I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this in favour of SLG but one thing concerns me: how have users of this product maintained the security of their public facing IIS server? Almost ever other week there is a report of a huge multinational getting hacked, I can't imagine that the resources of a school are up to the task of maintaining web server security...
I don't see how maintaining security of IIS for TASC is any different to maintaining it for use of SLG.
If you want the services, you have to accept a certain amount of risk. Follow the best practises from M$, keep up to date and patched. Ensure the firewall(s) are configured correctly....
Well with a sharepoint based solution you would protect it using publishing in TMG.
Hi we have Insight setup internally on IIS server over SSL and we are a bit lucky as our LEA run penetration testing on all our web services and send us any issues raised to be honest we have secured this ourselves and when they they have run penetration testing on this a few times and it hasn't really showed up any issues. We have also run our own penetration testing as there is some free stuff on the Net you can use and as Vikpaw has mentioned probably isn't any much different from using SLG and as he says keep it patched etc.
As a side note Insight is reasonably easy to set up with excellent support and very user friendly for parents, students and staff.
What online tools do you use for penetration testing?
I used N-Stalker and Metasploit just to do a bit of testing but as I said our LEA also do tests on our external facing web services as well.
We have been running Insight on our own IIS server for over 2 years and this has never cropped up. I have asked our Network manager and he says that most of our protection comes from being behind the SEFGL RM firewalls. And I forgot to add it is https as well.
Last edited by number34; 11th December 2012 at 09:22 AM. Reason: missed a bit!
We've been running it without SSL for 6 months and no problems at all so far.
Parents have been asking for an SSL option though. What steps did people do to put that in place?
If you PM me with some details I can send you a rough guide for SSL as set all our external web services using SSL so have roughly documented this but have just removed some direct references. I had to write up how we were securing the solutions for the LEA but don't know if you would need to do this as well.
zag (12th December 2012)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks