MIS Systems Thread, What a gem found by a colleague!! in Technical; One of my colleagues found a GEM on SIMS...
He makes a search for a pupils contact details, he finds ...
4th October 2010, 10:50 PM #1
What a gem found by a colleague!!
One of my colleagues found a GEM on SIMS...
He makes a search for a pupils contact details, he finds them, then closes SIMS.
He took the laptop home, loaded up SIMS for his timetable or something or other, and there was a childs data sitting there, clear as day.
I phoned Capita help desk, and apparently, as of 2 updates ago, SIMS cache's the searches for faster results, and is only meant to work when connected to the database (makes sense right?!) but in some instances, the cached search stays on the local machine and the data attaches to the machine.
I did a test to ALL machines in my school that had SIMS, and out of 60, only 9 cached and stored the search locally, but when you consider thats 15% of machines, thats a high percentage.
I am waiting on Capita's response for that one, as due to Data Protection, I can't allow those machines to leave the school...which is a PITA for the staff!
5th October 2010, 07:21 AM #2
It caches for speed? I've not noticed anything but a general slowness recently, but i'm hoping that it's a network/dns issue that will go away.
Interested to hear any feedback you get on this.
I'm assuming of course you're using the offline version of SIMS is it Teachers Desktop or something, so it wont affect users who just have laptops that connect normally whilst at school.
Our users can't log in unless they see the S drive so unless they didn't close SIMS and left it on the screen they shouldn't be able to walk away with data.
You have to bear in mind though that despite restrictions and best practises you are always going to have teachers that print stuff out and have it in their folders, so the risk isn't that much more because the laptop has cached something.
Does it store just one search? Wonder if it has a TTL?
5th October 2010, 08:15 AM #3
This doesn't make any sense to me at all. Have you got a case number?
5th October 2010, 08:17 AM #4
How did he even get logged on to SIMS??
5th October 2010, 09:06 AM #5
Phil there was no case number given as I was told to test the machines using the same environmental factors the teacher did, however Vikpaw was right, it was because SIMS was not closed, hence they could walk off with the data. I wrote up a script this morning that if it detects that our wireless SSID or wired connection to our server is no longer in use, it will force close SIMS.
My apologies for this!
5th October 2010, 09:23 AM #6
This is why I have taken the action not to allow teachers laptops or any other laptops to join the network.
They have remote access to the Sims (encrypted) and all the data stays on the schools network.
I am working on a solution to eradicate the need for laptops and USB data sticks etc etc so that all data stays on the network.
5th October 2010, 09:45 AM #7
This is also why you need to encrypt your machines... BitLocker FTW here.
5th October 2010, 09:54 AM #8
If I'm understanding what happened then encrypting laptops will make no difference - data is not held on the local machine. I think what happened is the laptop was put to sleep and on wakeup still showed the screen it was on.
5th October 2010, 09:59 AM #9
- Rep Power
Or even Truecrypt which I've found works really well.
Originally Posted by Ric_
5th October 2010, 11:12 AM #10
What about SLG??? is that okay by your (anyone here) standards, in as much that the path is encrypted, the data is not stored locally ... or does giving them access offsite breach this rule.
5th October 2010, 12:19 PM #11
Off site access is under control, a normal business expectation for most users.
5th October 2010, 02:28 PM #12
So did they leave the laptop switched, put it in the bag, take it home and carry on using it? Did they also say about the heat?
Originally Posted by nephilim
5th October 2010, 02:34 PM #13
They closed the lid (which I have set to put the laptop to sleep), and opened up when they got home, and found all data still there that they had searched for.
5th October 2010, 02:38 PM #14
So they couldn't cook dinner on it. Pretty sure someone told me sleep is a security hole anyway.
Ah yes, found the email - GCSx CoCo 4.1 - This is because the data content of the laptops hard drive is vulnerable in this state as the encryption protection is not active. For users who make regular use of STANDBY, the alternative HIBERNATE function, which is compliant as it engages the encryption protection.
By alonebfg in forum Windows
Last Post: 8th January 2008, 12:06 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)