Software Security Recommendations

Quite often there can be issues that may raise security concerns when installing and operating new software applications. The following list shows a number of recommendations that should be implemented to overcome any such issues that were detected during the development of this software.

Configuration

The following configuration recommendations need only be completed once, at the time of the installation.

Recommendation

Security Concern Addressed

Details and Further Information

Disable SSL 2.0 and other deprecated encryption protocols

Deprecated encryption protocols

The remote service encrypts traffic using deprecated protocols, such as SSL 2.0. These protocols are known to contain weaknesses that can allow attackers to perform exploits such as 'man-in-the-middle' attacks.

Further Information:

See the Microsoft Knowledge Base article #187498 for the steps required to disable SSL 2.0

http://support.microsoft.com/kb/187498

Disable auto-complete on Web browsers

Class site request forgery

An attacker may be able to trick the user into performing actions on the server for which the user is currently authenticated for.

Behavior

The following behavior recommendations need to be carried out on a regular basis.

Recommendation

Security Concern Addressed

Details

Log off immediately after using Prognosis


Do not use the same browser to access sensitive applications and to surf the Internet freely (tabbed browsing)

Cross-site request forgery

An attacker may be able to trick the user into performing actions on the server for which the user is currently authenticated for.

Use domain user accounts with access policies to access Prognosis

Password guessing attacks

Logins that permit unlimited attempts may permit unauthorized users to gain access by making multiple guesses of login credentials.

Provide feedback on this article