PSI Secure Browser

From Opendium Documentation
Revision as of 11:08, 29 July 2024 by Chris (talk | contribs) (→‎Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Status

We cannot guarantee that PSI Secure Browser will work through an Opendium system. When a school reports problems using this software, we are usually able to work with them to adjust their configuration to allow it to work, but in our experience it is very likely to stop working again in the future.

Configuration

Exams this year for the Psi Browser seem to need the following uri's in the Disable HTTPS Decryption override:

psiexams.com

ably.io

ably-realtime.com

You will also need to set the Twilio Video rule bundle to allow on the Egress tab under the Firewall for the users/subnets that are wanting to use the psi browser.


Client configuration to consider: The user must be able to run the psi browser as administrator and be able to have access to a webcam and microphone.

Detail

PSI Secure Browser is a piece of software used by exam boards such as ABRSM, to provide exams to students. Unfortunately, schools are provided with very little information regarding firewalling and filtering changes that they need to make to allow PSI Secure Browser to work on their networks.

Although there is a whitelist available, this is not comprehensive and PSI Secure Browser appears to require access to a number of other hosts which are not listed on that website. The whitelist also recommends whitelisting all content which is hosted through Amazon AWS. As Amazon AWS hosts an enormous amount of content for all manner of organisations, including content which is unsafe, we believe that a school would be negligent were they to follow these recommendations.

Whilst a network test service is available, this does not appear to comprehensively test all of the requirements for the exams, and we therefore have numerous cases of schools believing that everything is set up to work and then only discovering that it doesn't work when the exam starts. There does not seem to be a way to comprehensively test that PSI Secure Browser will work for an exam until the exam is actually in progress.

We have also identified bugs in PSI Secure Browser which result in it being left in a broken non-functional state if challenged for authentication by the proxy.

Without comprehensive information regarding PSI Secure Browser's technical requirements, we have to reverse engineer it by examining its network traffic in order to create a configuration which will work. Unfortunately, we have seen that its technical requirements frequently change, and therefore a configuration which works now will likely not work in the future.

In order to produce a stable configuration that would allow this software to work, we would require a more comprehensive list of its technical requirements. However, our attempts to open a dialogue with PSI and to report the bugs in their software have been completely ignored.

Whilst we recognise that schools have little choice but to use whatever software the exam boards dictate, we feel that schools should be feeding back these problems to the exam boards so that they can put pressure on the software vendors to behave responsibly.

Vendor Contact Log

The following log summarises discussions with PSI regarding the problems listed above.