+ Post New Thread
Results 1 to 9 of 9
MIS Systems Thread, TASC Insight in Technical; I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this ...
  1. #1

    Join Date
    Jul 2008
    Location
    Raunds
    Posts
    14
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0

    TASC Insight

    I understand that TASC Insight needs to be hosted internally on an IIS server. We are considering moving to this in favour of SLG but one thing concerns me: how have users of this product maintained the security of their public facing IIS server? Almost ever other week there is a report of a huge multinational getting hacked, I can't imagine that the resources of a school are up to the task of maintaining web server security...

  2. #2

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    775
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    I don't see how maintaining security of IIS for TASC is any different to maintaining it for use of SLG.
    If you want the services, you have to accept a certain amount of risk. Follow the best practises from M$, keep up to date and patched. Ensure the firewall(s) are configured correctly....

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Well with a sharepoint based solution you would protect it using publishing in TMG.

  4. #4
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    478
    Thank Post
    183
    Thanked 86 Times in 70 Posts
    Rep Power
    52
    Hi we have Insight setup internally on IIS server over SSL and we are a bit lucky as our LEA run penetration testing on all our web services and send us any issues raised to be honest we have secured this ourselves and when they they have run penetration testing on this a few times and it hasn't really showed up any issues. We have also run our own penetration testing as there is some free stuff on the Net you can use and as Vikpaw has mentioned probably isn't any much different from using SLG and as he says keep it patched etc.

    As a side note Insight is reasonably easy to set up with excellent support and very user friendly for parents, students and staff.

  5. #5

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,459
    Thank Post
    408
    Thanked 672 Times in 614 Posts
    Rep Power
    192

    TASC Insight

    What online tools do you use for penetration testing?

  6. #6
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    478
    Thank Post
    183
    Thanked 86 Times in 70 Posts
    Rep Power
    52
    I used N-Stalker and Metasploit just to do a bit of testing but as I said our LEA also do tests on our external facing web services as well.

  7. #7

    Join Date
    Sep 2006
    Location
    Reading
    Posts
    177
    Thank Post
    14
    Thanked 41 Times in 39 Posts
    Rep Power
    23
    We have been running Insight on our own IIS server for over 2 years and this has never cropped up. I have asked our Network manager and he says that most of our protection comes from being behind the SEFGL RM firewalls. And I forgot to add it is https as well.
    Last edited by number34; 11th December 2012 at 10:22 AM. Reason: missed a bit!

  8. #8
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 477 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    We've been running it without SSL for 6 months and no problems at all so far.

    Parents have been asking for an SSL option though. What steps did people do to put that in place?

  9. #9
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    478
    Thank Post
    183
    Thanked 86 Times in 70 Posts
    Rep Power
    52
    If you PM me with some details I can send you a rough guide for SSL as set all our external web services using SSL so have roughly documented this but have just removed some direct references. I had to write up how we were securing the solutions for the LEA but don't know if you would need to do this as well.

  10. Thanks to Steven_Cleaver from:

    zag (12th December 2012)



SHARE:
+ Post New Thread

Similar Threads

  1. [TASC] [Review] TASC Insight Parent Portal
    By zag in forum MIS Systems
    Replies: 53
    Last Post: 8th September 2014, 08:11 PM
  2. [TASC] Need some Insight into Insight
    By CAM in forum MIS Systems
    Replies: 14
    Last Post: 18th September 2012, 07:00 PM
  3. insight - never again
    By Face-Man in forum Bad Experiences
    Replies: 10
    Last Post: 19th February 2008, 11:26 AM
  4. Insight Client Event 2008
    By powdarrmonkey in forum General Chat
    Replies: 3
    Last Post: 14th February 2008, 04:37 PM
  5. insight - never again
    By Face-Man in forum Recommended Suppliers
    Replies: 5
    Last Post: 13th February 2008, 10:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •