MIS Systems Thread, E-Portal and SSL in Technical; Does anyone else publish e-portal out across the internet? One of the things stopping us doing so at the moment ...
22nd January 2008, 03:28 PM #1
- Rep Power
E-Portal and SSL
Does anyone else publish e-portal out across the internet? One of the things stopping us doing so at the moment is that the sessions appear to be unencrypted which is OK on our internal network but we think this is an issue if we were to allow access to it by parents across the internet. We were thinking of publishing it and setting up our ISA server to dole out a certificate and only handle https requests (e.g. https://eportal.ourcollege.net) from external clients but keeping the internal side unencrypted :-
home user <----https----> ISA <---http----> SQL-SERVER
Does anyone else do this or are there any other methods that people know of to make this activity safe.
22nd January 2008, 09:46 PM #2
- Rep Power
Yes we are using HTTPS externally (only installed today!!). We do need to get a digital certificate (IE7 currently give nasty red message).
Given the recent data loses, having pupils name, address, age, and picture over the internet unencrypted is asking for problems.
I do not know if you have read the recent BBC news item -Teachers 'put pupil data at risk' (http://news.bbc.co.uk/1/hi/education/7171740.stm).
Perhaps the journalist would like to do a follow up article, giving some schools publicity they will not like!!
26th January 2008, 12:17 AM #3
- Rep Power
We have done this, for staff use only.
We had to change ePortal to use IIS instead of the Tomcat web server (Serco Learning can supply instructions for this) , buy a digital certificate from Verisign and open port 443 on our router. It all went reasonably smoothly. We set up a web page with the school logo and the Verisign logo which Internet users see before they get to ePortal . This gained some brownie points from the SMT!
Although probably not strictly necessary, we use https over our internal network too.
Don't overlook the weakest part of the system - passwords. Lots of our staff had weak passwords and I insisted these were changed beforehand.
(Visions of truants sitting at home and marking themselves present!)
Last edited by ANiceEnglishman; 26th January 2008 at 12:20 AM.
12th March 2009, 03:22 PM #4
- Rep Power
Publishing Eportal through ISA Server
I am new to web publishing. I must give you the background first. We were using Novell system in our school before we have migrated to Microsoft recently. Our Eportal access is still through Novell proxy server with the public IP address configured on the router. Now we are just shutting down Novell completely and I want to publish Eportal through ISA Server.
Please guide me in this regard as you people out there are quite experience in it. I really appreciate this.
12th March 2009, 03:32 PM #5
We incorported access to it through our external connection for staff and students to gain access to network drives and other resources.
We installed adito which is a free opensource ssl explorer connection. the staff connect through a link on our external website (which is just a link to our secure site) then use there LDAP network username and password to login. once logged in securely they click on the eportal icon then loggin using an eportal login name and password.
For parfental acces we are working on the parents using there childs network login then giving them the login for eportal. This will also allow the parents to see what there children are storing on the school system and add another pair of eyes to searching out and getting rid of inappropriate material...
18th March 2009, 12:53 PM #6
- Rep Power
In view of BECTA guidelines, do you guys use 2 factor authentication? Should we be doing so?
19th March 2009, 10:57 AM #7
I'm just going through this myself, and learning as I go.
I have an experimental site at the moment. For a while it was just secured with a SSL cert issued by my domain's CA. It's worked well, but the browsers flag up warning about the site not being trusted.
This morning I've installed a free 14-day trial Verisign cert on the server. I'll test it tonight when I get home. A word of warning: Verisign send you the cert several hours after requesting it, and the instructions on what to do with it about twelve hours after that, leaving your web server useless in the meantime.
Please correct me if I'm wrong, but there's no harm in just using a cert created by your own CA. It just means that machines from outisde the domain will be unable to verify the authenticity of it, but communications will still be secured. The biggest problem would be training users to click through the warning to get the site every time.
(As I write this I wonder if it's possible to generate a root CA trust cert from the domain CA and give this to users to install on their home computers, so they will trust it).
19th March 2009, 11:05 AM #8
That training is the harm. Sure, you may not consider that anyone would want to impersonate the identity of your site, but if you train users to just ignore those warnings then it won't just be on your site that they're ignoring them.
Originally Posted by OverWorked
Thanks to jamesb from:
OverWorked (19th March 2009)
19th March 2009, 11:10 AM #9
Originally Posted by jamesb
19th March 2009, 11:16 AM #10
- Rep Power
We use ePortal here. I haven't read the BECTA guidelines on 2 factor authentication, does anyone currently do it?
If so what does BECTA state about its use?
19th March 2009, 02:27 PM #11
I've just been going through the Verisign site for the VIP service.
The demos are worth watching.
They don't mention prices, which generally means "you can't afford it".
Our LA's human resources dept use 2-factor auth and issue the number generator key fobs to schools at £150 each. That gives some idea of how expensive it is.
I'll probably go for Verisign's "Secure Site", their cheapest SSL product. There's also Thawte's "SSL 123", which is even cheaper.
Last edited by OverWorked; 19th March 2009 at 02:57 PM.
Reason: added a bit
19th March 2009, 04:27 PM #12
There others apart from Verisign and Thawte out there - InstantSSL for example is substantially cheaper and still accepted by most browsers.
19th March 2009, 08:33 PM #13
Or just use the free SSL Certificate from ipsca - certs.ipsca.com as they work fine with it. As a note are you publishing via the Bull system or via your own? We did have a brief chat about SSL at the area Network Managers meeting on Tuesday.
19th March 2009, 08:42 PM #14
I'll send a you a PM.
19th March 2009, 09:43 PM #15
Replied and I see you have replied back Will look forward to it, can you make it a late morning / afternoon one please as I'm in a meeting first thing or so.
By IT_Man_Dan in forum How do you do....it?
Last Post: 20th November 2007, 11:16 AM
By pooley in forum MIS Systems
Last Post: 26th June 2007, 10:00 PM
By johnkay21 in forum Virtual Learning Platforms
Last Post: 9th May 2007, 07:58 AM
By Mikey in forum Web Development
Last Post: 7th April 2006, 11:18 AM
By Pear in forum Educational Software
Last Post: 25th January 2006, 11:34 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)