+ Post New Thread
Results 1 to 9 of 9
MIS Systems Thread, TASC Insight in Technical; I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this ...
  1. #1

    Join Date
    Jul 2008
    Location
    Raunds
    Posts
    12
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0

    TASC Insight

    I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this in favour of SLG but one thing concerns me: how have users of this product maintained the security of their public facing IIS server? Almost ever other week there is a report of a huge multinational getting hacked, I can't imagine that the resources of a school are up to the task of maintaining web server security...

  2. #2

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,787
    Thank Post
    716
    Thanked 1,441 Times in 1,194 Posts
    Rep Power
    360
    I don't see how maintaining security of IIS for TASC is any different to maintaining it for use of SLG.
    If you want the services, you have to accept a certain amount of risk. Follow the best practises from M$, keep up to date and patched. Ensure the firewall(s) are configured correctly....

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    Well with a sharepoint based solution you would protect it using publishing in TMG.

  4. #4
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    471
    Thank Post
    179
    Thanked 85 Times in 69 Posts
    Rep Power
    50
    Hi we have Insight setup internally on IIS server over SSL and we are a bit lucky as our LEA run penetration testing on all our web services and send us any issues raised to be honest we have secured this ourselves and when they they have run penetration testing on this a few times and it hasn't really showed up any issues. We have also run our own penetration testing as there is some free stuff on the Net you can use and as Vikpaw has mentioned probably isn't any much different from using SLG and as he says keep it patched etc.

    As a side note Insight is reasonably easy to set up with excellent support and very user friendly for parents, students and staff.

  5. #5

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,250
    Thank Post
    404
    Thanked 630 Times in 575 Posts
    Rep Power
    185

    TASC Insight

    What online tools do you use for penetration testing?

  6. #6
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    471
    Thank Post
    179
    Thanked 85 Times in 69 Posts
    Rep Power
    50
    I used N-Stalker and Metasploit just to do a bit of testing but as I said our LEA also do tests on our external facing web services as well.

  7. #7

    Join Date
    Sep 2006
    Location
    Reading
    Posts
    177
    Thank Post
    14
    Thanked 41 Times in 39 Posts
    Rep Power
    23
    We have been running Insight on our own IIS server for over 2 years and this has never cropped up. I have asked our Network manager and he says that most of our protection comes from being behind the SEFGL RM firewalls. And I forgot to add it is https as well.
    Last edited by number34; 11th December 2012 at 09:22 AM. Reason: missed a bit!

  8. #8
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,909
    Thank Post
    954
    Thanked 451 Times in 380 Posts
    Blog Entries
    12
    Rep Power
    93
    We've been running it without SSL for 6 months and no problems at all so far.

    Parents have been asking for an SSL option though. What steps did people do to put that in place?

  9. #9
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    471
    Thank Post
    179
    Thanked 85 Times in 69 Posts
    Rep Power
    50
    If you PM me with some details I can send you a rough guide for SSL as set all our external web services using SSL so have roughly documented this but have just removed some direct references. I had to write up how we were securing the solutions for the LEA but don't know if you would need to do this as well.

  10. Thanks to Steven_Cleaver from:

    zag (12th December 2012)

SHARE:
+ Post New Thread

Similar Threads

  1. [TASC] [Review] TASC Insight Parent Portal
    By zag in forum MIS Systems
    Replies: 53
    Last Post: 8th September 2014, 07:11 PM
  2. [TASC] Need some Insight into Insight
    By CAM in forum MIS Systems
    Replies: 14
    Last Post: 18th September 2012, 06:00 PM
  3. insight - never again
    By Face-Man in forum Bad Experiences
    Replies: 10
    Last Post: 19th February 2008, 10:26 AM
  4. Insight Client Event 2008
    By powdarrmonkey in forum General Chat
    Replies: 3
    Last Post: 14th February 2008, 03:37 PM
  5. insight - never again
    By Face-Man in forum Recommended Suppliers
    Replies: 5
    Last Post: 13th February 2008, 09:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •