+ Post New Thread
Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 62
MIS Systems Thread, Cloud MIS Security in Technical; I was thinking more about the situation when the MIS is in the cloud. So going back to my original ...
  1. #46

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,844
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    I was thinking more about the situation when the MIS is in the cloud. So going back to my original post, would your solution work if you were using SkySIMS ? Would you even have the access to set it all up?

  2. #47

    Join Date
    Mar 2009
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    When connecting a third party, we lock down the integration by IP address and sometime client cert authentication as well as a username and password. I think the real security issue is users keeping their password secure. There was a recent case when one MIS supplier left a default username and password set up on their system, it was the same credentials for every school that wasn't a cloud based system. Also recently I was in a school and the secretary had her password written on a postit note attached to the screen, when I asked her about it, she complained that she was forced to make up a really long username with numbers, letters, different cases and funny characters and couldn't remember it.

  3. #48

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,304
    Thank Post
    34
    Thanked 347 Times in 234 Posts
    Rep Power
    77
    I think IP addresses can be spoofed so aren't safe.

  4. #49

    Join Date
    Mar 2009
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by PhilNeal View Post
    I think IP addresses can be spoofed so aren't safe.
    Yea thats a good point, I wouldn't suggest using it by itself. It reinforces the point that any system is only as strong as its weakest point.

  5. #50
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    459
    Thank Post
    171
    Thanked 82 Times in 66 Posts
    Rep Power
    50
    Quote Originally Posted by vikpaw View Post
    I was thinking more about the situation when the MIS is in the cloud. So going back to my original post, would your solution work if you were using SkySIMS ? Would you even have the access to set it all up?
    Part of the reason I said mine was a different tack so instead of Cloud based hosted internally and all third party communication, authentication is done internally also easy to link into your AD, easier to manage, more control. Sort of taking the point that we shouldn't only be talking about Cloud base systems and DFA but also any internally based MIS systems that we are allowing access to over the web.

    You could in theory use it on a cloud base system where these weren't just one big database and each organistion had their own virtual server or physical server to host organisations MIS but would need second seperate server or VM to hold the solution and would probably use MIS username and Password and encrypted key to Authenticate but you would have the issue of how you deal with remote third partys and external automated systems in theory anything internally should be ok.

  6. #51

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,844
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    That's basically the scenario we're looking at, where there are systems held external to the MIS, and the MIS is in the cloud.
    I like the Google Authenticator method, because, the initial setup key can be complex and provided via a QR code, and then the username and password doesn't have to be horrendously difficult, "just complex enough" ( ) that they can remember it without writing it down.
    Last edited by vikpaw; 20th February 2013 at 08:10 AM.

  7. #52

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,938
    Thank Post
    361
    Thanked 354 Times in 290 Posts
    Blog Entries
    8
    Rep Power
    172
    I gotta say I am up there with @PhilNeal I am out of my depth currently but have learnt a lot just from reading all of these replies. Our dev team is working on a project with DFA right now for a customer, and this customer couldn't be more concerned about security... lets leave that one there. So will be interesting to see how that pans out later this year.

    We are also working with DFA that is not part of the MIS, as I have said, and sits at a separate layer of security...

  8. #53
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    459
    Thank Post
    171
    Thanked 82 Times in 66 Posts
    Rep Power
    50
    Quote Originally Posted by vikpaw View Post
    That's basically the scenario we're looking at, where there are systems held external to the MIS, and the MIS is in the cloud.
    I like the Google Authenticator method, because, the initial setup key can be complex and provided via a QR code, and then the username and password doesn't have to be horrendously difficult, "just complex enough" () that they can remember it without writing it down.
    Same want to make the DFA as simple for the user as possible one so it isn't a barrier for them using it and accessing the system and two so as you say it isn't something difficult that they have to write down. Still not fully convinced about only fully Cloud based MIS solutions for various reasons but best not raised here on this thread as this has been discussed many times and their are pro's and Con's for both.

    Another reason we have done Dual Factor Authentication the way we have is we also have our Finance systems hosted internally which is not part of our MIS system and use the same method to secure DFA for this so in essence use the same method to DFA to multiple systems externally @PhilNeal and @GREED really glad MIS providers are looking at implementing DFA into their systems.

  9. #54

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,844
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    @GREED with Aspen's integration with Google , implementing with the Google Authenticator might make sense. Should be easy enough to add the table and offer it to those who want it.
    I'd log a CR for SIMS I enough people are willing to support it.

  10. Thanks to vikpaw from:

    Steven_Cleaver (18th February 2013)

  11. #55
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    459
    Thank Post
    171
    Thanked 82 Times in 66 Posts
    Rep Power
    50
    Had a vague understanding of how Google Authenticator works, but have had a bit more of a look and looks very interesting, cheers Vikpaw.

  12. #56

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,304
    Thank Post
    34
    Thanked 347 Times in 234 Posts
    Rep Power
    77
    I can confirm that we have found a way of forcing a disconnection to Google Authenicator but I'm told that its far being well documented.

  13. #57

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,844
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    That's strange as I tht it was just a mechanism to authenticate you then pass you on to another service / process. I don't see how the authenticator is holding on to the user. However, google websites themselves do like to hang on to you and all your data, history, actions etc. so there could well be some odd functionality!

  14. #58

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,304
    Thank Post
    34
    Thanked 347 Times in 234 Posts
    Rep Power
    77
    That was our architect's view too!

  15. #59

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,844
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    So SIMS will be ported to Android shortly then ...

  16. #60

    Join Date
    Jun 2010
    Posts
    47
    Thank Post
    0
    Thanked 27 Times in 14 Posts
    Rep Power
    13
    Quote Originally Posted by vikpaw View Post
    That's strange as I tht it was just a mechanism to authenticate you then pass you on to another service / process. I don't see how the authenticator is holding on to the user. However, google websites themselves do like to hang on to you and all your data, history, actions etc. so there could well be some odd functionality!
    I suspect its doing Federated Authentication - essentially it issues your browser with a Cookie of a specific, given name, and services which comply with their FA will look at for that specific cookie on each call to their web services/web page. The consuming service or application then "accepts" the cookie as being a guarantor of the users identity. A problem if you turn off cookies of course. This is how most browser based SSO systems work, although Microsoft Windows based applications will tend to use the Windows Authentication system which isn't "federated" but "centralised".

  17. Thanks to PhillipHamlyn from:

    vikpaw (20th February 2013)

SHARE:
+ Post New Thread
Page 4 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Cloud MIS systems
    By MissyD in forum Cloud Services
    Replies: 5
    Last Post: 4th February 2013, 04:04 PM
  2. SIMs Discover and MIS Cloud questions
    By Qualitypolice999 in forum MIS Systems
    Replies: 10
    Last Post: 26th June 2012, 01:05 PM
  3. Replies: 4
    Last Post: 17th April 2012, 10:07 AM
  4. MIS in the 'cloud'
    By garrysaddington in forum MIS Systems
    Replies: 13
    Last Post: 4th December 2009, 10:12 PM
  5. School security during holidays
    By nawbus in forum General Chat
    Replies: 4
    Last Post: 27th August 2005, 03:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •