+ Post New Thread
Results 1 to 15 of 15
MIS Systems Thread, E-Portal and SSL in Technical; Does anyone else publish e-portal out across the internet? One of the things stopping us doing so at the moment ...
  1. #1

    Join Date
    Aug 2007
    Location
    North East
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    E-Portal and SSL

    Does anyone else publish e-portal out across the internet? One of the things stopping us doing so at the moment is that the sessions appear to be unencrypted which is OK on our internal network but we think this is an issue if we were to allow access to it by parents across the internet. We were thinking of publishing it and setting up our ISA server to dole out a certificate and only handle https requests (e.g. https://eportal.ourcollege.net) from external clients but keeping the internal side unencrypted :-

    home user <----https----> ISA <---http----> SQL-SERVER

    Does anyone else do this or are there any other methods that people know of to make this activity safe.

  2. #2
    Julian's Avatar
    Join Date
    Jan 2008
    Location
    Rickmansworth
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yes we are using HTTPS externally (only installed today!!). We do need to get a digital certificate (IE7 currently give nasty red message).

    Given the recent data loses, having pupils name, address, age, and picture over the internet unencrypted is asking for problems.

    I do not know if you have read the recent BBC news item -Teachers 'put pupil data at risk' (http://news.bbc.co.uk/1/hi/education/7171740.stm).
    Perhaps the journalist would like to do a follow up article, giving some schools publicity they will not like!!

  3. #3

    Join Date
    Feb 2006
    Location
    Newport
    Posts
    80
    Thank Post
    23
    Thanked 3 Times in 3 Posts
    Rep Power
    19
    We have done this, for staff use only.

    We had to change ePortal to use IIS instead of the Tomcat web server (Serco Learning can supply instructions for this) , buy a digital certificate from Verisign and open port 443 on our router. It all went reasonably smoothly. We set up a web page with the school logo and the Verisign logo which Internet users see before they get to ePortal . This gained some brownie points from the SMT!

    Although probably not strictly necessary, we use https over our internal network too.

    Don't overlook the weakest part of the system - passwords. Lots of our staff had weak passwords and I insisted these were changed beforehand.

    (Visions of truants sitting at home and marking themselves present!)
    Last edited by ANiceEnglishman; 26th January 2008 at 12:20 AM.

  4. #4
    apur32's Avatar
    Join Date
    Mar 2009
    Location
    London
    Posts
    70
    Thank Post
    2
    Thanked 3 Times in 3 Posts
    Rep Power
    11

    Publishing Eportal through ISA Server

    I am new to web publishing. I must give you the background first. We were using Novell system in our school before we have migrated to Microsoft recently. Our Eportal access is still through Novell proxy server with the public IP address configured on the router. Now we are just shutting down Novell completely and I want to publish Eportal through ISA Server.

    Please guide me in this regard as you people out there are quite experience in it. I really appreciate this.

    Thank you,

    Shoaib Nasir

  5. #5
    coquet636
    Guest
    We incorported access to it through our external connection for staff and students to gain access to network drives and other resources.

    We installed adito which is a free opensource ssl explorer connection. the staff connect through a link on our external website (which is just a link to our secure site) then use there LDAP network username and password to login. once logged in securely they click on the eportal icon then loggin using an eportal login name and password.

    For parfental acces we are working on the parents using there childs network login then giving them the login for eportal. This will also allow the parents to see what there children are storing on the school system and add another pair of eyes to searching out and getting rid of inappropriate material...

  6. #6
    The_Windy_Miller's Avatar
    Join Date
    Aug 2007
    Posts
    25
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    In view of BECTA guidelines, do you guys use 2 factor authentication? Should we be doing so?

  7. #7
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,010
    Thank Post
    196
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    SSL

    I'm just going through this myself, and learning as I go.

    I have an experimental site at the moment. For a while it was just secured with a SSL cert issued by my domain's CA. It's worked well, but the browsers flag up warning about the site not being trusted.

    This morning I've installed a free 14-day trial Verisign cert on the server. I'll test it tonight when I get home. A word of warning: Verisign send you the cert several hours after requesting it, and the instructions on what to do with it about twelve hours after that, leaving your web server useless in the meantime.

    Please correct me if I'm wrong, but there's no harm in just using a cert created by your own CA. It just means that machines from outisde the domain will be unable to verify the authenticity of it, but communications will still be secured. The biggest problem would be training users to click through the warning to get the site every time.

    (As I write this I wonder if it's possible to generate a root CA trust cert from the domain CA and give this to users to install on their home computers, so they will trust it).

  8. #8

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,160
    Thank Post
    98
    Thanked 318 Times in 260 Posts
    Blog Entries
    4
    Rep Power
    111
    Quote Originally Posted by OverWorked View Post
    Please correct me if I'm wrong, but there's no harm in just using a cert created by your own CA. It just means that machines from outisde the domain will be unable to verify the authenticity of it, but communications will still be secured. The biggest problem would be training users to click through the warning to get the site every time.
    That training is the harm. Sure, you may not consider that anyone would want to impersonate the identity of your site, but if you train users to just ignore those warnings then it won't just be on your site that they're ignoring them.

  9. Thanks to jamesb from:

    OverWorked (19th March 2009)

  10. #9
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,010
    Thank Post
    196
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    Quote Originally Posted by jamesb View Post
    That training is the harm. Sure, you may not consider that anyone would want to impersonate the identity of your site, but if you train users to just ignore those warnings then it won't just be on your site that they're ignoring them.
    You're right!

  11. #10
    Dafty's Avatar
    Join Date
    Nov 2007
    Location
    Lincolnshire
    Posts
    100
    Thank Post
    27
    Thanked 1 Time in 1 Post
    Rep Power
    0
    We use ePortal here. I haven't read the BECTA guidelines on 2 factor authentication, does anyone currently do it?

    If so what does BECTA state about its use?

  12. #11
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,010
    Thank Post
    196
    Thanked 42 Times in 34 Posts
    Rep Power
    30

    2-factor authentication

    I've just been going through the Verisign site for the VIP service.

    The demos are worth watching.

    They don't mention prices, which generally means "you can't afford it".

    Our LA's human resources dept use 2-factor auth and issue the number generator key fobs to schools at 150 each. That gives some idea of how expensive it is.

    I'll probably go for Verisign's "Secure Site", their cheapest SSL product. There's also Thawte's "SSL 123", which is even cheaper.
    Last edited by OverWorked; 19th March 2009 at 02:57 PM. Reason: added a bit

  13. #12

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,160
    Thank Post
    98
    Thanked 318 Times in 260 Posts
    Blog Entries
    4
    Rep Power
    111
    There others apart from Verisign and Thawte out there - InstantSSL for example is substantially cheaper and still accepted by most browsers.

  14. #13

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,488
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301
    Or just use the free SSL Certificate from ipsca - certs.ipsca.com as they work fine with it. As a note are you publishing via the Bull system or via your own? We did have a brief chat about SSL at the area Network Managers meeting on Tuesday.

  15. #14
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,010
    Thank Post
    196
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    John,

    I'll send a you a PM.

  16. #15

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,488
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301
    Replied and I see you have replied back Will look forward to it, can you make it a late morning / afternoon one please as I'm in a meeting first thing or so.

SHARE:
+ Post New Thread

Similar Threads

  1. Mentoring portal
    By IT_Man_Dan in forum How do you do....it?
    Replies: 0
    Last Post: 20th November 2007, 11:16 AM
  2. Sims.net E-portal ?
    By pooley in forum MIS Systems
    Replies: 1
    Last Post: 26th June 2007, 10:00 PM
  3. Shar Point Portal
    By johnkay21 in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 9th May 2007, 07:58 AM
  4. MS SharePoint Portal
    By Mikey in forum Web Development
    Replies: 13
    Last Post: 7th April 2006, 11:18 AM
  5. Learning Portal Plus
    By Pear in forum Educational Software
    Replies: 7
    Last Post: 25th January 2006, 11:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •