Network and Classroom Management Thread, Security of RMCC3 in Technical; Does anyone know the general security of RMCC3. How easy is it for a pupil to hack into such a ...
18th January 2008, 06:30 PM #1
- Rep Power
Security of RMCC3
Does anyone know the general security of RMCC3. How easy is it for a pupil to hack into such a system? I have been told it is very difficult - is that right?
18th January 2008, 07:00 PM #2
It depends how the network has been set up - what permissions students have etc and if any additional software has been used or GPOs that have been changed. Generally speaking though, if students are configured as Restricted UserType (red icon in system tray) then yes, they will find it very difficult to reak havoc.
Standard and Advanced user types give users increasing amounts of permissions such as certain control panel items. Somewhere in the CC3 handbooks there is a section that details what usertypes have what general permissions.
18th January 2008, 07:07 PM #3
Not being an authority on security I'm not sure how easy it is to hack, but CC3 does allow you to lock things down reasonably tightly. In terms of security, I would imagine you could reproduce most if not all security using vanilla Windows with a few additional tools.
An example of where security is possibly lacking is the web-based management console. This is hosted using basic authentication over SSL internally, not ideal as it potentially exposes the risk of a MITM attack with a fake SSL certificate.
Last edited by meastaugh1; 18th January 2008 at 07:45 PM.
18th January 2008, 08:47 PM #4
As per other threads cc4 as rule standard users can't do much etc. As for web based console in theroy yes but in next version CC4 the RMMC becomes application based again.
19th January 2008, 12:17 PM #5
I've been working recently on tightening the security of our CC3 system. I actually find CC3 to be overzealous in terms of locking down student accounts - we had frequent problems with IT students running macros and adding toolbars to Office. Our CC3 setup also has software restrictions set to block everything except what we allow. I'm not sure if that's the default but, combined with http antivirus filtering, that almost eliminates the need for antivirus software. As much as I dislike CC3, it is very secure (unlike 2.4, the pain, the pain!) and we've never had a security breach.
20th January 2008, 10:50 PM #6
- Rep Power
if you leave everything as standard then froma security point of view its a very secure system that should prevent any problems.
Originally Posted by Alice101
Thats were the good new ends though, the only way you can get a lot of educational software to run is to customize the the way the system is setup and for some subjects pupils needs much more control over the systems.
RM support tend to reccommend that you then make pupils advanced users to enable this software to run.
Its secure but only if you don't intend to use most educational software that available on it.
I fully expect the RM luddites on here to reply with comments that its not RM's fault that this software requires extra access ( insert other excuse here..) but surely a product such as CC3 that they know is used in schools should be able to run most education software without modification.
The school I work at is in the process of ripping this crap out and its quite funny that software that used to have problems running on a CC3 PC now runs fine on a secure vanilla PC.
are you primary or secondary ?.
20th January 2008, 11:06 PM #7
It does, here at least. I have plenty of apps running on C3 and vanilla desktops with a similar level of security applied.
Originally Posted by Jose
For schools that don't want to bother with locking down desktops, you can switch most of it off (eg software restrictions policies, NTFS permissions on local hdd etc).
21st January 2008, 12:35 PM #8
CC3 is pretty secure as standard - yes. Is it just me that's slightly concerned about a person signing up on this board just to ask how easy it is to hack into a network?
Jose - getting educational software to run on CC3 is only a chore because most educational software is written in a way that could be bettered by a first year comp-sci student..... I mean - java and command prompts???? In this day and age? If the software was written properly in accordance with Microsoft's MSI best practice - it would work pretty much out of the box.
21st January 2008, 12:37 PM #9
Nothing here that would help a soonone hack a cc3 network
21st January 2008, 01:51 PM #10
- Rep Power
This is true but surely any system designed to be used in a school would be designed to work with these software products regardless of whose fault it is.
Originally Posted by Butuz
Solutions providers should provide solutions not excuses.
21st January 2008, 01:54 PM #11
As said by lot of people had no issues getting software to work on cc3.
So maybe if you tell us what problem you are having with what software maybe able to help.
21st January 2008, 02:03 PM #12
- Rep Power
are you seriously telling us that with a standard CC3 setup with students as restricted users all of your software runs fault free, I think a quick search on the internet tells us otherwise.
Originally Posted by russdev
The original poster ask if was secure as standard what it is but not without many important problems. If you have to start changing user types for pupils then its fairly pointless buying a out of the box solution if it does not work out of the box.
21st January 2008, 02:36 PM #13
Yes (fault free with in reason) any issues not down to security settings of cc3. As you can alter settings for each piece of software so if needs access to to folder can give access to that folder.
May I ask few questions of you again what software you got an issue with as might be able to help.
Second have you done RM Application training course? Your friend in getting software to work is ACL Detective and Software restrictions in RMMC.
Last edited by russdev; 21st January 2008 at 02:52 PM.
21st January 2008, 02:42 PM #14
I agree with Russ.
Our students (Restircted UserType) and staff (Staff UserType) can run all the software we've thrown onto our CC3 network. Some work straight away, some we've create file hash/path rules, some we've created writeAccess.ini files for, and some we've re-done the MSIs for. But atleast everything works while maintiaining the level of security that comes with ease on CC3.
Considering 90% of educational software is written by (ex-)teachers with a copy of Dummies Guide to Visual Basic 5 I don't think we do too badly.
21st January 2008, 02:45 PM #15
I would second that Russ. Have ran CC3 for 5 years now and most decent applications run straight out of the box. As for the odd pieces of software that are designed badly usually small visual basic progs which really aren't worth the money we have managed to resolve quickly and effectively with the minimum of effort thanks to the tools provided by RM.
By Alice101 in forum Network and Classroom Management
Last Post: 20th February 2008, 05:27 PM
By kerrymoralee9280 in forum How do you do....it?
Last Post: 11th October 2007, 10:02 AM
Last Post: 6th July 2006, 06:44 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)