IT.UA - home page

Меню
IT-Enterprise ERP system Open development platform Technology Industry 4.0 Versions
Force BPM
Sales
R&D
Production
Expenses and controlling
Repairs and maintenance
Procurements and logistics
Finances
Accounting
Personnel
Document flow and BPM
Project management
RETAIL
Instrumentation, electrical industry
Logistics and transportation
Production of DGO and FMCG
Agrarian and food industry
IT, communications and media
Metallurgy and mining industry
Chemistry and pharmaceuticals
Development, engineering and construction
Financial and service companies
State and communal organisations
Cable and wire, metal production
Aerospace industry
Mechanical engineering
Extraction of oil, gas and hydrocarbons
Traditional and renewable energy
  1. Architecture
  2. Hacking protection
Aside section
Back to list

Hacking protection

IT-Enterprise data is of the highest value for companies using the system. Therefore, the issue of safe handling of information - one of the most important tasks in the IT-Enterprise system.

File Resource Protection

The network file system of the IT-Enterprise system is located on the local computer network. When placed in a local computer network resource access rights need to be divided into user groups:

  • Simple user - no need for access;
  • Programmer (work in the mode of the local application server) - read-only access. If necessary, some folders have full access.
  • Administrator - "full access" mode

Full access is required only for administrative tasks and only in the "local application server" mode. Application server for remote users should be configured to read-only mode to the server-side IT-Enterprise file.

If the company does not use the Active Directory service, then client desktops need to set the local security policy "Network Access: Sharing and Security For Local Accounts" to "Normal". By default, the stand-alone computers are configured under the "Guest" model, and on the computers included in the domain, "Normal". This security setting determines how authentication is performed when logging in to a network using local accounts. If this option is set to "Normal," then these credentials are used when authenticating to the network account with the local account credentials. If this option is "Guest", network logon operations with the local account credentials are automatically matched to the guest account. When using the guest model, there are no differences between users. All users are authenticated with the guest account and are given the same level of access to this Read Only or Changed property.

Security at DBMS level

To obtain certain data or make changes to the database, the user must have the appropriate authority. This authority is assigned to him by the administrator of the IT-Enterprise system. Only after registration in the system IT-Enterprise user gets access to the database server.

The Application Server service runs on the application server computer under a specific account. Each account has certain rights to read and write files in certain directories.

The administrator must configure the account privileges so that the account has read access permissions to the directory with the local IT-Enterprise file share, but does not have permissions to access other directories with any other data.

Secure client connection

When using Safe Mode, you should consider the features of the windows-authentication setting for users who work with IT-Enterprise remotely (not from the internal network of the enterprise). You can give these users the opportunity to log in to IT-Enterprise without the need to enter a login and password, performing a series of administrative actions.

IT-Enterprise users have the ability to enter and save their credentials at the workstation, and subsequently, log in without entering a login and password. This feature is extremely simple and understandable for users and does not require any additional configuration of the system. Saving credentials can be used regardless of the availability of a domain, secure connection, etc.

Security of IT-Enterprise cloud service

One of the options for using IT-Enterprise is to host a server component in "cloud resources."

The use of cloud services provides the following benefits:

  • high availability of the system with a given SLA;
  • significant reduction of investments, clarity, and predictability of payments;
  • security enhancement - backup, provision of only authorized access, protection from "third-party eyes and ears" (including competitors and regulators): catastrophic data; lower maintenance and upgrade costs, and a higher level of support; as a consequence - the speed of the implementation of decisions and the impact on them.

While working with any cloud services the customer is concerned about the security of his data. In general, the security system of any cloud service is based on several components, namely:

  • Software security system based on which cloud service is deployed - security system "IT-Enterprise in the cloud"
  • Placement and maintenance organization of cloud service by the provider
  • Organization of the security system of the data center, which hosts the cloud service

Consider each component in more detail.

The "IT-Enterprise in the cloud" service is based on the full-featured IT-Enterprise system. Therefore, the service has all the security features of the classic IT-Enterprise system.

Like the classic IT-Enterprise system, the cloud service is based on a three-tier architecture. In this case, the Customer has full access only to the level of the client application. The database server and application servers are deployed in a secure high-performance execution environment in a remote data center.

  •
    previous
  • next
Get in touch

Receive
our business proposal
Receive
our business proposal
Fill the form