Security hardening

...
HTML
<p>Within the Windows Registry, right click and select <span class="keyword">New ? String Value</span> and name it <span class="keyword">HighSecurity</span>.</p>

<p> Then, double-click on it and enter the Value of <span class="keyword">True</span>, as shown below:</p>

<img class="screenshot naked" src="http://www.tri-line.com/common/img/documentation/tim_enterprise/HighSecurity.png" alt="HighSecurity Registry value" />

<p>When the <span class="keyword">HighSecurity</span> Registry value is set to <span class="keyword">True</span>, the following restrictions are imposed:-</p>

<ol>
  	<li> Ability to block individual web scripts by including them in a blacklist file: 
		<div style="border-width: 1px;" class="code panel"><div class="codeContent panelContent">
		<div><div class="syntaxhighlighter nogutter  java" id="highlighter_500102318479"><div class="toolbar"><span><a class="toolbar_item command_help help" href="#">?</a></span></div>div><table 		<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td class="guttercode"><div class="line number1 index0 alt2">1</div></td><td class="code">
		<div title="Hint: double-click to select code" class="container"><div class="line number1 index0 alt2"><code class="java plainstring">"\ssldata\{class}\blacklist.___"</code></div></div></td></tr>
		<tr></tbody></table></div></div>
		</div></div>
	</li>
  	<li> Enforce password complexity for web users (additional Registry entries required)</li>
  	<li> Forbid direct SQL queries through web interface</li> 
  	<li> System alert messages are silently suppressed</li>
  	<li> System database connection tests forbidden</li>
  	<li> Ability to (re)create system database tables inhibited</li>
  	<li> Cannot change or test web (HTTP) port</li>
  	<li> Cannot send test emails</li>
  	<li> Debug information suppressed if a XSL translation error occurs</li>
</ol>

<h2>Web interface protocols</h2>

<p>The default behaviour is to allow all protocols TLS1, SSL2 and SSL3.</p>

<p>You can change the type of connection that TIM will respond to by adding the Registry String Value <span class="keyword">WWWSSLProtocol</span>.</p>

<p>Note that this this is a case-insensitive string value with one of the following data values:</p>

<table class="confluenceTable">
    <tbody>
        <tr>
            <th class="confluenceTh" width=166>Registry String data value</th>
            <th class="confluenceTh">Description</th>
        </tr>
        <tr>
            <td class="confluenceTd"><span class="keyword">nossl</span></td>
            <td class="confluenceTd">No SSL protocols, behave like a standard HTTP server</td>
        </tr>
		<tr>
            <td class="confluenceTd"><span class="keyword">ssl23</span></td>
            <td class="confluenceTd">SSL2 and SSL3 protocols only</td>
        </tr>
		<tr>
            <td class="confluenceTd"><span class="keyword">ssl2</span></td>
            <td class="confluenceTd">SSL2 protocol only</td>
        </tr>
		<tr>
            <td class="confluenceTd"><span class="keyword">ssl3</span></td>
            <td class="confluenceTd">SSL3 protocol only</td>
        </tr>
		<tr>
            <td class="confluenceTd"><span class="keyword">tls1</span></td>
            <td class="confluenceTd">TLS1 protocol only</td>
        </tr>
	</tbody>
</table>

<h2>Password complexity</h2>

<p>You can configure TIM Enterprise web users with complex passwords to match your organisation's IT password policy.</p>

<p>To enable complex passwords, a Registry String Value <span class="keyword">PasswordComplexity</span> must be added.</p>

<p>The use of the following data string values, allows you to configure how complex the passwords are:</p>
...
Security hardening

Versions Compared

Old Version 27

New Version 28

Key
