+ Post New Thread
Page 5 of 5 FirstFirst 12345
Results 61 to 62 of 62
MIS Systems Thread, Cloud MIS Security in Technical; All the possibilities I've seen mentioned apply to “Local Network” installed MIS Systems as well. If anyone within the school ...
  1. #61

    Join Date
    Jan 2013
    Location
    Bromcom
    Posts
    12
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    All the possibilities I've seen mentioned apply to “Local Network” installed MIS Systems as well. If anyone within the school wants to hack the systems, they can...

    There are many ways to make sure that cloud systems are secure, and systems are protected from attacks. Any certified (ISO/etc…) Data Centres have such securities in place anyway.

    Cloud computing security - Wikipedia, the free encyclopedia

    Also further security should come via MIS systems with user accounts. Like “Windows Accounts” do:

    • Implement a strong password policy
    • Force users to change their passwords in a given frequency (weekly/monthly/etc…)
    • Lock accounts temporarily after a number of unsuccessful login attempts
    • 2-level authentication

  2. #62
    Schoolcomms's Avatar
    Join Date
    Sep 2010
    Location
    United Kingdom
    Posts
    51
    Thank Post
    46
    Thanked 48 Times in 23 Posts
    Rep Power
    16
    Cloud/SaaS Security is a big subject and this can’t be answered fully in a single post, but with respect to:

    How does this work, if the MIS is in the cloud, and all staff are using dual factor? How does the third party or automated system authenticate in a way that's dual factor?

    Two factor authentication applies more for human authentication – it is there to reduce the risk of people disclosing their password either by writing it down, just telling someone, or the original communication of the password being intercepted.

    Typically when two systems communicate (over the internet) they will not use two factor authentication for each individual communication. Two factor authentication will be used once to set up the relationship between the two services and this authentication persists indefinitely. For example:

    System A contains some data, System B wants to access System A to get that data.

    • The owners of System B will ask System A for a Key/Certificate/Password – these are typically very long in comparison to human passwords to prevent brute force attacks and because there is no human data entry constraint.
    • The owners of System A will generate the key and use a some form of two factor authentication to pass that key to the owners of System B (typically encrypt the keyfile, and call the owners of System B with the encryption password)
    • The owners of System A will then use the key to authenticate when using the web services that System B provide to access the data.



    This model assumes that the owners of System A trust that the owners of System B are capable of storing the key securely. Generally this is a moot point – if they don’t trust they can hold the key securely they probably don’t trust them to hold the actual data securely and therefore won’t want to give them access in the first place.

    On top of this key exchange, there may then also be additional credentials required to access specific areas of data within System A. So for example if System A is a cloud MIS which holds data for multiple schools, the cloud MIS provider (or the school) may provide credentials to System B in order for System B to access that particular school’s data. This could be the school SIMS admin creating a username and password which is then provided to System B. The web services that System A provides to System B simply won’t require the second factor in the credentials to grant access (but they are requiring the key instead which has been securely delivered using two factor authentication).

  3. 2 Thanks to Schoolcomms:

    GREED (29th November 2013), vikpaw (29th November 2013)

SHARE:
+ Post New Thread
Page 5 of 5 FirstFirst 12345

Similar Threads

  1. Cloud MIS systems
    By MissyD in forum Cloud Services
    Replies: 5
    Last Post: 4th February 2013, 04:04 PM
  2. SIMs Discover and MIS Cloud questions
    By Qualitypolice999 in forum MIS Systems
    Replies: 10
    Last Post: 26th June 2012, 01:05 PM
  3. Replies: 4
    Last Post: 17th April 2012, 10:07 AM
  4. MIS in the 'cloud'
    By garrysaddington in forum MIS Systems
    Replies: 13
    Last Post: 4th December 2009, 10:12 PM
  5. School security during holidays
    By nawbus in forum General Chat
    Replies: 4
    Last Post: 27th August 2005, 03:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •