Autumn 2017 CENSUS Information

The Census Helpdesk will be available from 09:00 to 16:30 on Census Day.  The number is 0844 875 3922.

The normal Schools ICT Helpdesk will also be available on 01609 536086

 Latest Fileset 704 for SIMS Census

To import the fileset please follow the instructions below:

Right click on the file below and choose Save Target As (might be different depending on which browser you are using). Save this file to anywhere on your machine, we would suggest J:\SIMSData\Inbox although it might automatically save to your downloads folder. 

 zipFileset 704

 Find the saved zipped folder on your machine, right click on the zipped folder and choose Extract All.

In SIMS go to Tools > Setups > Import Fileset
At the end of the 'choose Fileset' box click on the little yellow browse folder and navigate to your Fileset. You will need to open the unzipped folder then choose the Fileset from here. The filename will be 0704-StatutoryReturns-Autumn2017_Fileset.mfs and will be the only file showing in the folder. Click on this file then choose OK.
Once selected click Import Fileset.

You will now see a message which reads "Import successful. Please close SIMS.net and re-open it." At this point, please close out of SIMS and log back in. You are now ready to start your Census return.

When you load the Census screen by going to Routines > Statutory returns > School Census, you should see the correct Fileset number (704) at the top of the screen.

 Autumn 2017 CENSUS Documentation

If you are looking for the Autumn 2017 CENSUS Documentation, please Login and then visit “Latest News” where you will find the required information.

Autumn 2017 - CENSUS Fileset

SIMS Users Only - please note that Fileset 704 is the latest version. If you are on Fileset 704, this is fine and you are able to continue with the Census return.

Security and Web Server Guide

Understanding Web Security

At Schools ICT we understand the importance of security. Schools ICT use industry standard server and web software to provide our services as well as protect your data. Web application security is a branch of Information security that deals specifically with security of websites, web applications and web services.

Hacking

If your website is hacked, it means someone gained access to your website account (typically via File Transfer Protocol, a.k.a. FTP or CMS login). By gaining access, hackers can do the following

  • Put malicious code in it, what the code does depends on the hacker's objectives.
  • Install malware and viruses on visitor's computers
  • Redirect visitors to other sites
  • Use your website to attack other websites, bringing them offline
  • Replace your site content with other content, the subject of which varies depending on the hacker's objectives.

Intrusion and Brute Force

Intrusion is a security breach on the server. This is normally done from outside of the server via network or software vulnarabilities. A brute force attack is one such approach. Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords, through exhaustive effort (using brute force) rather than employing intellectual strategies.

DDoS - Denial of Service Attacks

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a server. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted server with traffic.

Cross-site scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications such as WordPress and Joomla. XSS enables attackers to inject client-side scripts into web pages viewed by other users. The end user’s browser has no way of knowing that the script should not be trusted, and will run the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

What do we operate?

Schools ICT run cloud based webservers running Linux and Plesk with further servers available upon requirement. Some of these servers handle our customer base, whilst others provide redundancy and failover.

What Security do We Provide?

1. Server Level - Linux Operating System (OS)

Firewall and Intrusion Detection

  • Plesk 12.5 Firewall - We offer a robust firewall solution blocking all access apart from web traffic and sending mail. 
  • Fail2Ban - Advanced real time intrusion detection and automatic blocking software. This allows us to actively monitor our firewall and block all brute force,  DOS and DDOS activity.  

Watchdog and RootKit Hunter

  • Inspecting machines for malicious changes, scripts and malware detection

Datagrid VCTR 1.8 

  • Operating System Reliability and Vulnerability Evaluation.  If there are any critical exploits released in the interim period between scheduled upgrades, a ticket is raised in our system and our team reacts immediately to formulate a mitigation plan, communicate with affected customers and implement any necessary emergency patching.

Real Time Scalable Hardware

  • Allows us to freely adjust the amount of CPUs, RAM and SSD storage at any time.

Monitoring

  • Plesk Health Monitor
    • Real Time monitoring and notification
    • Threshold management
    • All services including CPU, MYSQL, RAM, Network and Disk
  • We use 1 and 1 datacentre external server monitor  - http, ftp, ping etc. providing external monitoring of our Cirrus Cloud servers
  • We perform daily server software checks and weekly upgrades. All patches, bug fixes and security updates are tested on a Friday in our test bed environment (this does not affect our live environment). The server is then run for 2 days and tested for further bugs. The updates are then rolled out Monday morning. Critical exploits are patched immediately.
  • We are subscribed to security mailing lists for all the critical elements of our software stack.

2. Hosting Level - Plesk Hosting Environment

ServerShield by CloudFlare

ServerShield by CloudFlare is a global CDN (Content Delivery Network) , DNS, DDoS protection & web security system. By routing traffic through CloudFlare we can block threats and limit abusive bots and crawlers from overwhelming and wasting bandwidth and server resources.  Provides real time notification of urgent issues and a course of action to neutralise the threat.  

  • Globally load balanced content delivery network (CDN)
  • Always Online
  • Traffic Analytics
  • Participatory member of the CloudFlare community.

Robust Security Policy (Plesk Enhanced Security Mode)

  • We only use strong security passwords. All passwords stored in the Plesk database are encrypted using the Plesk secret key. This way, even if a third party obtains a dump of the Plesk database, your customers are not compromised.
  • We only allow Secure FTP connections to our servers
  • Plesk Security Advisor identifies weakness in our security policy
  • Sensitive data (for example, user passwords) cannot be retrieved using the Plesk API. 

Backup Solution

  • We perform daily backups containing  all customer and full server data
  • Backed up to local and 2 geographically separate locations.
  • Fast response and recovery in the case of a severe attack.

3. Web Application Level - CMS / Customer Web Environment

Patchman

  • Allows identification of potential threats in 3rd party websites hosted on our server
  • Real time Website Malware & Vulnerability monitoring

Mailing Lists 

  • We are subscribed to security mailing lists for all the critical elements of our CMS
  • Automated notification via CMS software
  • Participatory member of the Open Source community. 

Daily and Weekly Checks

  • We perform weekly CMS checks and upgrades.
    • All plugins and extensions are monitored.
    • Patches, bug fixes and security updates are tested immediately in our test bed environment (this does not affect our live environment).
    • The website core functionality is then tested to confirm it still works as expected.
    • The updates are then rolled out to the live websites.

Schools ISP

bottom-module-isp-flat

Fast, reliable broadband connectivity is essential in schools. Fully supported, high performance, secure internet service especially for schools.

Read More

Leasing Options

bottom-module-leasing-flat

Did you know that Schools ICT offers leasing options for your ICT assets? Contact us for more information.


Read More

Special Offers

icon-special-flat

We like to strike a good deal with our suppliers and pass the savings on to schools. Visit our special offers pages for the latest deals.

Read More

Project Service

bottom-module-projects-flat

Developing your ICT? Not sure what ICT your school needs? Call the Development Team for genuine advice and the best possible solution.

Read More