Security Policy
The Security Policy form is used to configure security settings for Account Lockout, Audit and Password Policy. Default settings on this form are TranSentry PCI Security Standards.
The Security Settings area is used to filter out policy group that are displayed in the Policy area. Example, if you click on Password Policy, then security policy related to Password will be shown in the Policy area.
The Policy area is used to display security policy selected in the Security Settings area. The Security Setting fields right next to the Policy is where you can configure its security settings. Use or click the ellipse button next to the policy to open another form where you can set the policy settings/properties. Policy settings or properties depends on the type of policy. It can be Enabled or disabled, in minutes, in days, number of characters and so on. There are requirements in this section that Administrator users should setup, although VisionCore has put default settings, it is recommended that it must be checked and set to at least the default settings or better. These are all required when TranSentry Integration option is enabled in the Company Preference form. There are also validation messages that will prompt as you configure the policy settings to make sure that you are guided properly.
Account Lockout Policy
Each policy under this group are discussed below.
Account lockout duration
The Account Lockout Duration security setting determines the number of minutes before the system will free the lock on locked user account. The value must be a positive number from 0 to 1440 minutes. The zero value will disable this policy.
This policy enables administrator to enhance security by ensuring the system will provide an interval time before a locked account can login back to the system. This will also prevent continues and repeated attempts to login and crack an account.
Note that when TranSentry Integration is enabled, you are not allowed to go lower than 30 minutes. The minimum time you can setup for Account Lockout Duration is 30 minutes.
Account lockout threshold
The Account lockout threshold security setting determines the number of repeated access attempts before the system will lock out a user account. The value must be a positive number from 0 to 6. The zero value will disable this policy.
This policy enables administrators to enhance security by locking out a user id after a number of repeated denied login attempts. This will also prevent continuous and repeated attempts to login and crack an account.
Note that when TranSentry Integration is enabled, you are not allowed to go more than 6 attempts. The maximum threshold attempts for Account Lockout is enabled is 6 attempts.
Require login if user account is idle
The Require login if user account is idle security setting determines the number of idle minutes before a user is automatically denied access into the system. The value must be a positive number from 0 to 1440. The zero value will disable this policy.
This policy enables administrators to enhance security by denying access to the system after being idle for a period of time. A user has to login to regain access into the system.
Note that when TranSentry Integration is enabled, you are not allowed to go more than 15 minutes. The maximum time a user can be idle before the system requires a login is 15 minutes.
For illustrations on how these security settings work, see User Management Security for Administrator Users.
Audit Policy
Each policy under this group are discussed below.
Log access to preferences
The Log access to preferences security setting determines if the system will log all attempts to access the preferences screens.
This policy enables the administrator to enhance the security by ensuring all access to preferences screens are logged.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log adding new users
The Log adding new users security setting determines if the system will log every new user created. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all user accounts created are logged.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log all login attempts
The Log all login attempts security setting determines if the system will log all login attempts for all users. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all failed and successful login attempts are logged. It will help the administrator to monitor login activity into the system.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log changes to preferences
The Log changes to preferences security setting determines if the system will log any modification made by a user in the preferences forms. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring changes to the preferences forms are logged.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log deleting users
The Log deleting users security setting determines if the system will log once an existing user is deleted. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all user accounts deleted are logged.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log password attempts for administrator access
The Log password attempts for administrator access setting determines if the system will log all login attempts to the administrative area of the system. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all failed and successful login attempts to the administrative forms are logged. It will help the administrator to monitor login activity into the system.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log password change
The Log password change security setting determines if the system will log all password change for all users. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all failed and successful password changes are logged. It will help the administrator to monitor the activity of password changes.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log password reset
The Log password reset security setting determines if the system will log an account password reset was performed. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all password reset are logged.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log user lockout
The Log user lockout security setting determines if the system will log if a user account has been locket out. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all user account lock out are logged. It will help the administrator track any malicious attempts to gain access into the system.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log user lockout reset
The Log user lockout reset security setting determines if the system will log if an account lock out reset was performed. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all user account lock out reset are logged
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Log user security modifications
The Log user security modifications security setting determines if the system will log any modification made to an existing user account. The value must be Enabled or Disabled.
This policy enables the administrator to enhance the security by ensuring all user accounts modification are logged.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
For illustrations on how these security settings work, see Log Events.
Password Policy
Each policy under this group are discussed below.
Enforce password history
The Enforce password history security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. The zero value will disable this policy.
This policy enables administrators to enhance security by ensuring that old passwords are not reused continually.
Note that when TranSentry Integration is enabled, you are not allowed to go lower than four. The system must be able to recall the last four or more passwords.
Maximum password age
The Maximum password age security setting determines the number of days a user is required to provide a new password. The value must be a positive whole number from 0 to 365. The zero value will disable this policy.
Note that when TranSentry Integration is enabled, you are not allowed to go more than 90 days. The maximum days for the Password Age is 90 days.
Minimum password length
The Minimum password length security setting determines the minimum number of characters that can be accepted. The value must be a positive whole number from 0 to 50. The zero value will disable this policy.
This policy enables administrators to enhance security by ensuring all passwords provided by the user are within the minimum of characters limit. Having a higher limit makes it harder to crack passwords.
Note that when TranSentry Integration is enabled, you are not allowed to go less than 7 characters. The minimum requirement for the Password is Length is 7 characters.
Require Password Element - Lowercase (a-z)
The Require Password Element - Lowercase (a-z) security setting determines the availability of lower case characters (a-z) in creating passwords. The value must be Enabled or Disabled.
This policy enables administrators to enhance security by ensuring all passwords provided by the user can either allow or disallow lower case characters. Having this policy enabled makes it hard to crack passwords.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Require Password Element - Numbers (0-9)
The Require Password Element - Numbers (0-9) security setting determines the availability of number case characters (0-9) in creating passwords. The value must be Enabled or Disabled.
This policy enables administrators to enhance security by ensuring all passwords provided by the user can either allow or disallow number characters. Having this policy enabled makes it hard to crack passwords.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Require Password Element - Special Characters
The Require Password Element - Special Characters security setting determines the availability of special characters (e.g. !, #, $, %, ^) in creating passwords. The value must be Enabled or Disabled.
This policy enables administrators to enhance security by ensuring all passwords provided by the user can either allow or disallow special characters. Having this policy enabled makes it hard to crack passwords.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
Require Password Element - Uppercase (A-Z)
The Require Password Element - Uppercase (A-Z) security setting determines the availability of upper case characters (A-Z) in creating passwords. The value must be Enabled or Disabled.
This policy enables administrators to enhance security by ensuring all passwords provided by the user can either allow or disallow upper case characters. Having this policy enabled makes it hard to crack passwords.
Note that when TranSentry Integration is enabled, you are not allowed to disable this option.
For illustrations on how these security settings work, see User Management Security for Administrator Users.