Archive for the ‘Education’ category

Security security security

September 26th, 2017

You never know when some item that queries or alters data in SQL Server will cause issues.

Bruce Schneier recently commented on FaceID and Bluetooth security, the latter of which has a vulnerability issue. I was amazed to see his piece on infrared camera hacking. A POC on using light to jump air gaps is truly frightening. It seems that truly anywhere that we are processing data, we need to be thinking (see https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/)

Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. With BlueBorne, attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities

Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.

Fully patched Windows and iOS systems are protected

– the Equifax breach for example must worry everyone who has ever had credit in the USA. (Hackers broke into Equifax’s computer systems in March, which is two months earlier than the company had previously disclosed, according to a Wall Street Journal report.)

The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted on the SEC’s website, Chairman Jay Clayton said a review of the agency’s cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system (which processes over 1.7 million electronic filings in any given year.) The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information.

So let me suggest take a good look at your systems and be honest – do you feel safe?

Microsoft has released Microsoft 365, a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. Watch Satya introduce it.

What about your websites?
Although acts of vandalism such as defacing corporate websites are still commonplace, hackers prefer to gain access to the sensitive data residing on the database server and then to sell the data.

The costs of not giving due attention to your web security are extensive and apart form direct financial burden and inconvenience also risks:
• Loss of customer confidence, trust and reputation with the consequent harm to brand equity
• Negative impact on revenues and profits arising e.g. from falsified transactions, or from
employee downtime
• Website downtime – is in effect the closure of one of the most important sales and marketing channels
especially for an e-business
• Legal battles and related implications from Web application attacks and poor security
measures including fines and damages to be paid to victims.

Web Security Weaknesses
Hackers will attempt to gain access to your database server through any way they can e.g. out of date protocols on a router. Two main targets are :
• Web and database servers.
• Web applications.

Information about such exploits are readily available on the Internet, and many have been reported on this blog previously.

Web Security Scanning
So no surprise that Web security should contain two important components: web and database server security, and web application security.

Addressing web application security is as critical as addressing server security.

Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web
attacks.
Since your website needs to be public, security mechanisms allow public web traffic to
communicate with your web and databases servers (i.e. over port 80).

It is of paramount importance to scan the security of these web assets on the network for possible vulnerabilities. For example, modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be
accessed through specific ports and so anyone can attempt direct connections to the databases to try and bypass the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.

Other weaknesses relate to the database application itself and the use of weak or default passwords by
administrators. Vendors patch their products regularly, and equally regularly find new ways of
attack.

75% of cyber attacks target weaknesses within web applications rather than directly at the
servers. Hackers launch web application attacks on port 80 . Web applications are more open to uncovered vulnerabilities since these are generally custom-built and therefore pass through a lesser degree of
testing than off-the-shelf software.

Some hackers, for example, maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites. This technique is called Cross-Site Scripting (XSS) and may
be used even though the web and database servers contain no vulnerability themselves.

Hence, any web security audit must answer the questions “which elements of our network
infrastructure are open to hack attacks?”,
“which parts of a website are open to hack attacks?”, and “what data can we throw at an application to cause it to perform something it shouldn’t do?”

Ask us about Acunetix and Web Security
Acunetix ensures web site security by automatically checking for SQL Injection, Cross Site Scripting,
and other vulnerabilities. It checks password strength on authentication pages and automatically
audits shopping carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where vulnerabilities exist

3 new Microsoft tools to help you to move to the cloud.

April 18th, 2017

Here’s a breakdown of the three new Microsoft tools to help you move to the cloud faster and what they can offer businesses.

1. Free cloud migration assessment

This assessment will help customers to more easily find and to better understand their current server setups, to help them to determine the cost and the value of moving to the cloud. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Data center administrators can export the results of the assessment into a customized report. The report could provide some valuable data and statistics for a CIO conversation with the CFO.

2. Azure Hybrid Use Benefit

This tool should save users money on their cloud deployments. Customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal,It is available on Windows Server virtual machines in Azure, to all customers. “Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure. By using your existing licenses, you pay the base compute rate and save up to 40 percent.” the tool’s web page said,

3. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself, This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more

Dubai-cross safely campaign

June 19th, 2016

Dubai Police are launching a new campaign – Cross Safely – which will run for three months to educate pedestrians, particularly labourers.

In case you are wondering, the fine for unlawfully crossing a road is Dhs200 and 65000 people were fined last year and more sobering 46 were killed by crossing at non designated spots. That’s almost one a week.

To help remember the rules on how to cross the road safely, check out this old video played at schools:

GESS Exhibition ( Global Educational Supplies & Solutions ) 2016

March 2nd, 2016

Gulf Educational Supplies and Solutions (GESS) opened yesterday and is being held under the patronage of his Highness Sheikh Mohammed Bin Rashid Al Maktoum, Vice President of the UAE, Prime Minister and Ruler of Dubai, in partnership with the Ministry of Education, GESS and Global Education Forum (GEF). In its 9th edition, GESS provides the ideal platform for education professional worldwide to meet, find new products and services, and discuss a range of topics about education and its future.

H.E. Hussain Ibrahim Al Hammadi, Minister of UAE Ministry of Education, UAE and Synergy Software Systems Account Manager Sudhakar Raman at yesterday’s exhibition in Dubai. The event continues today and tomorrow.

H.E. Hussain Ibrahim Al Hammadi was appointed Minister of Education in 2014 by His Highness Sheikh Mohammad Bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai. He is also CEO of the Emirates Advanced Investments Group of companies.

Synergy Software Systems is a Microsoft President’s Club member and implements solutions for the Education sector, such as: specialised Admissions and Billing in Dynamics Ax, library system, classroom scheduling, as well as traditional enterprise solutions for finance, HR, payroll, CRM , T@A and the Office 365 suite of applications.

Filehold – ask Synergy Software Systems about document management for the U.A.E.

November 30th, 2015


Courier documents


Mobile document management

http://www.businessnewsdaily.com/8031-best-windows-document-management-software.html

“We recommend FileHold as the best document management system for businesses using Windows. We chose FileHold from dozens of document management system options.
Why FileHold?
Ease of use
FileHold is a self-hosted document management system for businesses using Windows computers. It has the same look and feel of programs you’re already accustomed to using, and the interface is designed specifically with Windows Explorer in mind. The filing structure incorporates the same cabinet, drawer, folder and subfolder approach that Windows uses. So, once the software is installed, employees should have no trouble grasping how to use and navigate it.
We like FileHold’s clean interface. It isn’t cluttered with icons or images. All you see when logging in is the file library running down the left-hand side of the page and a search bar along the top. The majority of the page remains blank until you start filing, searching for or opening documents. This approach keeps you on the same page the entire time you’re using the system. Many of the other systems we examined force you to toggle back and forth between pages depending on the task you’re working on.
The FileHold library structure is designed with Windows Explorer in mind.
Adding to the system’s ease of use are the MyFileHold folders, which are placed on top of the general library of cabinets and drawers on the left-hand side of the page. The MyFileHold section features separate folders for employees’ “favorite” documents, their checked-out documents, any alerts or reminders they have, the files they recently accessed and the files they recently added to the system. This provides a quick snapshot of the documents currently being worked on and the files that need immediate attention.
Each employee can customize various portions of the system with their personal preferences. This option isn’t offered by all of the document management systems we examined. When looking at specific documents, employees can choose the tools they want to be quickly accessible. Quick links can be added for a variety of tasks, such as adding files, linking documents together and checking out files. Additionally, you can choose the metadata attributes — like document type, version, number of linked files and the author — that are shown alongside the file’s name.
Filing documents within the software is simple and can be done in many ways. You can drag and drop files already on your computer or network, as well as scan documents directly into the system. The Microsoft Office integration also allows you to add documents you are working on in Microsoft Word, Excel, Outlook or PowerPoint with just a click of a button.

Congratulations to Sam Tech

November 18th, 2015

As a Dubai based company since 1991 we have formed relationships over the years with other local IT solution providers. We have always enjoyed good working relationships with SamTech. Therefore, it gives me great pleasure to congratulate them on making it into the Dubai SME top 100 ranking.

On Sunday 15th Samir I. Abdul Hadi Founder & CEO of Sam Tech was honoured by Sheikh Ahmad Bin Mohammed Bin Rashid Al Maktoum, Chairman of the Mohammad Bin Rashid Foundation and President of the UAE National Olympic Committee, as SamTech made it into the Dubai SME100 ranking in its third cycle. It’s quite an achievement to be ranked as one of the top 100 SMEs in Dubai out of the 4,500 nominations for the year 2015.This time, they made it to the TOP 10.

Meet Synergy Software Systems at the Dynamics Summit in the Middle East 5 May 2014 in DUbai

April 16th, 2014

Join us at the first Dynamic Summit in the Middle East at JW Marriott Marquis Hotel, Dubai.

Visit us at the Synergy Software Systems stand.

See demonstrations of:
Ax2012 R3
BI4 Dynamics
Management Reporter
Business Analyzer
Mobile Apps
Prophix
Lasernet

Ask about our solutions for Payroll, Education, Mining

Mimosa school timetable software – version 6

July 21st, 2013

Mimosa version 6.0 – We are pleased to announce a new update to Mimosa.

This major upgrade to the application and help files changes the terms used in Mimosa. This makes it easier to understand for new users and for those wishing to use it in non-academic environments.

Courses become Events to reflect the fact that you may also be scheduling: exams, meetings, trips, free periods, self-study periods, rehearsals, presentations, etc. and not just courses.The new names and renewed Tutorial are planned to improve the understanding the use and scope of Mimosa

More descriptive names are also used for the other key concepts in Mimosa -
Components becomes Resources,
-MAX becomes PLANNED,
- SUM becomes ALLOCATED
- DONE becomes SCHEDULED.

However, the underlying process remains the same so, if you have already mastered Mimosa, you can continue to create your timetables with confidence. .

In addition to the changed terminology there numerous usability improvements and fixes to some minor bugs to make this the best Mimosa release ever!

Mimosa has a new web add-on, Mimosa Web, that that allows students to create their own custom timetables online from the courses you schedule with Mimosa?

You no longer need to publish separate HTML files for each timetable. Just upload one file and have your students create their own personal schedule!