News

Aisis security and efficiency to be improved

By and
Published May 11, 2014 at 2:58 am

THE INFORMATION Technology Resource Management Office (ITRMO) has expressed plans to improve the efficiency of the Ateneo Integrated Student Information System (Aisis) and the security of www.aisisonline.ateneo.edu (Aisis Online).

The plans were made in response to the hacking of Aisis Online on February 2 and the disruption of second semester online enlistment for seniors on October 21, 2013.

According to Information Systems Group Manager Glenn Año, they are planning to archive class modules, which is what slowed down the last enlistment. This can make the system more efficient by reducing the amount of data Aisis has to look through during transactions.

Archiving entails removing old class modules from the index of data accessed by Aisis without deleting them from the servers.

Moreover, Office of the Management Information Systems Director JP Gregoria said they plan to strengthen security protocols and change the server operating system (OS) for Aisis Online.

The said website is used to display announcements from the different Ateneo offices. Meanwhile, Aisis, which can be accessed through www.aisis.ateneo.edu, is the portal for students and employees to conduct university-related transactions.

Both systems are stored in the Ateneo servers.

Previous problems

On February 2, the homepage content of Aisis Online was defaced with the post: “Hacked by pinoy anonymouz; no to pork barell!!! No to corruption!!! No to political dynasties!!!”

ITRMO and the Office of Management Information Systems (OMIS) were able to remove the unauthorized post on the day of the hacking.

According to Gregorio, the hacker could have hacked the system by gaining access to an authorized account. The site is accessible to Ateneo offices so they may post announcements on the website.

Gregorio said this is not the first time hackers tried to access Aisis Online. The OMIS team saw that there were logs indicating previous hack attempts.

As for Aisis, there were no signs of any hacker trying to penetrate www.aisis.ateneo.edu on the day Aisis Online was hacked.

Año said they already have a lead regarding the identity of hacker, but he has refused to disclose any information as of press time.

As for the slowing down of Aisis during seniors’ enlistment last October, Año said that the class schedule modules, which are stored in the servers, already reached a threshold that exposed inefficiencies in the scripts that retrieve information from the database.

Department of Information Systems and Computer Science Instructor Ariel Maguyon, PhD suspects that though the lag can be attributed to many variables, the way the database is accessed through queries plays a huge role in the efficiency of a system.

“There’s such a thing as [a query that is] syntactically correct but semantically wrong. It is doing what it’s supposed to do, but not doing it well,” he explained.

ITRMO was able to address the problem through revising the query statements enabling the enlistment to continue on October 23, 2013.

Security assessment

The hacking incident brought into question not only the security measures provided for Aisis Online but also for the Aisis system.

According to Gregorio, aside from using firewalls, they are also currently paying for a Secure Sockets Layer (SSL) service for Aisis.

This service gives Aisis a certain security level by encrypting the data as it moves from the server to the target computers. This is not being done for Aisis Online, however.

According to Vice President for the Loyola Schools John Paul Vergara, PhD, they do not pay for Aisis Online’s SSL because it contains only announcements and holds no confidential data, unlike Aisis.

“It’s not always a matter of spending. It’s a matter of prioritization,” he said.

According to Gregorio, the server that hosts Aisis Online runs on a Windows OS while all other servers use Unix. Department of Information Systems and Computer Science Instructor Maguyon said Unix is better in terms of security.

“Unix is known for its security as an operating system… Windows is dominant when it comes to end user operating system, but when it comes to servers, Unix is considered to be more robust,” Maguyong added.

However, Vergara assures the community that “as far as records are concerned, we have that covered” through hardcopies and backups of information stored in the servers.

Optimizing the system

With the constant changes in the field of information technology, Vergara said they cannot guarantee that Aisis will no longer encounter problems, but he affirmed that the offices concerned will make the necessary improvements.

Vergara said that in order to anticipate any unfortunate circumstance, ITRMO and OMIS will continue to do stress tests and always check on the system.

“The best defense for [future Aisis problems] is to be able to anticipate [them] through testing [and] through optimization.”

Año said that are currently gathering statistics with regard to usage of Aisis and Aisis Online. He said they would also review the code and script of the different systems. He said that since Aisis Online is already an old system, it has its vulnerabilities and is need of upgrading.

Maguyon also suggested that in terms of optimization, hiring a consultant or an expert could be valuable in order to know which data should be indexed or which queries to be revised.

He added that if the there are Ateneans who are skilled for such a job, the concerned offices will tap them.


How do you feel about the article?

Leave a comment below about the article. Your email address will not be published. Required fields are marked *.

Related Articles


News

November 15, 2024

Jordan Brand introduces newest batch of Atenean Wings Scholars

News

November 13, 2024

AEWU wins labor case on illegal wage deductions, Ateneo admin appeals decision to Court of Appeals

News

November 12, 2024

Office of Student Discipline establishes Canvas course to streamline services, promote Code of Conduct principles

From Other Staffs


Sports

November 23, 2024

Ateneo suffers one final loss in infamous season, falls prey to streaking Adamson

Sports

November 23, 2024

Ateneo submits to La Salle despite Alferez’s brace in tightly-contested derby

Sports

November 23, 2024

Blue Eagles suffer matching defeats to FEU and NU in UAAP Women’s Beach Volleyball

Tell us what you think!

Have any questions, clarifications, or comments? Send us a message through the form below.