pergamonmu:quickstart:security
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
pergamonmu:quickstart:security [2017/09/01 15:12] admin created |
pergamonmu:quickstart:security [2017/09/01 15:23] (current) admin |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| While Esferico provide two standard user account examples ('**user**' and '**pupil**') with each installation in addition to the top level 'admin' account, it is Esferico's **strongest** possible advice that these two accounts are **not** used and that they are either deleted (after suitable replacements are created) or that they have their passwords changed and stored in the organisation (e.g. school) safe. | While Esferico provide two standard user account examples ('**user**' and '**pupil**') with each installation in addition to the top level 'admin' account, it is Esferico's **strongest** possible advice that these two accounts are **not** used and that they are either deleted (after suitable replacements are created) or that they have their passwords changed and stored in the organisation (e.g. school) safe. | ||
| - | It is the normal data security policy that database access is provided through the use of accounts created solely for single individuals so that specific individual authentication can take place as well as non-repudiation (denial of actions undertaken). | + | It is the normal data security policy that database access is provided through the use of [[pergamonmu:users:managing_users|accounts created]] solely for single individuals so that specific individual authentication can take place as well as non-repudiation (denial of actions undertaken). |
| Use of a single account by multiple people, or the use only of an open account, not only allows repudiation of actions but also increases the chances that login information is accidentally revealed to third parties. All users - both staff and assistants - should have their own accounts, and should protect those accounts themselves (current passwords for example, should not even be shared with IT support staff). | Use of a single account by multiple people, or the use only of an open account, not only allows repudiation of actions but also increases the chances that login information is accidentally revealed to third parties. All users - both staff and assistants - should have their own accounts, and should protect those accounts themselves (current passwords for example, should not even be shared with IT support staff). | ||
| Line 21: | Line 21: | ||
| ===== Support involving data investigation ===== | ===== Support involving data investigation ===== | ||
| - | In the rare event that Esferico ltd. are required to investigate a problem with your database off-site, it is strongly advised that a backup copy (in addition to your normal everyday backup) is made of your data and then the readers are obfuscated using the provided manager level tool. | + | In the rare event that Esferico ltd. are required to investigate a problem with your database off-site, it is strongly advised that a backup copy (in addition to your normal everyday backup) is made of your data and then the readers are obfuscated using the provided [[pergamonmu:readers:obfuscate|manager level tool]]. |
| - | This tool will encrypt your reader names using the AES standard and then represent them in Base64. While the reader record is therefore still available and can be investigated, no knowledge of the reader's name is available to the support staff off-site therefore enforcing the data protection security requirement for personal information that individuals can not be specifically identified by the data. | + | This tool will encrypt your reader names and any contact names using the AES standard using both the internal Pergamon security key **and** your specific installation license, then represent them in Base64. While the reader record is therefore still available and can be investigated, no knowledge of the reader's name or contact details are available to the support staff off-site therefore enforcing the data protection security requirement for personal information that individuals can not be specifically identified by the data. |
| This process is circular - a repeat of the obfuscate tool will return the readers to normal. The readers should be de-obfuscated either immediately (if the database is being investigated but not altered off-site) or when the database is returned (if data corrects are being made). | This process is circular - a repeat of the obfuscate tool will return the readers to normal. The readers should be de-obfuscated either immediately (if the database is being investigated but not altered off-site) or when the database is returned (if data corrects are being made). | ||
| + | ---- | ||
| + | {{:logo.png?nolink |}}\\ | ||
| + | [[pergamonmu:quickstart:index|Quickstart Guide]]\\ | ||
| + | [[:start|Pergamon Wiki Home]] | ||
pergamonmu/quickstart/security.1504278769.txt.gz ยท Last modified: 2017/09/01 15:12 by admin
Page Tools
