The Summer Priorities 2025 presentation provides a comprehensive, task‑driven roadmap for strengthening district and organizational IT environments during the summer maintenance window. The guidance spans cybersecurity hardening, infrastructure maintenance, disaster recovery preparation, and operational cleanup. The document emphasizes that summer is the ideal time to implement changes that reduce risk, improve reliability, and prepare systems for the coming school year.
A major focus of the presentation is cybersecurity hygiene. It highlights essential actions such as changing default passwords, enforcing password complexity or passphrases, implementing MFA across all critical systems, and replacing default SNMP strings. It also calls for enabling Active Directory auditing and advanced auditing on domain controllers, increasing Event Viewer log sizes, and retiring outdated operating systems—including Windows Server 2012 R2 and Windows 10—due to end‑of‑life security concerns.
The presentation stresses the importance of patch management, covering both Windows and third‑party software, and auditing antivirus/EDR platforms to ensure full coverage, updated signatures, scheduled scans, and centralized management. It also instructs teams to retire “zombie servers” and ensure no deprecated systems remain connected to production networks.
Significant attention is given to power, UPS, and environmental readiness. This includes UPS self‑testing, calibration, NIC‑based monitoring, battery lifespan awareness, managing wiring‑closet temperatures, and ensuring generators are maintained and tested monthly. The document explains how overheating and electrical limitations in wiring closets create hidden operational risks.
IT administrators are urged to audit backups, perform test restores, verify encryption, ensure air‑gapped copies exist, and maintain the backup server as a hardened, standalone platform completely independent from Active Directory. Additional account‑related recommendations include removing unnecessary local and domain admin access, delegating roles appropriately, and implementing Microsoft LAPS to prevent pass‑the‑hash attacks.
Network security improvements include eliminating SMBv1 and NTLM, hardening endpoints (LLMNR, NBT‑NS, Windows Firewall), isolating vendors into VLANs, placing all internet‑facing resources in a DMZ, and modernizing DNS practices such as enabling scavenging, implementing public DNS servers, and forwarding to OpenDNS.
The presentation also outlines broader infrastructure initiatives such as improving data closets (cooling, electrical load, equipment aging), auditing VPN access, upgrading directory synchronization components (e.g., Azure AD Connect), strengthening email protection, and validating security systems including firewalls, IDS/IPS, wireless security, and physical access controls. The document concludes by encouraging districts to adopt Cisco ISE and 802.1X to prevent rogue device access and bolster network segmentation.
You can watch the presentation here.
You must be logged in to post a comment.