slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
SITS:Vision Annual Conference PowerPoint Presentation
Download Presentation
SITS:Vision Annual Conference

Loading in 2 Seconds...

play fullscreen
1 / 13

SITS:Vision Annual Conference - PowerPoint PPT Presentation

  • Uploaded on

SITS:Vision Annual Conference. @ the Hilton Deansgate Hotel, Manchester. Security and Hosting 12-13 July 2011. Mike Fisher – Technical Services Team Leader. Introduction. We have undertaken a review of all our software with specific reference to security As a result we have:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'SITS:Vision Annual Conference' - vaughn

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

SITS:VisionAnnual Conference

@ the Hilton Deansgate Hotel, Manchester

Security and Hosting

12-13 July 2011

Mike Fisher – Technical Services Team Leader



  • We have undertaken a review of all our software with specific reference to security
  • As a result we have:
    • Made changes to the applications to enhance security
    • published security recommendations for all Maytas and eTrack configurations, some of these are things we have always setup as standard
    • Made general infrastructure recommendations around the applications and associated servers

Security Recommendations

  • We have published a document (sent with each release) outlining our recommendations for:
    • Database Servers
    • Maytas 3
    • Maytas 5
    • eTrack Online
    • eTrack Offline
    • Web and Application Servers
    • General Network Setup

Database Server

  • The Maytas 3 user account
    • Configured with a default password
    • Can be changed to conform with local IT policies on passwords
    • Each application must be told of the password change
  • Database Server location
    • Should sit secured within a LAN
    • Must not public face
  • Database Encryption
    • Certain contracts specify that databases must be encrypted
    • Tribal practice database disk level encryption

Maytas 3

  • Application directory security
    • Can be locked down to stop users accessing the application files
    • Some permissions are required and are documented
    • Extra important when Maytas 3 is run over a terminal server
  • Maytas 3 User Editor
    • Ensure permissions set are as required
    • The ‘stever’ account…
  • Password Policies

Maytas 5

  • M5 Data Services
    • When using a file store switch the user to a domain account with appropriate permissions
  • Services Access Groups
    • Restricts who can run a ‘First Time Setup’ against the service
  • Client Machine Encryption
    • To encrypt any data local to the machine
  • Password Policies

eTrack General

  • The eTrack evidence file store
    • Location and user access
  • web.config encryption
  • System Configurations
    • Blocked File Types
    • Account Lockouts
    • SSL Server Settings


  • eTrack Online
    • The IIS user
    • Application Directory Security
    • Configurable Session Timeouts
    • Password Policies
  • eTrack Offline
    • Local Data and Evidence files
    • Laptop encryption
    • Password Policies

General (Applicable to All)

  • Password Policies can be set in the database which then apply to all user accounts
  • Password expiration times
  • Options for
    • Password length
    • # of CAPITAL letters
    • # of lowercase letters
    • # of numeric
    • # of Special Characters (!@#$%^&*()_+|~-=\`{}[]:";'<>?,./)

Tribal Data Policies

When transmitting data to Tribal:

The local Tribal office will inform customers of a Tribal FTP site to which they can electronically submit data. A username and password will be issued to each customer as required. It is the responsibility of the customer to install and manage the necessary software to transmit and receive data to Tribal.

Files sent to Tribal must be encrypted to at least the FIPS140-2 standard. This standard is not met by Winzip or 7-Zip; two widely used commercial compression/encryption packages. Tribal use an encryption product, SecureZip**

for the secure encryption of files, which meets the FIPS140-2 standard when

used correctly.



  • As part of our hosted service we manage all application upgrades as standard
  • The environment and our hosting team conform to ISO27001 standards on security
  • We can supply a hosted service from 1 user upwards hosting any combination of M3, M5 and eTrack
  • We build dedicated farms for larger setups
  • Currently we run:
    • The MAYTAS shared service for smaller customers (< 20 users)
    • 10 designated farms for larger organisations
    • A separate DWP security cleared farm
    • Currently our largest environment has upwards of 2500 users

SITS:VisionAnnual Conference

@ the Hilton Deansgate Hotel, Manchester