School CVI - What We Did

Published Mon 4 Feb 2019 4:30 pm

Categories: security

Tags: cvi

Read Time: 2 minutes

This week we continued our Cyber Vulnerability Investigation (CVI) into our school. Our CVI would consist of finding security holes in the school and notifying the IT department on how to fix these security holes.

Starter Activity

Before we started off with a challenge to find the height of a plane which was found on Google Maps:

Google Maps Plane

We were given the altitude of the plane and we had to try and work out the height of the satellite that took the image using trigonometry and Pythagoras’ theorem. We were able to find the length of the plane by searching for the plane’s model (which was a Bowing 747) and taking some measurements on the actual map.

CVI

After that quick activity, we moved onto doing some research for our CVI. We were split up into 2 groups, one group was in charge of researching the school’s network and the other group was researching prominent members of staff.

Unfortunately, we can’t go into much detail on what we found as we want to responsibly disclose our findings to our school’s IT department.

Network

To find out about the network we began by talking to the IT department itself and asking about the structure and security of the network.

We ended up finding out that it was structured as an extended star topology:

Extended Star Topology

The workstations or other devices (teal dots) connect to switches (blue dots) via ethernet cables. These switches sometimes go through further switches to a server (yellow dot).

We also managed to find out that devices on the network are split up into VLANs (Virtual Local Area Networks) which are essentially a way of setting permissions on a network. Our schools network has separate VLANs for the Guest Wi-Fi, the computers and the phones. The phones are given a VLAN that has a high QoS which means that that traffic has higher priority when travelling through the network. The Guest Wi-Fi is heavily restricted and can only access the outside internet whereas the computers can network with each other and the storage servers.

People

This week we also did some research into people who have lots of ‘power’ in the school such as the headteacher, network admins, etc… and using this information we were able to make a ‘social diagram’ similar to the one below which shows relationships between people.

Social Diagram