Você está na página 1de 14

SECURING e-LEARNING SYSTEMS

By : GREEN (Arvind, Bhavya Geethika, Rohit Sane, Sujay Pawar)

Security Problems in e-learning


system

Unauthorized access
Hacking/Cracking
Obtaining sensitive information
Altering data & configuration
Enabling academic misconduct incidents
Insider IS misuse/cyber threats

Knowledgeville university
Began using e-learning from 2001-02
2002-03 : 84 courses using e-learning
120 faculty members using 42 courses

There are four basic security requirements to which all real-world(composite) requirements can
be traced:
Secrecy: Users may obtain access only to those objects for which they have received
authorization. They are not granted access to information they must not see.
Integrity:Only authorized users or processes are permitted to modify data (or programs).
Availability:Availability is a requirement that is often neglected when thinking about security.
However, productivity of users decreases dramatically if network-based applications are not
available or too slow because of denial-of-service attacks. If, for example, a web-based elearning system is slow, users do not only require more time to do their work, but they also
become frustrated, increasing the negative effect on productivity.
Non-Repudiation:Users are unable to (plausibly) deny having carried out operations. For
instance, whenever grades of students are changed, it must be possible to reliably trace who has
performed the modification.
Security Risk Analysis
As previously mentioned, a risk analysis needs to be part of each project. It will cover all risks
that are relevant to a project including also non-security risks. Typical non-security risks are
uncertainties concerning the budget or personnel planning. To systematically analyze security
risks, it is essential that a security risk analysis is performed.

What are the different action


plans Ms. Maya can propose.
During the cyber attack 84 online courses
lost and the backups of the data was
found
These were done three weeks before the
cyber attack so three weeks worth of
academic work was lost.

What actions? Short term and


long term

Short term:
1. Documentation of all student activities for the next two weeks during
the security assessment.
Contact course tutors, professors, and student assistants to fill missing
gap in data for three week unrecoverable period.
Students involved the courses can also be contacted to construct the
missing three week data.
2. BACK UP TECHNIQUES using PEER to PEER model.
Distribute load to a node
Function of entire system does not stop even if some node breaks
down.

Get the online e-learning system back live using Back


tapes to restore the e-learning software on the server.

Reinstall e-learning system software on server


Restore software user data using back up tapes
Recover student information for e-learning courses from university
information system.

KU will have to hire a new network administrator to


support the system
Reset network server access username and passwords.
Set up a server firewall mechanism
Set up virus scan or net shield on server
Install un-interrupted power supply or ups system on server

Back up Recovery Proposed elearning : P2P architecture


Every users computer is a node
that is part of the proposed
system.
Receives some number of
contents from another node
which joins the system and has
responsibility to send content to
requesting nodes.
Each exercise or e-learning
activity is not just data but also
an agent which has
functions(e.G : Scoring users).
In the proposed system since
exercises and functions are
distributed among all nodes the
loads are balanced and not
concentrated on one node.

It is more robust as if a node failure occurs the


entire system continues service but the exercises
and e-learning of that node are lost and cannot be
studied by anyone.
SOLUTION : Backups of agents are distributed to
the nodes
When a node failure occurs another node
continues service using backups of the agents
belonging to the failure node.

Maintain back up of all nodes in decentralized


manner
To achieve this goal one of the neighbor nodes
of each nodes takes its backup.
A back up of a node consists of zone information
and the categories & exercises in the zone.
A neighbor node that has the minimum number
of agents is selected for a back up node to
balance the load of the system.

Recovery from a failure:

Each node executes update (A) periodically.


The absence of the message update(A)
signals failure to the neighbor node.
If a back up node B detects the failure of its
original A the following steps are performed :
1.Node B generates a temporary node from the
back up of A
2.Node As zone is formally handed over to one
of the neighbor nodes.

We have developed a backup and recovery


mechanism for our distributed e-Learning
system.
With this mechanism, when a node failure
occurs, another node continues service
using backups of the agents belonged to the
failure node

WILL KU reorganize the IT department


Will KU president Dr. Lopez be able to reorganize the IT department?
Yes it is imperative with more expert level.
What policies and procedural changes will KUs IT department need to
undertake as a result of this incident?
Monitoring operating system commands
Audit trains in which logs of system activities are reviewed
Testing for known backdoor passwords
Checking log files and reviewing etc
CERT.org standards

Will this incident impact other KUs departments?


As this is on a separate server it will NOT have an impact. However all the
departments associated with this server will have a serious impact.
Should KU file charges and conduct legal actions against the former
employee who conducted these acts?
Security Breaches are very serious and hence a legal action must be taken.

Você também pode gostar