| HTML |
|---|
<h3>Introduction</h3>
<p>The default security settings of TIM Enterprise allow for ease of
installation and are suitable for the needs of most organisations.
However, if your organisation's IT security policy demands it, or you
plan to expose the system to an untrusted network such as the Internet,
it is recommended you harden the security using the methods described
below.</p> |
...
| HTML |
|---|
<p>Within the Windows Registry, right click and select <span class="keyword">New ? String Value</span> and name it <span class="keyword">HighSecurity</span>.</p>
<p> Then, double-click on it and enter the Value of <span class="keyword">True</span>, as shown below:</p>
<img class="screenshot naked" src="http://www.tri-line.com/common/img/documentation/tim_enterprise/HighSecurity.png" alt="HighSecurity Registry value" />
<p>When the <span class="keyword">HighSecurity</span> Registry value is set to <span class="keyword">True</span>, the following restrictions are imposed:-</p>
<ol>
<li> Ability to block individual web scripts by including them in a blacklist file:
<div style="border-width: 1px;" class="code panel"><div class="codeContent panelContent">
<div><div class="syntaxhighlighter java" id="highlighter_500102"><div class="toolbar"><span><a class="toolbar_item command_help help" href="#">?</a></span></div>
<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td class="gutter"><div class="line number1 index0 alt2">1</div></td><td class="code">
<div title="Hint: double-click to select code" class="container"><div class="line number1 index0 alt2"><code class="java plain">"\ssldata\{class}\blacklist.___"</code></div></div></td></tr>
</tbody></table></div></div>
</div></div>
</li>
<li> Enforce password complexity for web users (additional Registry entries required)</li>
<li> Forbid direct SQL queries through web interface</li>
<li> System alert messages are silently suppressed</li>
<li> System database connection tests forbidden</li>
<li> Ability to (re)create system database tables inhibited</li>
<li> Cannot change or test web (HTTP) port</li>
<li> Cannot send test emails</li>
<li> Debug information suppressed if a XSL translation error occurs</li>
</ol>
<h2>Web interface protocols</h2>
<p>The default behaviour is to allow all protocols TLS1, SSL2 and SSL3.</p>
<p>You can change the type of connection that TIM will respond to by adding the Registry String Value <span class="keyword">WWWSSLProtocol</span>.</p>
<p>Note that this this is a case-insensitive string value with one of the following data values:</p>
<table class="confluenceTable">
<tbody>
<tr>
<th class="confluenceTh" width=166>Registry String data value</th>
<th class="confluenceTh">Description</th>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">nossl</span></td>
<td class="confluenceTd">No SSL protocols, behave like a standard HTTP server</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">ssl23</span></td>
<td class="confluenceTd">SSL2 and SSL3 protocols only</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">ssl2</span></td>
<td class="confluenceTd">SSL2 protocol only</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">ssl3</span></td>
<td class="confluenceTd">SSL3 protocol only</td>
</tr>
<tr>
<td class="confluenceTd"><span class="keyword">tls1</span></td>
<td class="confluenceTd">TLS1 protocol only</td>
</tr>
</tbody>
</table>
<h2>Password complexity</h2>
<p>You can configure TIM Enterprise web users with complex passwords to match your organisation's IT password policy.</p>
<p>To enable complex passwords, a Registry String Value <span class="keyword">PasswordComplexity</span> must be added.</p>
<p>The use of the following data string values, allows you to configure how complex the passwords are:</p> |
...