Security
The security of Prognosis, its communications and the monitored environment should be considered in conjunction with overall business infrastructure security. This may include; anti-virus software, firewalls, intrusion detection and access controls and privileges. This guide will provide recommendations for Prognosis security and details on how this can be set up. However, it is strongly recommended that the services of a security expert be consulted to ensure that a total security package is implemented over the entire business environment including Prognosis.
IR has developed this software with a 'Defense in Depth' (DiD) design where there are multiple layers of security controls in place within the product.
Software Security
The three layers of Software Security control are available and consist of the following:
| Access Layer | Network Layer | System Layer |
The Access Layer is responsible for user access to both the Web Application and Windows Client. It also controls if any administrative functions can be carried out by the logged in user and can limit what collected data can be viewed. | The Network layer is responsible for the communications between servers and other applications. | The System Layer is responsible for the various processes that run on the Prognosis Server. |
| For further details and recommendations refer to Recommendations for the Access Layer | For further details and recommendations refer to Recommendations for the Network Layer | For further details and recommendations refer to Recommendations for the System Layer |
User/Process Security
In addition to the software layers above, the following recommendations for User Privileges and Process security controls have been supplied:
| HPE NonStop Servers | UNIX/Linux Servers | Windows Servers |
User and Process privilege required to use the product are provided | User and Process privilege required to use the product are provided | Windows Group Policy Object considerations for domain access should be addressed. |
| For further details and recommendations refer to Recommendations for HPE NonStop Servers | For further details and recommendations refer to Recommendations for UNIX/Linux Servers | For further details and recommendations refer to Recommendations for Windows Servers |
Product Security
Further security guidance is provided for the various product suites and systems for monitoring to ensure that the highest level of security is deployed:
| Infrastructure | Payments | Unified Communications |
| For further details and recommendations refer to Recommendations for Infrastructure Products | For further details and recommendations refer to Recommendations for Transact Products | For further details and recommendations refer to Recommendations for Unified Communications Products |