4Matrix Infinity Security: Access & Security Overview
4Matrix Infinity offers a versatile application setup, ideal for both intranet and public web deployment, tailored to a school's data access needs.
As an extension to the 4Matrix Desktop, which is housed on the school's server, Infinity can function as an internal network application or as an internet-based platform.
Both applications interface with a singular database, offering users a cohesive experience while maintaining the database on the school's local network.
With over 15 specialised data analysis tools, including seating plan visualisation, Infinity integrates seamlessly with Azure AD for user authentication.
This article outlines the methods for accessing Infinity and provides an overview of the security measures in place.
1. Via the school's domain: Access Infinity through the custom URL Infinity.<school_domain>.com.
For enhanced security, we advocate using a reverse proxy to disguise the server's IP address, allowing requests to be rerouted appropriately along with rules in firewall or web filtering software to allow certain hostnames, ports, transport protocols etc.
2. Via a chosen subdomain:
Utilise <school_chosen_sub-domain>.4matrixinfinity.com, secured with Cloudflare's services, acting as both a Web Application Firewall (WAF) and a Content Delivery Network (CDN).
This method ensures requests are vetted through an extensive set of rules, including the OWASP standards and Cloudflare's own protective measures against bots and DDoS attacks.
Only verified requests will reach the school's server which will then be forwarded to the internal server.
To further fortify your network, consider restricting the server’s port forwarding to only accept connections from Cloudflare's IP range.
This adds an additional layer of security, ensuring that only legitimate traffic can access the Infinity application.
Article revised: 02/11/2023