SECURING e-LEARNING SYSTEMSBy : GREEN (Arvind, Bhavya Geethika, Rohit Sane, Sujay Pawar)

Security Problems in e-learning system Unauthorized accessHacking/CrackingObtaining sensitive informationAltering data & configurationEnabling academic misconduct incidentsInsider IS misuse/cyber threats

Knowledgeville universityBegan using e-learning from 2001-022002-03 : 84 courses using e-learning120 faculty members using 42 courses

There are four basic security requirements to which all real-world(composite) requirements can be traced:Secrecy:Users may obtain access only to those objects for which they have received authorization. They are not granted access to information they must not see.Integrity:Only authorized users or processes are permitted to modify data (or programs).Availability:Availability is a requirement that is often neglected when thinking about security. However, productivity of users decreases dramatically if network-based applications are not available or too slow because of denial-of-service attacks. If, for example, a web-based e-learning system is slow, users do not only requiremoretime to do their work, but they also become frustrated, increasing the negative effect on productivity.Non-Repudiation:Users are unable to (plausibly) deny having carried out operations. For instance, whenever grades of students are changed, it must be possible to reliably trace who has performed the modification.Security Risk AnalysisAs previously mentioned, a risk analysis needs to be part of each project. It will cover all risks that are relevant to a project including also non-security risks. Typical non-security risks are uncertainties concerning the budget or personnel planning. To systematically analyze security risks, it is essential that a security risk analysis is performed.

What are the different action plans Ms. Maya can propose.During the cyber attack 84 online courses lost and the backups of the data was found

These were done three weeks before the cyber attack so three weeks worth of academic work was lost.

What actions? Short term and long termShort term: Documentation of all student activities for the next two weeks during the security assessment.Contact course tutors, professors, and student assistants to fill missing gap in data for three week unrecoverable period.Students involved the courses can also be contacted to construct the missing three week data.

2. BACK UP TECHNIQUES using PEER to PEER model. Distribute load to a node Function of entire system does not stop even if some node breaks down.

Get the online e-learning system back live using Back tapes to restore the e-learning software on the server.Reinstall e-learning system software on serverRestore software user data using back up tapesRecover student information for e-learning courses from university information system.

KU will have to hire a new network administrator to support the systemReset network server access username and passwords.Set up a server firewall mechanism

Set up virus scan or net shield on server Install un-interrupted power supply or ups system on server

Back up Recovery Proposed e-learning : P2P architectureEvery users computer is a node that is part of the proposed system.Receives some number of contents from another node which joins the system and has responsibility to send content to requesting nodes.Each exercise or e-learning activity is not just data but also an agent which has functions(e.G : Scoring users).In the proposed system since exercises and functions are distributed among all nodes the loads are balanced and not concentrated on one node.

It is more robust as if a node failure occurs the entire system continues service but the exercises and e-learning of that node are lost and cannot be studied by anyone.

SOLUTION : Backups of agents are distributed to the nodesWhen a node failure occurs another node continues service using backups of the agents belonging to the failure node.

Maintain back up of all nodes in decentralized manner To achieve this goal one of the neighbor nodes of each nodes takes its backup.A back up of a node consists of zone information and the categories & exercises in the zone.A neighbor node that has the minimum number of agents is selected for a back up node to balance the load of the system.

Recovery from a failure:Each node executes update (A) periodically.The absence of the message update(A) signals failure to the neighbor node.If a back up node B detects the failure of its original A the following steps are performed : Node B generates a temporary node from the back up of ANode As zone is formally handed over to one of the neighbor nodes.

We have developed a backup and recovery mechanism for our distributed e-Learning system.

With this mechanism, when a node failure occurs, another node continues service using backups of the agents belonged to the failure node

WILL KU reorganize the IT departmentWill KU president Dr. Lopez be able to reorganize the IT department?Yes it is imperative with more expert level.What policies and procedural changes will KUs IT department need to undertake as a result of this incident?Monitoring operating system commands Audit trains in which logs of system activities are reviewedTesting for known backdoor passwordsChecking log files and reviewing etcCERT.org standardsWill this incident impact other KUs departments?As this is on a separate server it will NOT have an impact. However all the departments associated with this server will have a serious impact.Should KU file charges and conduct legal actions against the former employee who conducted these acts?Security Breaches are very serious and hence a legal action must be taken.