MIS Systems Thread, TASC Insight in Technical; I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this ...
7th December 2012, 02:06 PM #1
- Rep Power
I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this in favour of SLG but one thing concerns me: how have users of this product maintained the security of their public facing IIS server? Almost ever other week there is a report of a huge multinational getting hacked, I can't imagine that the resources of a school are up to the task of maintaining web server security...
8th December 2012, 06:29 AM #2
I don't see how maintaining security of IIS for TASC is any different to maintaining it for use of SLG.
If you want the services, you have to accept a certain amount of risk. Follow the best practises from M$, keep up to date and patched. Ensure the firewall(s) are configured correctly....
8th December 2012, 09:45 AM #3
Well with a sharepoint based solution you would protect it using publishing in TMG.
8th December 2012, 10:56 AM #4
Hi we have Insight setup internally on IIS server over SSL and we are a bit lucky as our LEA run penetration testing on all our web services and send us any issues raised to be honest we have secured this ourselves and when they they have run penetration testing on this a few times and it hasn't really showed up any issues. We have also run our own penetration testing as there is some free stuff on the Net you can use and as Vikpaw has mentioned probably isn't any much different from using SLG and as he says keep it patched etc.
As a side note Insight is reasonably easy to set up with excellent support and very user friendly for parents, students and staff.
9th December 2012, 05:53 PM #5
What online tools do you use for penetration testing?
10th December 2012, 08:51 PM #6
I used N-Stalker and Metasploit just to do a bit of testing but as I said our LEA also do tests on our external facing web services as well.
11th December 2012, 08:41 AM #7
We have been running Insight on our own IIS server for over 2 years and this has never cropped up. I have asked our Network manager and he says that most of our protection comes from being behind the SEFGL RM firewalls. And I forgot to add it is https as well.
Last edited by number34; 11th December 2012 at 09:22 AM.
Reason: missed a bit!
11th December 2012, 09:07 AM #8
We've been running it without SSL for 6 months and no problems at all so far.
Parents have been asking for an SSL option though. What steps did people do to put that in place?
11th December 2012, 11:56 PM #9
If you PM me with some details I can send you a rough guide for SSL as set all our external web services using SSL so have roughly documented this but have just removed some direct references. I had to write up how we were securing the solutions for the LEA but don't know if you would need to do this as well.
Thanks to Steven_Cleaver from:
By zag in forum MIS Systems
Last Post: 29th November 2013, 10:15 AM
By CAM in forum MIS Systems
Last Post: 18th September 2012, 06:00 PM
By Face-Man in forum Bad Experiences
Last Post: 19th February 2008, 10:26 AM
By powdarrmonkey in forum General Chat
Last Post: 14th February 2008, 03:37 PM
By Face-Man in forum Recommended Suppliers
Last Post: 13th February 2008, 09:24 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)