A secure connection is an encrypted exchange of information between the system and your computer using a SSL connection. Encryption is provided through a document the system provides called a certificate. When you send information to the system, it is encrypted at your computer and decrypted when received at the system keeping your data safe during transfer.
It works on exactly the same principle as the Enigma machine during World War II. The German commanders had the instructions on how to set up the machine, they would send a scrambled message that could only be decoded using the Enigma machine, this prevented anybody listening in from reading the message and accessing the data. Encryped connections prevent man in the middle attacks between you and the system.
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user’s credentials and the resources the user can access.
Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person’s device or vireo account, because simply knowing the victim’s password alone is not enough to get past the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data.
Our system allows you to use the following Two Factor authentication methods: Google Authenticator, SMS, Email, U2F Key
When using Two-factor authentication (2FA) you have the option from within the settings menu, to save the device for a period of time. The device is stored in the system to save you repeatedly using Two Factor authentication every time you login. You basically mark the device you are currently using as safe. If at Anytime, you think that a device you previously logged into has become unsafe, you can login to your profile and revoke a device individually.
Alternatively if you are unsure which device is unsafe, or you want to simply lock down and reset Two Factor Authentication for every device, you can do this from within the Profile dropdown menu under:
Profile Menu >> Sign Off Devices.
This then Instantly logs you out of any devices that are currently signed in and forces them to both login and Two Factor Authenticate.
If left unattended, after 12 minutes, the system will alert the user that the ‘Session is about to Expire’ and ask them if they wish to ‘Stay Connected’ or ‘Logout’. If they do not provide input or respond within 5 minutes, the system then automatically logs the user out.
This prevents unattended devices from causing a data breach.
You can set and force the strength of password you require for your Administrators, Employees and Clients. For example if you choose to force a strong password and the user types in a weak password, the system will alert the user and gives them a visual representation of the password strength as they type. The password strength algorithm takes into account common password errors such as number sequences and easy to guess words to create the score. This allows you to ensure your data is protected to the level that you choose.
If you are dealing with High Profile clients, you may want to have ‘Very Strong’ passwords, if you are not dealing in High Profile information, you may reduce the password strength a little for usability. You will want to strike a balance between data protection and ease of use for your users, but the choice is yours.
When a user attempts to login and is unsuccessful ten times in a row, their IP address is automatically banned. This is to prevent brute force password attacks. This slows down and can completely stop attackers. The recommended lockout threshold, number of times a legitimate person would forget their password, is ten attempts. If they are a legitimate user and become banned, they can easily contact the management or administrator for their IP address to be removed from the ban list.
The IP address bans are not account specific, meaning that the user doesn’t need to be trying to login to an actual account to be banned. They simply need to type in and submit incorrect information. If the submission is incorrect, it counts as an incorrect login attempt. Each attempt is stored in the system and if they are eventually banned, you can review each credential attempt that the IP address tried. This allows you to determine if the login was a genuine login attempt or a potential attack.
Each System we provide for our customers is Self contained, each system has its own database, file system, email server and storage. We store each system onto a Segregated VPS (Virtual Private Server) meaning your system is in no way tied to any of our other customers.
One of the benefits of this is: If another customer is careless with their passwords and their root security is breached, the attacker can not pivot and attack another customer linked on the same network of servers. Segmentation or “zoning” can provide effective controls to completely limit further movement across the network.
A shared platform using a single shared database runs the risk of accidentally displaying your critical business information to rival companies, we ensure that this will never happen. We prevent Data Bleeding from errors in coding never happens by using Network and System Segregation.
Another benefit is Performance as other customers with high data usage, do not infringe on and slow down your copy of the software, like with shared platforms.
We built the software to be self contained from the outset, no matter how many customers purchase our software, we can infinately scale, worldwide with no reduction in performance for each customer, you are guaranteed performance !
We have built the software from the ground up, all of our coding is hand written. We don’t rely on third part frameworks or code. Our codebase is protected and is proprietary code so we dont release it to the general public.
The benefits are that we dont need to depend on third party developers to fix security issues with their frameworks. Keeping our codebase out of the public domain stops attackers from analyzing it to find security holes and handing them possible access on a silver platter.
For other third party open-source frameworks, a hacker can simply monitor releases, and look at differences, to see what code was patched and then exploit the vulnerability in unpatched versions. To prevent that, we do not release our software security patch information into the public domain.