Advice for the K12 Tech Guy?

small fish asks: "I am a newly dubbed 'Technology Coordinator' for a K-12 school district. Things here technology-wise are not well. People here are ignorant technology-wise--which is fine, as being tech-savvy is my job. However, they do not seem to trust my judgment on anything except changing printer cartridges. I'm being measured against a former teacher who filled the role for a while and was VERY comfortable with using Microsoft products. Are there any other Slashdot readers out there in similar straits? If so, what advice do you have for me?" "For starters, there is no firewall, all IPs are exposed to the public, they are relying on Windows NT 4 boxes to sustain operations, and they seem to love their Exchange for doing email and address books, although I have only one user who migrates between two different computers. The Exchange server died due to a spam overload and will not restart, so I set up a BSD box for handling mail and DNS. To make things worse, there is no real disaster recovery here and virtually no backup power. As I type my carpets are still wet from last night's rains that poured through the machine room wall - and this happens every time it downpours I'm told.

My coworkers do not want anything to do with Macintosh computers, they have never heard of Firefox, and Unix was a strange foreign word I had to explain to some before I gave up entirely. What tips do you have for surviving (even thriving) in this type of environment?"

Repetition, licenses, risks

[dreamer-of-rules]

My workplace has a dozen people, very little turnover, and *must* use Windows because of a Windows-only primary application. However, security is very important in our industry. I hammered at them for weeks that IE and Outlook were the hackers primary targets, and had countless holes in them. The transition to Firefox went fairly smoothly-- I told them to use it for everything expect business-critical sites that required IE. I set up Adblock on Firefox and weeded out ads from the common sites.

Every week I send out a list of new security holes, and the impact. If it's an IE 0wn-u bug, I warn them not to open IE until the patch comes out. Every week, even if there are no new bugs, I warn them not to use IE, because there are still unpatched vulnerabilities.

I point out other businesses in our industry which have made the 5 o'clock news because they were hacked. And remind them not to open attachments or use IE, everytime. Or we could be next.

After a few months, everybody is using Firefox all the time, and they don't think anything of it. They do not open email attachments, they install patches when I ask them (I check).

---
Go to each computer and clean each one for viruses, spyware, bad cookies. Log the results. Post the results, but don't use names. You are not trying to embarrass anyone, just trying to show them how their systems have been obeying some other masters. Tear down their SEP fields. Discredit the "don't ask, don't tell" security policy. ("If I don't know my system is hacked, then it doesn't affect me.")

Put in a firewall. Log everything. Open up every legitimate outgoing port, for AIM, Folding@Home, whatever. Show them the attacks.

Show them logs from trojans phoning home. Chances are nobody is running a legitimate chat server, or is doing ftp or heavy traffic late at night.

Get them to *pay* for their software. (This may be the hardest.) As long as they are stealing software, Windows is an obvious, though short-sighted win. But when you point out the increase in piracy lawsuits, and get them to use only legal software, $3000 for Exchange (Exchange/CALS/OS) seems pretty pricy.

Switch out a couple systems (from volunteers) for Macs. They can coexist. I use my Powerbook 50% of the time at work.

Insist on installing OpenOffice on all systems, but that either MS or OO can be used. Insist that all Microsoft Office software be paid for. Ask them for reports or forms in PDF format, then act astounded that MS Office can't handle such a simple task. Insist that all software be paid for. Include 0wned bugs for Office in your weekly report. Mention at the cooler that the only viruses that exist on the Mac are Microsoft Office viruses. Point out new vulnerabilities found in Office apps, and what they allow into their systems.

Insist that all software be legit. Not pirated. After all, it's a lawsuit-happy world out there, and Microsoft is getting more willing to go after those pirates.

Expect the whole process to take a full year.

* Hammer home the security risks. Don't let them hide behind their lack of knowledge.

* Firewall-- first thing. Close off everything they don't use. Then tighten the worst holes.

* Firefox-- second thing. Your spyware scans should back you up. Mandatory install on every system, and lock down the settings in IE (using group policies on xp/2k workstations) every time you touch someone's system.

* Use the MSBA to scan all the systems weekly. It fairly automatic, but you get to see who's refusing to keep up with patches.

* Mandatory OpenOffice install, but optional to use. Request PDFs for the school website and forms.

* Hammer home the piracy idea. Lawsuits. Lawsuits. Lawsuits. Bad publicity. They are sending a message of lawlessness to the students.