Presentation on theme: "Important to inform users as to the importance of strong passwords. Important to inform users that web access means potential access from anywhere – can’t."— Presentation transcript:
Important to inform users as to the importance of strong passwords. Important to inform users that web access means potential access from anywhere – can’t see the students doing it! Diligence in signing out, caution about being on public computers, acknowledge using student computers could mean keyboard logging … On some tablets/Ipad if you are inclass projection.. As you type your password it could be showing each password letter then hiding it. ** turn that setting off HECK do not limit this to just passwords … it is all about privacy of information period – class lists, student profiles, …. Do not print and post without appreciating the impact. What district policies do you have in place “share”
Iseries Security – we are SOLID with access to data files *Public Exclude to all XXXFILES libraries – only a few (less than 10 eg: T4’s for payroll) objects that have private authorities described.. Unique to the iseries we grant temporary access when executing programs. Only passwords of super users will get you anywhere! xxxTRANS libraries (user downloads like EIS.530 download report) – Key objects are cleared nightly to reduce risk of someone grabbing information ** We clear ours out … but now that information is on your PC, your USB, …. OR.. Safe on the network?
IFS Directory - Some exposure for *public /cimssms *WX Objexist,Objmgt … investigate and test on your own system with a normal *user SHARES are necessary for LIMITED number of people (all to just image /cimssms /cimsems /cimsfms … CAREFUL: Ensure not anonymous on iseries AND set share/map drive to the CIMS prescribed IDS cimsacp, cimsems … so particular users are not owning objects
Audit logs in STU.190, PAY.190, GNL.190 – Excellent RESOURCE for important items that have changed – audit will track the CIMS USERID and the EC Employee number/name as per access from the Connects Audit on all image views, changes, and adds – IMG.301E, IMG.301, IMG.301F (report cards, T4’s, Employee Applicant information …)
GOAL: Server has nothing important on it … as of the latest release – the only thing left on the server is student and employee pictures. Html tags written into the software to not invite site to be indexed Robots.txt file recommendation to reduce chance of indexing Delete.bat file to triple check no outlying pdf’s around ** Change to the way PDF’s are generated – When any other key is selected, the pdf is deleted automatically to reduce PDF’s sitting on the server at all. What are you doing on your webservers to reduce security exposure – IIS Setup and webserver definitions? User-agent: * Disallow: /
Reviewed IIS Logging. IIS does log activity – all access to pages from what IP and how many times, how many error outs etc … CAN help to know what pages are being hit and when/if timeouts and errors are occurring New audit for all Connect Logins: Each time anybody signs into any connect in ACSFILES/PACSWEB we are logging Userid Successful password attempt IP address coming from Browser, Operating System information PRODUCTIPDATETIMEBrowserUserExtrasPassword AC Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckokim0N AC Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckodonna0Y AC Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko donna semem1191Y TC Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckosemem0Y EC Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;.NET CLR ;.NET CLR ca Y Netscape, Mozilla Open Source
Districts can control what screen messaging appears when there is a timeout or error to an.aspx page …… we present errormessage.pdf Districts can control what screen messaging appears when the iseries is not available …. We present nosignon.pdf
REMINDER: EmployeeConnect Force password change to EC (EIS.331) – we can set a default value (currently I think only Portage is using)! TeacherConnect … Option to enforce password change policy for those districts not automatically loading this password each day. Pull student and staff pictures from the webserver.. Worried about speed if we have to go to the iseries for all the pictures Additional connect logging (same work as at login). Log each page movement of each user – you would know who hit what page everyday, every minute. THOUGHTS? Do we have to get crazy and think about asking for additional passwords in teacherconnect to update marks?