Our teachers/staff would like to know if it is possible to access their classwize from an outside network.
We had quite a discussion about this possibility today. Technically it is possible, but there are some security concerns about it. The authentication for Classwize is based on who is logged in on the network device and this is based 60% of the time on the Active Directory account.
When you visit my.linewize.net the appliance identifies this request then redirects the user to mylinewize.linewize.net and signs the request with some details and a secure hash. If we were to open access up outside the network one of two things would have to happen. Either users would login with specific linewize cloud accounts or we would have to expose your LDAP server to the public domain.
Having linewize cloud accounts for all teachers would be problematic as the relationship between students and teachers would then have to be managed inside linewize rather than in kamar or google and just sucked into Linewize via group relationships.
Exposing the LDAP server and getting users to authenticate it is a big security risk and not something I am comfortable with. It would open up the possibilities for the following.
- Brute force attacks on your internal administrator or service attacks.
- Information in Classwize is quite sensitive and if teachers have insecure passwords (which is very common) this is a big security risk.
With the current approach we can guarantee that users accessing the system are at a minimum on the same network which makes it very secure.
I am open to thoughts on this but from my eyes I believe Classwize is a tool that is designed to be used in the classroom.
Just VPN in to your school network first… problem solved!
Not that I need this facility but most schools have free azure with office365 so there AD is already cloud synced and that has the ability to do SSO for apps and services so you could leverage that.
Theres some talk that office365 will be SSO with AD in the next version of Windows 10