When Vantage IT was asked by a secondary school to look at its IT, our investigations found major flaws lurking just below the surface.
Although the school did have an in-house IT team, their limited knowledge had created an IT network that was precarious and costly. Unresolved weaknesses included:
Security vulnerabilities, meaning confidential data was at risk
Failing equipment was being ignored, or going unnoticed
Unseen tampering was causing network errors
Almost all data was not being backed up
Basic monitoring of the equipment was being neglected
Expensive equipment had been purchased unnecessarily
These vulnerabilities and costly mistakes had the potential to cause significant disruption to the school and, if confidential data had been lost or stolen, there was the possibility of prosecution. Huge sums of money had been wasted on needless equipment, or from failing to update contracts with equivalent, lower-cost providers.
What Did Vantage IT Do?
We quickly realised the precarious nature of the infrastructure and rapidly undertook a full review of the existing systems, immediately working to improve the IT in the most cost-effective manner possible.
A breakdown was provided of all the risks, with costs, making it possible for the school to prioritise the most important work, as finances allowed.
In a matter of weeks we had dramatically improved and secured the entire IT infrastructure, whilst other key areas continued to be rectified in line with the school’s budget.
The Full Case Study
There were many elements of the IT that required attention. Below are examples of some of the problems we encountered.
Passwords:
Issues: Crucial virtual servers were using standard default passwords. Any unauthorised person (such as an IT savvy student) could easily have logged in and deleted entire virtual servers, resulting in a total loss of data, rendering the school incapable of running its IT for weeks. Backups were unavailable to restore, effectively guaranteeing permanent data loss.
The firewall’s default passwords were still set, again making it possible for unauthorised changes to be made, such as modifying rules to allow out traffic to blocked inappropriate web sites, in breach of Ofsted regulations.
Additionally, only two passwords were used throughout much of the equipment and systems on the network and the same two passwords were also used on external websites. A number of individuals, both current and past employees, were aware of these passwords, putting at risk the school’s infrastructure and IT service provision.
- Resolution: Passwords were changed and systems updated. Passwords are now unique and complex.
Firewalls:
Issues: One of two firewalls was frequently locking, resulting in the blocking of all internet access by all users.
- Resolution: Vantage IT repaired the faulty firewall through a relatively straightforward update. It was also found the firewall’s warranty and licences for scanning content were shortly due to expire, so we highlighted this ahead of schedule for easier budgeting and to avoid loss of service.
Equipment Tampering:
Issues: Staff access to servers was frequently disrupted by students interfering with network equipment.
- Resolution: Vantage IT implemented a cost-effective Uninterruptible Power Supply (UPS) to provide power backup to the affected devices, utilised existing equipment to secure the devices and advised on other potential precautions.
Monitoring:
Issues: None of the servers and network devices was monitored, so any problems would go unnoticed until they resulted in the server or device failing, affecting users’ work.
- Resolution: All servers and network devices are now monitored. If any problems arise, Vantage IT is alerted enabling action to be taken before users are affected.
Backups:
Issues: Sixteen servers were in use, but just one was being backed up daily, with all other data, such as emails, staff and student work, included in a weekly backup. This weekly backup was failing and had been for at least the three months for which logs were available.
- Resolution: All necessary servers are now backed up each evening to our DataSafe online backup service, and each weekend a backup to tape of the servers is performed. DataSafe provides an off-site, secure backup that removes the need and cost to frequently change and store tapes, plus it includes six months’ retention (compared to the tape backup’s one month). We now perform hybrid backups, providing the benefits of online with the complimentary security of tape backups, without the need and cost of daily tape changes.
Network Switches:
Issues: There are many network switches throughout the school that connect all the computers to the servers. The central core switch is critical to the network and to which all other switches connect. If this were to fail, all IT infrastructure, including servers and internet, would be inaccessible. The switch’s four-hour warranty had been allowed to lapse earlier in the year.
- Resolution: We recommended the warranty be renewed and subsequently arranged this. It was also found during our review that a switch was faulty, so this was replaced at no cost and under warranty. Even though all other switches were covered by next-day response warranties, the actual delivery of a warranty spare can take longer. The most cost-effective alternative to protecting all switches with upgraded warranties was to arrange a spare switch, which could be installed and configured more quickly than waiting for a replacement under warranty.
Power and Uninterruptible Power Supplies (UPS):
Issues: There were two UPSs designed to protect the computer room infrastructure from power fluctuations and failures, however one was faulty, rendering the device useless. It had both a red failure light and was emitting a warning bleep, yet had not been repaired or replaced.
Some equipment, including a critical storage device on which the school was dependent, was plugged directly into a mains socket without any protection from the UPSs.
- Resolution: The failed UPS was replaced and an interface installed to enable the communication between UPSs and servers, enabling servers to safely shut down in the event of an extended power failure.
All devices now plug into the UPSs, so in the event of a power cut, they do not immediately fail. All devices are additionally protected from power surges and spikes, which can damage equipment.
Anti-Virus:
Issues: The school had three times the number of devices that required protecting than were actually being protected, as the majority were unlicensed and exposed to malware risks. These devices included the file servers, which made it possible for malicious software to reside on and be distributed by the servers to staff and/or students.
- Resolution: The school was moved to an improved anti-virus product that benefited from our Anti-Malware Administration service. This ensures configuration changes that protect against undetectable zero-day threats are implemented on all devices within an hour of Vantage IT making the change.
Summary
By using Vantage IT as its outsourced IT department, the school has reduced its costs, greatly improved its network security and enhanced its systems’ reliability. Vantage IT’s integrity has ensured that, instead of spending large amounts on unnecessary equipment and services, only those specifically required for the smooth, secure running of the infrastructure were procured.
We would be delighted to hear from you to discuss how we can work together to improve your school’s IT, so please contact Vantage IT.
CONTACT US ⇒