Security of RMCC3

[Alice101]

Does anyone know the general security of RMCC3. How easy is it for a pupil to hack into such a system? I have been told it is very difficult - is that right?

[webman]

It depends how the network has been set up - what permissions students have etc and if any additional software has been used or GPOs that have been changed. Generally speaking though, if students are configured as Restricted UserType (red icon in system tray) then yes, they will find it very difficult to reak havoc.

Standard and Advanced user types give users increasing amounts of permissions such as certain control panel items. Somewhere in the CC3 handbooks there is a section that details what usertypes have what general permissions.

[meastaugh1]

Not being an authority on security I'm not sure how easy it is to hack, but CC3 does allow you to lock things down reasonably tightly. In terms of security, I would imagine you could reproduce most if not all security using vanilla Windows with a few additional tools.

An example of where security is possibly lacking is the web-based management console. This is hosted using basic authentication over SSL internally, not ideal as it potentially exposes the risk of a MITM attack with a fake SSL certificate.

[russdev]

As per other threads cc4 as rule standard users can't do much etc. As for web based console in theroy yes but in next version CC4 the RMMC becomes application based again.

Russ

[bizzel]

I've been working recently on tightening the security of our CC3 system. I actually find CC3 to be overzealous in terms of locking down student accounts - we had frequent problems with IT students running macros and adding toolbars to Office. Our CC3 setup also has software restrictions set to block everything except what we allow. I'm not sure if that's the default but, combined with http antivirus filtering, that almost eliminates the need for antivirus software. As much as I dislike CC3, it is very secure (unlike 2.4, the pain, the pain!) and we've never had a security breach.

[Jose]

Does anyone know the general security of RMCC3. How easy is it for a pupil to hack into such a system? I have been told it is very difficult - is that right?

if you leave everything as standard then froma security point of view its a very secure system that should prevent any problems.
Thats were the good new ends though, the only way you can get a lot of educational software to run is to customize the the way the system is setup and for some subjects pupils needs much more control over the systems.

RM support tend to reccommend that you then make pupils advanced users to enable this software to run.

Its secure but only if you don't intend to use most educational software that available on it.

I fully expect the RM luddites on here to reply with comments that its not RM's fault that this software requires extra access ( insert other excuse here..) but surely a product such as CC3 that they know is used in schools should be able to run most education software without modification.

The school I work at is in the process of ripping this crap out and its quite funny that software that used to have problems running on a CC3 PC now runs fine on a secure vanilla PC.

are you primary or secondary ?.

[meastaugh1]

surely a product such as CC3 that they know is used in schools should be able to run most education software without modification.

It does, here at least. I have plenty of apps running on C3 and vanilla desktops with a similar level of security applied.

For schools that don't want to bother with locking down desktops, you can switch most of it off (eg software restrictions policies, NTFS permissions on local hdd etc).

[Butuz]

CC3 is pretty secure as standard - yes. Is it just me that's slightly concerned about a person signing up on this board just to ask how easy it is to hack into a network?

Jose - getting educational software to run on CC3 is only a chore because most educational software is written in a way that could be bettered by a first year comp-sci student..... I mean - java and command prompts???? In this day and age? If the software was written properly in accordance with Microsoft's MSI best practice - it would work pretty much out of the box.

Andrew

[russdev]

Nothing here that would help a soonone hack a cc3 network

[Jose]

CC3 is pretty secure as standard - yes. Is it just me that's slightly concerned about a person signing up on this board just to ask how easy it is to hack into a network?

Jose - getting educational software to run on CC3 is only a chore because most educational software is written in a way that could be bettered by a first year comp-sci student..... I mean - java and command prompts???? In this day and age? If the software was written properly in accordance with Microsoft's MSI best practice - it would work pretty much out of the box.

Andrew

This is true but surely any system designed to be used in a school would be designed to work with these software products regardless of whose fault it is.
Solutions providers should provide solutions not excuses.

[russdev]

As said by lot of people had no issues getting software to work on cc3.

So maybe if you tell us what problem you are having with what software maybe able to help.

Russ

[Jose]

As said by lot of people had no issues getting software to work on cc3.

So maybe if you tell us what problem you are having with what software maybe able to help.

Russ

are you seriously telling us that with a standard CC3 setup with students as restricted users all of your software runs fault free, I think a quick search on the internet tells us otherwise.
The original poster ask if was secure as standard what it is but not without many important problems. If you have to start changing user types for pupils then its fairly pointless buying a out of the box solution if it does not work out of the box.

[russdev]

Yes (fault free with in reason) any issues not down to security settings of cc3. As you can alter settings for each piece of software so if needs access to to folder can give access to that folder.

May I ask few questions of you again what software you got an issue with as might be able to help.

Second have you done RM Application training course? Your friend in getting software to work is ACL Detective and Software restrictions in RMMC.

Russell

[webman]

I agree with Russ.

Our students (Restircted UserType) and staff (Staff UserType) can run all the software we've thrown onto our CC3 network. Some work straight away, some we've create file hash/path rules, some we've created writeAccess.ini files for, and some we've re-done the MSIs for. But atleast everything works while maintiaining the level of security that comes with ease on CC3.

Considering 90% of educational software is written by (ex-)teachers with a copy of Dummies Guide to Visual Basic 5 I don't think we do too badly.

[bossman]

I would second that Russ. Have ran CC3 for 5 years now and most decent applications run straight out of the box. As for the odd pieces of software that are designed badly usually small visual basic progs which really aren't worth the money we have managed to resolve quickly and effectively with the minimum of effort thanks to the tools provided by RM.