keith Wurzbacher. Listen to a (mostly) serious conversation regarding schools, email addresses and much more. As always be sure to subscribe to us on Apple Music or with your favorite podcasting app.

  1. World Series Predictions?
  2. Should or can schools give email to people who do not work (or have worked) or are associated with the school 
    1. Uses email for personal legal matters
    2. No expectation of privacy
    3. Email address is for school related purposes
    4. Representing the school
    5. Social media concerns
  3. Limited expectation of privacy
  4. School’s legal time in a problem
    1. Hiring PR firm
    2. Paying for lawyer/law firm
  5. Trunk-or-Treat – https://en.wikipedia.org/wiki/Trick-or-treating#Trunk-or-Treat

You can download to the episode here!

Posted in Podcast | Tagged , , , , , , | Leave a comment

cal.new = A new Google Calendar Event

Not too long ago, Google announced a bunch of really handy short URL’s that will let you create new types of files. I wrote about it here. For a quick refresher, here they are:

  • docs.new = New Google Doc
  • sheets.new = New Google Sheets
  • slides.new = New Google Slides

Now there is one more to add and if you read the title, this will be no surprise. If you type cal.new, it will create a new calendar event. It is super handy.

Of course you must be logged into a Google account for this to work. So, if you don’t use Google or your school uses Office 365 or some other system then you can forget you ever read this post.

For me this is a big convenience. Most of my calendar events are appointments or meetings with other people. When you create a new event the old fashioned way of actually going to the calendar and clicking on the day you want an event. Here is what you get.

 

 

 

 

 

 

 

 

I want more options than what is there. I just do. I like to add notes, link to other Google Docs that are necessary for the meeting or maybe just a joke to lighten the mood (my meetings can be unnecessarily serious).

So yeah, I like this feature.

Posted in Google Apps | Tagged , , | Leave a comment

The Absolute Best Accessory for Your Apple Laptop

usb1By Tony DePrato | Follow Me on LinkedIn

I am not one to recommend products. However, lately, I have come to realize that since Apple removed all the useful ports on their laptops, I am reliant on a single $2.00 piece of hardware: a USB C-Port Adapter. This little piece of plastic magic makes my workflow work.

This tool is a simple design at a modest price point, yet, it is often the solution that moves a project from idea to reality. I connect dozens of devices using this technology bridge in order to deliver curriculum, podcasts, 3D printed objects, etc.

The most remarkable quality this small island of magic possesses is that is constantly reminds me that we do not need solve problems via upgrades. We should be solving problems with technology and educational technology by tightening our workflows and being resourceful.

There seems to be a constant insistence that X is not fast enough, or Y is not dependable. I constantly hear people state that the equipment they have in 2019 cannot solve a 2001 problem. The issue is rarely the stuff, the issue is usually the workflow.

Try Something New with Something Old

Here is an exercise I would recommend everyone try on their campus. This can be done for fun, as club, or as some type of fun challenge.

Have departments, staff, students, and other community members submit some issues or problems that continue to linger in the classrooms (learning spaces). Appoint a small team to review the problems, and choose one.

Finally, put this problem out to those willing to compete for a solution with the following criteria:

  1. The total budget that can be used to solve the problem must be less than $10.00 (or equivalent)
  2. Solving the problem using used equipment, materials, recyclables, etc. earns teams extra points
  3. Using school owned equipment to plan and produce a solution is required; donations are not allowed

Professionally, I actually try to follow this process all the time. The items above are on a personal check-list. My goal is to model a solution using existing resources.

What if It Works?

Often real solutions arise that are functional, but below standard. That is not a bad thing. The school has empowered a community driven development cycle, and created a working prototype under the umbrella of healthy competition. There are no losers in this game, everyone learns, and everyone wins.

In fact, if a school can continue to improve the process, and raise the standard internally, the outcome would be a community built and maintained solution. Older students can keep the momentum going as long as school mentors and leaders provide regular oversight.

Small Solutions have Real Power

This small solution below, is actually very important to my workflow.

usb2

No one needs to build a Tesla to change the world for the better. It is important to develop a philosophy of empowering students and teachers to create small things that improve daily workflows, increase efficiency, and add comfort and entertainment to the campus.

Start small. Ask questions. Find a problem. Make a prototype. Change the world.

Posted in Helpful Tips, Instructional Technology, TIEONLINE, Tony DePrato, Uncategorized | Tagged , , , , , | Leave a comment

Episode 173 – Colts for the Win!

Tony and Patrick are back for another great episode. It is a quick one this week where we talk a little NFL, Google Daydream and swimming in your data. Check out the talking points below and as always be sure to subscribe to us on iTunes or your favorite podcasting app.

  1. Google Daydream is winding down
    1. https://www.androidauthority.com/google-daydream-1041548/
    2. https://killedbygoogle.com 
    3. https://www.oculus.com/medium/
  2. Swimming in the Data Lake by Tony DePrato
    1. https://itbabble.com/2019/10/12/swimming-in-the-data-lake/
  3. SideCar – Full Test…with Apple TV
    1. https://support.apple.com/en-us/HT210380
    2. Must use a pen
    3. Astropad  – https://astropad.com 

You can download this week’s episode HERE!

 

Posted in Podcast | Tagged , , , , | Leave a comment

Swimming in the Data Lake

hacker-2883632_960_720

By: Tony DePrato | Follow me on LinkedIn

Educational organizations are face with the constant influx of seemingly new technology. This creates pressure (even a demand) to review, to compare, to challenge, and often, to change.

The business around software is not understood nor recognized by most educational institutions. Schools trust. Schools hope. Industry, generally, tries to profit. The constant churning of technology companies through mergers and venture capital initiatives creates an unstable environment. This environment breeds havoc and forces decision makers to ask: Will your vendor be your vendor tomorrow?

The game is rigged. But. There is way to take the game back. There is way to design flexibility into the ecosystem and empower decision makers to relentlessly negotiate for the deals they need, and when they need them.

For years we have focused on controlling the box, the physical interface, and the platform. In most cases, these concepts are now irrelevant. Software as a Service (SAS) has evolved to allow a tablet to carry the power of a laptop, and a laptop the power of a GPU driven workstation. SAS is just the beginning, in fact, it is only a replacement for the platform. The heart of the system is the data, and the data controls the decisions more than anything else.

The next evolution for education, K-12 and above, is to adopt new standards allowing the organization to choose their modality but maintain the standard of communication.

Educational institutions need to build a data lake, or data repository, using data from all their vendors. Any vendor that cannot meet a few basic standards, needs to be eliminated from the pool of options. These standards would be simple, and would include:

  • Data, all data, can be exported in a single data pump when required
  • Data, all data, can be exported into at least one or all of the following formats: csv, tab, sql, or xlsx
  • Downloaded Data, all downloaded data, will only have encryption if the client chooses
  • APIs and other methods to sync real time data are optional; even if these tools exist, the data export requirements must be maintained

By insisting these standards be met by vendors, educational organizations will not only be able to constantly analyze all their data, they will be able to recreate themselves when they choose. Vendors will not hold the fear of data loss, or opportunity cost, over the decision makers.

The only remaining conundrum is: how do we show every school how to do this, and how to find opportunity within this new environment?

Posted in Educational Technology, Tony DePrato | Tagged , , , | 1 Comment

Episode 172 – Did Someone Say Pirated Movies?

Tony and Patrick are back with more Ed Tech goodness. Check out the talking points below and be sure to subscribe to us on iTunes or your favorite podcasting app (PocketCasts is free now!).

  1. PSA: Google Drive and Pirated Movies by Patrick Cauley
    1. https://itbabble.com/2019/09/23/psa-google-drive-and-pirated-movies/
    2. Digital Millennium Copyright Act – https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act 
  2. Computer Science Empathy by Tony DePrato
    1. https://itbabble.com/2019/09/18/computer-science-empathy/
    2. Great advice for getting started
  3. Microsoft: We want you to learn Python by Liam Tung of ZDnet
    1. https://www.zdnet.com/article/microsoft-we-want-you-to-learn-python-programming-language-for-free/
    2. 44 short beginner Python videos
    3. https://www.youtube.com/playlist?list=PLlrxD0HtieHhS8VzuMCfQD4uJ9yne1mE6 
    4. Slashdot.com Hidden Video Games
      1. https://games.slashdot.org/story/19/09/24/0143229/researchers-find-mystery-hidden-in-early-80s-atari-game
  4. Stop having a love affair with your suppliers
    1. Remember they are in it to make money
    2. Keep it healthy
Posted in Podcast | Tagged , , , , , , | Leave a comment

PSA: Google Drive and Pirated Movies

This is just a quick public service announcement and one not too new. We have seen a number of postings on a local listserv that says that students have been accessing pirated movies on Google Drive. All you need to do is search Google Drive + Popular Movie Title and that is about it. Check out the GIF below as I find Avengers: Endgame on Google Drive.There are a couple of items to be worried about.

  1. Putting pirated movies on Google Drive is illegal and Google (not the school/district) could shut the account down – permanently
  2. Putting movies that are protected by copyright on any server for a lot of people (or even just yourself) to view is simply illegal
  3. Students looking for this content could accidentally find malware, viruses or phishing scams so be careful.

You can probably find this activity pretty easily by monitoring your network and filter by who is using the most bandwidth, but I would think twice about announcing this to students as there may be some who are unaware of the practice.

Posted in Helpful Tips, Patrick Cauley | Tagged , | 1 Comment