MIS Systems Thread, Do you use SIMS Trusted Logins in Technical; @Bossman: "They are just full of excuses as to why they are so irresponsible when it comes to IT security."
20th May 2009, 01:56 AM #16
@Bossman: "They are just full of excuses as to why they are so irresponsible when it comes to IT security."
Sadly he's right - it is our job to fix this.
@Nick Ross: "If your students know staff passwords, then access to the MIS is far from your only concern, IMHO."
True, but it is probably the biggest (or near biggest) concern. Afterall the MIS is where the schools most wothwhile, useable, and most sensitive data exists. Especially if they are a (wait for it...) "Power Teacher".
The whole "No - For other Reasons" connundrum:
I totally agree with VikPaw:
"Also, for whatever reason, due to lack of computers / laziness / speed, many of my users (especially admin/support/medical ..) share a logged in computer to use SIMS. For this reason, i could never have full trusted auto, and it is for this reason i have held back a full roll out."
I myself feel that to troubleshoot issues non integrated logins help you. Sometimes a SIMS or FMS problem exists due to an issue with a Windows user profile. Non trusted logins helps you understand and resolve this issue when it occurs.
@dyoung5: "I'm trying to put a case for using SIMS trusted logins (integrated with active directory). Can you please vote and reply with any useful security information both for and against."
I voted "no - for security reasons" I'd love to see integrated logins in action but I think it is too dangrous to use throughout a school as a whole.
Who cares if a random teacher with low, low access to MIS leaves their PC unguarded and the class gets in, they can't do anything or see that much (until they learn how to find a marksheet).
However, if an SLT does the same then all of a sudden the class who get to look at the data can see (and edit) pretty much whatever they like.
What I'd really like to see in a 2ndry is a decision whereby the office has integrated logins but not the teachers, (is/how easy is, this to implement)??
@User3204: "expecially as SIMS made them all those stupid XKCDWVZXSJ type passwords."
Surely you mean "secure" passwords??
!!!Christ I sound like I work for Capita - scurries away with hand over back of head...
Last edited by superfletch; 20th May 2009 at 02:03 AM.
Reason: Crap grammar
IDG Tech News
20th May 2009, 08:21 AM #17
another 2p from me
@Grumbledook et al - I take your points over the guidelines, security etc. etc. I just have to reiterate one point:
Whoever the user, whatever their level of power, however security conscious they are and however much we beat them for doing things wrong, imagine this scenario. They walk into a classroom, log into a PC, and need to do the register because we use Lesson Monitor, so they log into SIMS, using a different username and different password to the regular network one. Now the lesson starts and they don't log out of SIMS, because they will use it to review marks, check photos, add achievements or behaviour, access their lesson plans (We just bought CLP!)...... We are still in an insecure environment trusting the teacher and whatever settings they have for locking the machine, either enforced by policy or not.
If they logged into SIMS securely, used it and logged out every time, fine. In a 40 minute lesson that isn't going to happen! In fact in any length of lesson, the more SIMS is used, it just isn't going to happen. So, be it Mr. Lowly Teacher user, or Mrs. Senior Manglement Phd. in a classroom environment they need to have SIMS open and will use it throughout. Making them log in an extra time doesn't achieve anything in my opinion except annoy them.
We are trying to solve the wrong problem. We don't need to add obstacles to the workflow to increase security, we need to alter the bad practises that these people use. Regardless of whether SIMS is open or not, the workstation should be secured, students shouldn't have access. Most kids probably couldn't be bothered with mucking around with SIMS (with that interface - would you?), there's much more fun to be had, reading and sending emails, accessing shared areas, detention reports, meeting notes, and other confidential material, triggering the internet filters. . . . .
20th May 2009, 09:47 AM #18
I assume you mean me when you say Nick Ross :-) I think that in part depends on how much information you keep in your MIS. Ours, for example, doesn't contain much beyond names and addresses; attendance, assessment, reports, SEN/AEN, behaviour and other such "juicy" things are handled elsewhere, so in this school, pupils accessing the Staff Docs shared area is a greater concern than them seeing SIMS.
Originally Posted by superfletch
20th May 2009, 09:50 AM #19
Possibly too late to offer you assistance on T4 now, but we found it to be because T4 cannot handle usernames longer than 8 characters, which some network IDs are. When we went to trusted logons, we offered affected users the choice between logging in twice or changing their network ID.
Originally Posted by User3204
20th May 2009, 09:53 AM #20
I disagree. The guidance doesn't require, or request separate sources of information be password protected separately. And on a practical level, doing so doesn't add any extra security. All the guidance says is that access to the various levels of information should come with greater security as it increases sensitivity.
Originally Posted by GrumbleDook
Adding an extra level of login actually, in my opinion, just makes it less secure. I think nearly every user of SIMS.net in this school writes it down in their planner or somewhere like that. There is no way this is ever going to stop, teachers have enough to remember as it is.
As someone else said, 1 secure password is better than 2 insecure ones (or in many schools cases, 3,4 or 5 insecure passwords).
20th May 2009, 10:43 AM #21
Yeah. What he ^ just said!
20th May 2009, 01:20 PM #22
Sorry Nick - I did mean you,
By Oops_my_bad in forum MIS Systems
Last Post: 6th February 2009, 07:15 PM
By cjohnsonuk in forum Windows
Last Post: 16th April 2008, 04:02 PM
By woody in forum Windows
Last Post: 1st December 2006, 10:03 AM
By woody in forum Windows
Last Post: 28th November 2006, 01:03 PM
By mullet_man in forum Wireless Networks
Last Post: 12th January 2006, 03:42 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)