Poll: Do you use SIMS Trusted Logins

+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
MIS Systems Thread, Do you use SIMS Trusted Logins in Technical; @Bossman: "They are just full of excuses as to why they are so irresponsible when it comes to IT security." ...
  1. #16
    superfletch's Avatar
    Join Date
    Nov 2007
    Location
    South
    Posts
    434
    Thank Post
    145
    Thanked 77 Times in 61 Posts
    Rep Power
    31

    MY 2p

    @Bossman: "They are just full of excuses as to why they are so irresponsible when it comes to IT security."

    Sadly he's right - it is our job to fix this.

    ---------------------

    @Nick Ross: "If your students know staff passwords, then access to the MIS is far from your only concern, IMHO."

    True, but it is probably the biggest (or near biggest) concern. Afterall the MIS is where the schools most wothwhile, useable, and most sensitive data exists. Especially if they are a (wait for it...) "Power Teacher".

    --------------------

    The whole "No - For other Reasons" connundrum:

    I totally agree with VikPaw:

    "Also, for whatever reason, due to lack of computers / laziness / speed, many of my users (especially admin/support/medical ..) share a logged in computer to use SIMS. For this reason, i could never have full trusted auto, and it is for this reason i have held back a full roll out."


    I myself feel that to troubleshoot issues non integrated logins help you. Sometimes a SIMS or FMS problem exists due to an issue with a Windows user profile. Non trusted logins helps you understand and resolve this issue when it occurs.

    ---------------------

    @dyoung5: "I'm trying to put a case for using SIMS trusted logins (integrated with active directory). Can you please vote and reply with any useful security information both for and against."


    I voted "no - for security reasons" I'd love to see integrated logins in action but I think it is too dangrous to use throughout a school as a whole.

    Example:

    Who cares if a random teacher with low, low access to MIS leaves their PC unguarded and the class gets in, they can't do anything or see that much (until they learn how to find a marksheet).

    However, if an SLT does the same then all of a sudden the class who get to look at the data can see (and edit) pretty much whatever they like.

    What I'd really like to see in a 2ndry is a decision whereby the office has integrated logins but not the teachers, (is/how easy is, this to implement)??

    ---------------------

    @User3204: "expecially as SIMS made them all those stupid XKCDWVZXSJ type passwords."

    Surely you mean "secure" passwords??

    ---------------------


    !!!Christ I sound like I work for Capita - scurries away with hand over back of head...

    My 2p
    Last edited by superfletch; 20th May 2009 at 01:03 AM. Reason: Crap grammar

  2. #17

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349

    Wink another 2p from me

    @Grumbledook et al - I take your points over the guidelines, security etc. etc. I just have to reiterate one point:

    Whoever the user, whatever their level of power, however security conscious they are and however much we beat them for doing things wrong, imagine this scenario. They walk into a classroom, log into a PC, and need to do the register because we use Lesson Monitor, so they log into SIMS, using a different username and different password to the regular network one. Now the lesson starts and they don't log out of SIMS, because they will use it to review marks, check photos, add achievements or behaviour, access their lesson plans (We just bought CLP!)...... We are still in an insecure environment trusting the teacher and whatever settings they have for locking the machine, either enforced by policy or not.

    If they logged into SIMS securely, used it and logged out every time, fine. In a 40 minute lesson that isn't going to happen! In fact in any length of lesson, the more SIMS is used, it just isn't going to happen. So, be it Mr. Lowly Teacher user, or Mrs. Senior Manglement Phd. in a classroom environment they need to have SIMS open and will use it throughout. Making them log in an extra time doesn't achieve anything in my opinion except annoy them.

    We are trying to solve the wrong problem. We don't need to add obstacles to the workflow to increase security, we need to alter the bad practises that these people use. Regardless of whether SIMS is open or not, the workstation should be secured, students shouldn't have access. Most kids probably couldn't be bothered with mucking around with SIMS (with that interface - would you?), there's much more fun to be had, reading and sending emails, accessing shared areas, detention reports, meeting notes, and other confidential material, triggering the internet filters. . . . .

  3. #18
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by superfletch View Post
    @Nick Ross: "If your students know staff passwords, then access to the MIS is far from your only concern, IMHO."

    True, but it is probably the biggest (or near biggest) concern. Afterall the MIS is where the schools most wothwhile, useable, and most sensitive data exists. Especially if they are a (wait for it...) "Power Teacher".
    I assume you mean me when you say Nick Ross :-) I think that in part depends on how much information you keep in your MIS. Ours, for example, doesn't contain much beyond names and addresses; attendance, assessment, reports, SEN/AEN, behaviour and other such "juicy" things are handled elsewhere, so in this school, pupils accessing the Staff Docs shared area is a greater concern than them seeing SIMS.

  4. #19
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by User3204 View Post
    We don't have trustedAuto, cause we found some users (using Nova T4/Cover x) needed to be able to logon differently and SIMS .net couldn't cope.
    Possibly too late to offer you assistance on T4 now, but we found it to be because T4 cannot handle usernames longer than 8 characters, which some network IDs are. When we went to trusted logons, we offered affected users the choice between logging in twice or changing their network ID.

  5. #20

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,528
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    Quote Originally Posted by GrumbleDook View Post
    This is my personal opinion and interpretation of the data handling guidance (and open to debate) but this would immediately fall foul of the guidance. A single username and password which would allow access to sensitive and protected information about students including SEN, child protection issues (children in care, etc) and possibly staff personal details too depending on the roles in SIMS of various staff logging into the machine.

    If held upside down in a barrel of burning oil I would resist but should you not be the SIRO and have raised the concern and alarm with all the relevant people subsequently issued with the decree from manglement of 'Do it or else!" (and the union not backing your stance) then password protected screensaver set to 3 minutes is a minimum, strict policies that it is not to be running whilst connected to a data projector, a blanket ban on students using staff machines (logged in on a student account or staff 'just letting them on for a minute!') and making it a disciplinary offence for sharing your password with a student.

    Even then I would not do it for certain SIMS roles (anyone with system manager access, full SEN access, any member of senior manglement, exams roles, attendance officer or admin assistant)!

    And after you have done all of this, turn all the computers and servers off to make it all secure again.

    I cannot stress how ill thought out I believe this to be and would welcome a response from Phil on Capita's position on what guidance they give, to schools who go down this route, to ensure the security of data and information is maintained.
    I disagree. The guidance doesn't require, or request separate sources of information be password protected separately. And on a practical level, doing so doesn't add any extra security. All the guidance says is that access to the various levels of information should come with greater security as it increases sensitivity.

    Adding an extra level of login actually, in my opinion, just makes it less secure. I think nearly every user of SIMS.net in this school writes it down in their planner or somewhere like that. There is no way this is ever going to stop, teachers have enough to remember as it is.

    As someone else said, 1 secure password is better than 2 insecure ones (or in many schools cases, 3,4 or 5 insecure passwords).

  6. #21

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    Yeah. What he ^ just said!

  7. #22
    superfletch's Avatar
    Join Date
    Nov 2007
    Location
    South
    Posts
    434
    Thank Post
    145
    Thanked 77 Times in 61 Posts
    Rep Power
    31
    Sorry Nick - I did mean you,

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. SIMS: dropping logins when using dbAttach
    By Oops_my_bad in forum MIS Systems
    Replies: 4
    Last Post: 6th February 2009, 06:15 PM
  2. Trusted sites in group policies
    By cjohnsonuk in forum Windows
    Replies: 0
    Last Post: 16th April 2008, 03:02 PM
  3. Trusted Publishers
    By woody in forum Windows
    Replies: 4
    Last Post: 1st December 2006, 09:03 AM
  4. Trusted Publishers
    By woody in forum Windows
    Replies: 0
    Last Post: 28th November 2006, 12:03 PM
  5. Trusted Sites via Group Policies?
    By mullet_man in forum Wireless Networks
    Replies: 5
    Last Post: 12th January 2006, 02:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •