Captools/net Documentation

Internet Security

Internet Security

Previous topic Next topic  

Internet Security

Previous topic Next topic  

Captools/net is not inherently more or less secure than any program which runs on a Microsoft Windows operating system.  If an unauthorized user is allowed to gain either physical or remote access to the computer on which the Captools/net software or Captools/net database is running, then they can gain access to the Captools/net data.  Accordingly, you need to take steps, outlined below to ensure data security.


Physical Security - Physical access by unauthorized users must be implemented through physical security, i.e. locked building, rooms and computer cabinets.  MS-Windows Log-ons for the server computer(s) should also be non-obvious and made available only to authorized users, with the System Administrator(s) always logging out of Windows when they are not physically present.


Biometric computer log-on devices (e.g. fingerprint readers) are available that can help minimize the concern that log-on passwords might get into unauthorized hands.  See your computer technologist for recommendations on such devices.


Remote Access Security - Captools/net server applications need access to the internet to perform functions such as quote downloads.  Also, it may be desired to let authorized users access Captools/net from remote locations.  Hence, Captools/net users need to take steps to ensure security against unauthorized remote access.  Recommended precautions are as follows:


1) The computer(s) running Captools/net server applications and database should be located on the local area network (LAN) side of your network's broadband modem.  Non-cable modems usually provide some protection from hackers by periodically changing IP addresses.


2) A software or hardware firewall should be used to control outside access to your network.  This is particularly important for users of cable modems or users who have a fixed IP address.  The firewall needs to be configured to prevent non-authorized access and to allow outward access only by authorized programs to prevent malicious "spy ware" software (see #6 below) from sending data out.  If necessary, consult your computer technologist on how to set up a firewall.


3) Use non-obvious, non-default log-in ID's and passwords for your server computers.  Also, avoid permanent "sharing" any server computer folders without using folder password protection.  This is critical, because any person who can remotely log on to your server computer, particularly as system administrator will have access to all the programs and data on that computer.  Because the Captools/net data is stored in an SQL database, an unauthorized user could access the database directly using SQL tools, without actually running Captools/net.  Nevertheless, you should assign non-obvious log-in ID's and passwords for Captools/net users.


4) If you want to make Captools/net accessible to remote users, i.e. to users operating outside your local area network, you can implement a "Virtual Private Network" (VPN) using hardware and/or software.  This ensures that Captools/net data is encrypted as it traverses the internet from your server to the end user and back again.  Consult your computer technologist for advice on installation of a VPN.


5) If you want to make Captools/net reports accessible to end clients via the internet, a VPN cannot be used because such users will not have the necessary software or hardware to support their end of the communications.  Instead, your Captools/net server, which runs Microsoft's' Internet Information Server web-server software, needs have a web site certificate installed, which can be obtained from Verisign.  With the site certificate installed, Captools/net will be serve up reports to clients using the secure "https" protocol following user log-in with the appropriate user ID and password.  The https protocol can also be used to provide secure access to in-house users operating remotely.


6) One way that hackers gain remote access to otherwise protected systems is to get the user of those systems to unwittingly install and run software which can scoop up data and passwords and send them back to the hacker.  Periodically run virus scanning software and "spy-ware" detection software to protect against these threats.  Also, since most such malicious programs come via e-mail or via web browser operation, the risk of these can be minimized by avoiding using the server computer to perform e-mail and web-browsing tasks.  Avoidance of folder sharing on the server will prevent picking up such hacker software from other computers on your local area network which necessarily perform e-mail and browsing functions.


7) Any employees of your firm who access Captools/net from a remote location should preferably do so from computers that remain within their own physical control and which have an adequately secure MS-Windows log-in id and password.  Loss of physical control of any such computers (i.e. due to theft) should be immediately reported to the system administrator so that any applicable Captools/net log-in passwords can be changed.