Filopto Help Manual

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Configuration Manager Tab > Security Manager > System Security & Maintenance > System Security

Secure your Environment

security

1. Cover the Basics

Protecting your business from unwanted cyber attacks, snoopers and other threats starts with establishing basic computer security measures in your workplace.

LockDoors

Physical security. The first step is to have some basic physical security (minimum US standard are defined by the HIPAA Security rules). Start with a lock door to prevent access to your server. Consider the implementation of a timed screen saver and automatic log out of Filopto that will help keep prying eyes away from sensitive data. Protect your server from power outages or brownouts and possible data corruption with an Uninterruptible Power Supply (UPS) device.

Keep your servers in a safe place. Businesses must make sure that their servers are not vulnerable to physical calamities. Locate these machines in a secure, dry, well-ventilated (cool) room, not in a hallway or under a desk where someone might inadvertently kick or spill coffee on them. Or mischievously tinker can have access to them. Your server room should have no windows and a single door you can lock. Server cases should also be locked to prevent tampering with internal components. Know which employees have keys to the server room. You should also keep a record of the serial numbers of your servers, and mark them with your company information, so they can be identified and recovered if stolen.

Firewall

Set up a firewall. A firewall helps block intruders on the Internet from gaining access to your computers and business data. A hardware firewall (router) is best because it provides protection for all the PC's on your business network. Having a software firewall for additional protection is also a good idea. Windows come standard with a software Firewall to protect your PCs. Make certain it is activate.

If you have an always-on broadband Internet connection, chances are your company's computer network is randomly probed by criminal hackers. Once they stumble on a valid computer address, they try to exploit vulnerabilities in software or decipher passwords to gain access to your network-and ultimately individual machines and everything on them.

Like a moat around a castle, a firewall can block intruders from gaining access to your private network. There are two basic types of firewall:

Hardware firewalls (typically found in a router) block all traffic between the internet and your network that isn't explicitly allowed. For instance, you may want to configure the firewall to accept certain kinds of e-mail and web traffic, but reject all other types. These firewalls can also hide the addresses of the computers behind your firewall, making individual computers on your network invisible to the outside. A firewall may be integrated into the router or Fibre/ DSL/cable modem supplied by your ISP.

Software firewalls, such as the Windows Firewall built into Windows, or from other manufactures such as Bitdefender, Trend Micro, Kaspersky Lab, Norton, McAfee and others. are a basic defence that should be enabled by default. This means that, by default, all the connections-including LAN (wired and wireless), fiber, dial-up and virtual private network (VPN) connections are protected by the Firewall.

Use wireless security features Wireless networks use a radio link instead of cables to connect computers. As a result, anyone within radio range can theoretically listen in or transmit data on the network. Freely available tools allow intruders to "sniff" for insecure networks. While vulnerability increases with a wireless network, computer-savvy crooks have tools to help them break into all types of computer systems. There are security features built into Wi-Fi products, but manufacturers often turn them off by default because it makes the network easier to set up. If you use wireless networking, make sure you turn them on and use the configurable encryption and access control features that will make your network more secure.

Antimalware

Install Anti-Virus, and Anti-Malware software on all computers. Running anti-virus and anti-malware programs on your server is as important as running it on a client PC. Look for programs that not only detects and disables viruses and malware, but that are regularly updated for new viruses and malware. If running an anti-virus/malware software on the server make certain to exclude the "Filopto.fdb" database or severe performance issue will arise. See AntiVirus /Firewall Issues for more details

What is the difference between Anti-virus and Anti-malware?

The word malware just means “bad software” and encompasses anything that runs on your computer with unintended and usually harmful consequences. In contrast, antivirus is an out-of-date term that software makers still use because viruses, Trojan horses, and worms were huge, attention-getting threats in the 1990s and early 2000s. Technically, all viruses are a kind of malware, but not all malware is a virus.

Anti-virus and Anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats.

Viruses were extremely “popular” in the ‘90s, which is when the term “Antivirus” became common, but today viruses are the minority when it comes to malware. There are, however, a few at-large viruses currently evolving and spreading which still make an anti-virus program a requirement. More common than viruses is malware like Trojans, Worms, Backdoors, Exploits, Adware, zero-day or zero-hour malware, drive-by exploits, ransomware and PUP (Potentially Unwanted Programs), which can include communication clients, remote desktops and password revealers, just to name a few.

The focus of online criminals has shifted and therefore malware has changed. Criminals see today’s online society as an opportunity to steal personal data including credit card and banking details, pins and passwords, and information such as home addresses, phone numbers and even the names of family members. Criminals can, for example, write malicious code and distribute it in the form of a trojan. The Trojan can collect personal data which can be sold to crime organizations who can then steal money directly from the victims bank account or steal a person identity for other criminal activities.

In today's world you need a solutions that address both types of activities. Windows desktop software comes with a standard built-in anti-virus/malware solution called "Defender or Microsoft Security Essential" which is the minimum benchmark recommended. Enhancing this basic defense is recommended. We recommend that you choose a reputable MALWARE solution from one of the industry leaders.

Note that no one anti-virus/malware solution is perfect and a layered approach may provide the best protection, such as Windows defender center with a malware product as a second protection layer.

StrongPassword1

Use strong passwords. Passwords should be required to log on to any computer and server in your workplace. Strong passwords have a mix of uppercase and lowercase letters, numbers and symbols. Make sure users are required to change their passwords regularly. See the following web sites which can provide you with secure passwords: http://howsecureismypassword.net/ and http://strongpasswordgenerator.com/

Most small businesses use passwords to authenticate identity - whether on computers or cash registers or alarm systems. Though there are more sophisticated authentication systems, such as smart cards and fingerprint or iris scans, passwords are most common because they are easy to use. But they are also easily misused. Hackers have automated tools that help them come up with simple passwords in minutes. Crooks may also use fraud to get employees to divulge passwords. And too often passwords are not effective for these reasons:

1.	Sensitive documents have not been password-protected, allowing anyone to walk up to an unsecured computer and log on

2.	Passwords are weak

3.	Passwords are written down in plain sight next to a computer

Educating your staff about the importance of passwords is the first step in making passwords a valuable network security tool. Employees should regard their password the same way they would an office key. In other words, don't leave it lying around and don't share it. They should also avoid weak and easy-to-guess passwords that include the following:

1.	Their real name, user name or company name

2.	A common dictionary word that makes them vulnerable to "dictionary attacks" Common passwords, such as "password," "letmein" or "1,2,3,4"

3.	Commonly known letter substitutions, such as replacing "i" with "!" or "s" with "$"

4.	A password that someone knows

What does a "strong" password look like? It should have the following characteristics:

•	Be at least eight characters long; the longer the better currently the recommended length is 15 characters or more

•	Have a combination of lower and upper case letters, numbers and symbols

•	When changed should be significantly different than previous passwords

For more detail information on how to create a secure passwords see the "How to : Create a Secure Password " section of the help file.

BackupFiles

Backup your files. Disasters happen, equipment fail and if you haven't saved your important files and information on a separate off-site storage system, all your critical business application data could be lost. (See System Backup section for more information)

UpdateWindows

Update your software. Hackers like to find and exploit bugs and loopholes in popular software products. Some do it for money, some to make a statement, some simply to cause trouble. And they can cause trouble - exposing customer credit card numbers or personal information on a website or stealing passwords in a computer. The impact on a business can be fatal. Software updates typically include the latest security features. Updates for Microsoft products are available on Microsoft Update and the Microsoft Download Centre. Filopto's updates are available from the Filopto Update web site.

IMPORTANT

Filopto releases updates every month which includes new features, enhancements and bug fixes. Microsoft releases on the second Tuesday of every month updates to their operating system and programs. In addition Microsoft also provide updates from other manufacturers that updates software related to video cards, printers etc... It is important that all updates (recommended and optional) be installed.

2. Regulate Access to Information

Not everyone should have access to everything in your workplace. If your business runs a Windows Server operating system, you can permit and restrict employee access to documents, spreadsheets or other business files. You can also designate in Windows and Filopto whether a user is permitted to just read a file or change it. Here are tips for regulating access.

Practice least privilege. With Windows Server, it is possible to assign users different permission levels. Rather than giving all users "Administrator" access - which is not a best practice for maintaining a secure environment for PC's or servers - you should use your servers to manage client PC's. Windows Servers can be configured to give individual users access to specific programs only, and to define which user privileges are allowed on the server. This ensures users can't make changes in areas that are critical to the server or client PC operation. It also prevents them from installing software that may introduce a virus or otherwise compromise the integrity of your network.

•	Create groups of users and assign permissions and privileges to them rather than individual users. This saves you time administering access rights.

•	Create your user groups based on roles, such as sales representatives. Then assign a set of permissions that are relevant to performing the tasks defined for that role.

•	Set access rights for each role to the minimum levels required for users to do their jobs. For instance, if the sales representative group only needs to be able to read a customer profile, do not also give then access rights to share or delete the file.