THE INFORMATION Technology Resource Management Office (ITRMO) has expressed plans to improve the efficiency of the Ateneo Integrated Student Information System (Aisis) and the security of www.aisisonline.ateneo.edu (Aisis Online).
The plans were made in response to the hacking of Aisis Online on February 2 and the disruption of second semester online enlistment for seniors on October 21, 2013.
According to Information Systems Group Manager Glenn Año, they are planning to archive class modules, which is what slowed down the last enlistment. This can make the system more efficient by reducing the amount of data Aisis has to look through during transactions.
Archiving entails removing old class modules from the index of data accessed by Aisis without deleting them from the servers.
Moreover, Office of the Management Information Systems Director JP Gregoria said they plan to strengthen security protocols and change the server operating system (OS) for Aisis Online.
The said website is used to display announcements from the different Ateneo offices. Meanwhile, Aisis, which can be accessed through www.aisis.ateneo.edu, is the portal for students and employees to conduct university-related transactions.
Both systems are stored in the Ateneo servers.
Previous problems
On February 2, the homepage content of Aisis Online was defaced with the post: “Hacked by pinoy anonymouz; no to pork barell!!! No to corruption!!! No to political dynasties!!!”
ITRMO and the Office of Management Information Systems (OMIS) were able to remove the unauthorized post on the day of the hacking.
According to Gregorio, the hacker could have hacked the system by gaining access to an authorized account. The site is accessible to Ateneo offices so they may post announcements on the website.
Gregorio said this is not the first time hackers tried to access Aisis Online. The OMIS team saw that there were logs indicating previous hack attempts.
As for Aisis, there were no signs of any hacker trying to penetrate www.aisis.ateneo.edu on the day Aisis Online was hacked.
Año said they already have a lead regarding the identity of hacker, but he has refused to disclose any information as of press time.
As for the slowing down of Aisis during seniors’ enlistment last October, Año said that the class schedule modules, which are stored in the servers, already reached a threshold that exposed inefficiencies in the scripts that retrieve information from the database.
Department of Information Systems and Computer Science Instructor Ariel Maguyon, PhD suspects that though the lag can be attributed to many variables, the way the database is accessed through queries plays a huge role in the efficiency of a system.
“There’s such a thing as [a query that is] syntactically correct but semantically wrong. It is doing what it’s supposed to do, but not doing it well,” he explained.
ITRMO was able to address the problem through revising the query statements enabling the enlistment to continue on October 23, 2013.
Security assessment
The hacking incident brought into question not only the security measures provided for Aisis Online but also for the Aisis system.
According to Gregorio, aside from using firewalls, they are also currently paying for a Secure Sockets Layer (SSL) service for Aisis.
This service gives Aisis a certain security level by encrypting the data as it moves from the server to the target computers. This is not being done for Aisis Online, however.
According to Vice President for the Loyola Schools John Paul Vergara, PhD, they do not pay for Aisis Online’s SSL because it contains only announcements and holds no confidential data, unlike Aisis.
“It’s not always a matter of spending. It’s a matter of prioritization,” he said.
According to Gregorio, the server that hosts Aisis Online runs on a Windows OS while all other servers use Unix. Department of Information Systems and Computer Science Instructor Maguyon said Unix is better in terms of security.
“Unix is known for its security as an operating system… Windows is dominant when it comes to end user operating system, but when it comes to servers, Unix is considered to be more robust,” Maguyong added.
However, Vergara assures the community that “as far as records are concerned, we have that covered” through hardcopies and backups of information stored in the servers.
Optimizing the system
With the constant changes in the field of information technology, Vergara said they cannot guarantee that Aisis will no longer encounter problems, but he affirmed that the offices concerned will make the necessary improvements.
Vergara said that in order to anticipate any unfortunate circumstance, ITRMO and OMIS will continue to do stress tests and always check on the system.
“The best defense for [future Aisis problems] is to be able to anticipate [them] through testing [and] through optimization.”
Año said that are currently gathering statistics with regard to usage of Aisis and Aisis Online. He said they would also review the code and script of the different systems. He said that since Aisis Online is already an old system, it has its vulnerabilities and is need of upgrading.
Maguyon also suggested that in terms of optimization, hiring a consultant or an expert could be valuable in order to know which data should be indexed or which queries to be revised.
He added that if the there are Ateneans who are skilled for such a job, the concerned offices will tap them.
