Cloud Security Measures

Server Configuration

LoiLoNote School’s servers are constructed on a virtual private Cloud and are firewall-protected so that they can only be accessed by HTTP (Hypertext Transfer Protocol)/HTTPS (Hypertext Transfer Protocol Secure) and administrative SSH (Secure Shell).
The administrative SSH can only be used with PKA (Public Key Authentication), so it also functions as security against brute force attacks using passwords.

Server Configuration

Communication Path Encryption

Communications from the app and the web-based interface use only HTTPS with encrypted communication paths.
This also functions as security against interception of communication contents by MITM (man in the middle) attacks.

Password Management

However strong server security measures are, if your password is too short or easily guessable it can end up allowing third party access. Passwords should be 6 or more characters long and avoid using easily guessable words such as student ID numbers, etc.

Vulnerability of Web Applications

We are constantly updating security measures in accordance with the “Web Applications Security Implementation Checklist” published by IPA (Information-technology Promotion Agency, Japan).

  • SQL injections
  • OS command injections
  • Unchecked/directory traversal of pathname parameters
  • Session management inadequacies
  • Cross­site scripting
  • CSRF (Cross­Site Request Forgeries)
  • HTTP header injections
  • Mail header injections
  • Access control and authorization control deficiences