Ensure you have the capability
Before embarking on the implementation of a Schools WARP, you need to be sure that you have the technical capability to install or develop the necessary software, and the manpower resources necessary to maintain and operate it. This section looks at what is likely to be required.
Technical
WARPs are not technically difficult, but do require some capability beyond a standard HTML information site. Much of this capability can be obtained through the specialist FWA (Filtered Warnings Application) software which is described elsewhere on this site, while the remainder can be achieved via free open source software.
The necessary environment to run the FWA software is:
- Microsoft Windows Server 2003
- IIS 6 or above
- IIS SMTP Component
- Microsoft .NET Framework 2.0 or above
- Microsoft SQL Server 2005 Express
 Warnings element of the WARP
The key point to the warnings element is that warnings should be filtered; that is, members should receive only those warnings that are relevant to themselves. You have a choice: you can use the exclusive WARP FWA software; or you could develop your own system. The FWA requires either Windows Server 2003 Web Edition and or MS Small Business Server.
You will, of course, also need to develop a procedure for obtaining the source for the warnings you send out. This will be discussed in a later section establish sources.
FWA
The FWA provides a drop down tree structure of user software. Members simply select which software they use, and the system ultimately ensures that they will only receive warnings relevant to that software. The primary advantages of the FWA system are that it:
-
is inexpensive (£100 to the public sector)
-
is supported (optional third party support currently at £90+VAT per month to the public sector)
-
is easy to use
-
is thorough
-
provides peer-to-peer opportunities with other WARPs
-
is easily configured/tailored to your precise requirements (you can add any categories you want, on any relevant subject)
-
provides high degree of automation and integration with the whole WARP concept.
The primary disadvantages are:
Own software
It would be relatively easy to develop your own filtering system using free open source software. For example, one solution could include the basic functionality built around multiple mailing lists. Each user software-type is a different mailing list. Members subscribe to different application warnings by subscribing to different mailing lists. The Operator then despatches warnings via the mailing list relevant to individual warnings. The advantages of this approach are that:
-
there is no reliance on a proprietary software vendor
-
there are no software costs
-
you have full control over the source code.
The primary disadvantages are that it:
-
involves greater development costs (labour rather than software)
-
provides no inherent automation other than what you develop within your own system
-
would require considerable effort to produce a GUI as good as the FWA GUI
-
comes with no third party support
-
any peer-to-peer opportunities with other WARPs need also be developed.
Advice element of the WARP
You need to establish a mechanism for brokering advice. By definition, this requires a mechanism for members to both seek and provide advice. A WARP therefore needs to be interactive. Many sites will already have this capability. Where it is not available, it can be provided via one of the many free and open source 'blogging' applications, or a simple old-fashioned 'bulletin board'. WordPress is one blog application that could be used.
Note that you will need to spend some time deciding how you wish to configure such software. A key aspect of a WARP is that Members must have the option of remaining anonymous to other Members of the WARP. You will also need to decide what access you wish to give your Members - do you want your members to post direct, or do you wish postings to be moderated. Needless to say, if you are going to moderate the system, you will need to spend more time running the WARP.
The advice itself can come from two sources: from the Members discussing issues and sharing information between themselves, and/or from a security professional, possibly you, within the organization.
Reporting Point element of the WARP
The reporting element of the WARP can be provided via the same software as that used for the advice element; or it could be done via a simple web form. In the former case, incident reports are immediately available to other members. In the latter, you will either need to develop a system to post the reports to the site, or do it manually. Reporting incidents (or problems) can be done anonymously with the help of the operator who can sanitise the report and distribute it to other members without embarrassment. It can of course be done informally via telephone or email (and usually is).The incident reports become an important early warning system for your own WARP. By making them available to other WARPs they become a nationwide early warning system. A standard reporting form is available from the WARP Toolbox in the Trusted sharing section.
Manpower
The manpower required to operate a WARP falls into just two areas: installation/configuration (one time); and maintenance and operation (continuing).
-
Installation . The cost of installation will depend on whether you choose to use the FWA software or develop your own, and how much new software you need to develop or configure. You should be able to establish this beforehand.
-
Maintenance/operation . Here the time required falls into two categories: performing any required maintenance on the systems in order to keep them operational, and operating the filtered warnings system.
-
Maintenance . This is likely to be minimal to negligible.
-
Operation . If you are developing an 'interventionist' WARP (that is, one that includes substantial Operator moderation), then the manpower and technical ability required will depend upon the degree of intervention you operate. However, the greatest time requirement will be in operating the filtered warnings system: this is both labour- and to some extent knowledge-intensive.
Operating the filtered warnings element
At this point you are merely seeking to confirm that you have both the manpower and knowledge to run a filtered warnings system. The practicality of sourcing the warnings is discussed in a later section establish sources.
-
Knowledge . A degree of security knowledge is important in order to be able to recognize what is relevant or important, and what is not. The purpose of a WARP is to provide early warnings where they are relevant to your members - not to overload them with unnecessary information. You need the knowledge and wisdom to know the difference.
-
Manpower . The most manually intensive element of operating a WARP is examining the warnings received; determining their relevance to your Members, transcribing the pertinent points to your warning mails, and despatching them to your members. This is largely automated within the FWA software, but it will always involve some manual intervention.
Operating the advice element
Once you have established the advice element of your WARP, the time taken in operating it is largely up to you. If you decide to be interventionist and moderate all entries, then the time involved will depend upon how active your WARP becomes. It is worth mentioning that the more you intervene (that is, by not allowing the publication of advice sought or given until after you have checked/moderated it), the less spontaneous and the less active will your members likely be - so there is an argument for saying that the best WARPs require the least effort.
At the same time, there will be those occasions when you need to intervene: if, for example, you consider some advice is wrong (healthy discussion is always a good thing); or simply to prevent inertia among the Members.
Operating the reporting point element
The reporting element of a WARP is the least well developed. As WARPs start to proliferate through the public and private sectors of industry, then a formal procedure for sharing incidents with other WARPs and other CERTs will be developed. For the moment, there is little requirement beyond establishing a methodology for your members to report any incidents (anonymously) - although an official WARP incident reporting form guide can be found in the Trusted sharing section of the WARP Toolbox.
It is difficult to quantify the time you will need to spend operating your WARP, since it is simply the proverbial length of string dependent upon how much time you wish to spend. In reality, after implementation and configuration, and understanding your community and the information they are interested in, it is unlikely to require more than one hour per day.
Members
The final thing you need before deciding to proceed with establishing a WARP is the members. There is no point in going any further if you are not going to have members joining the WARP. So once you understand what is required in operating a WARP, and what benefits it will provide to its members, then you should approach your colleagues in other schools. You do not need many members to make a valid and useful WARP - three or four could be enough to start. Once you have an operational WARP, and can demonstrate rather than just explain the benefits, other schools and colleagues will undoubtedly join.
Now that you have checked to ensure you have the capability, the next stage is to get your Senior Mangement Team on board.
Back to top
|
