Document toolboxDocument toolbox

Application & System Security

Owned by Maciej Zabielski
Last updated: Jul 22, 2024
2 min read

Application Access Control

Access to the application is controlled using various security settings based on users, roles and groups. To find out more about application-level security, please refer to users manual: Security

The application server is capable of handling user authentication internally, but can also use federated authentication services based on SAML, for example, corporate ADFS or Azure based SSO.

For more information on SSO, please refer to ADFS / AZURE / SAML Single Sign On

 

Internal User Management

Information for customers willing to use internal user database:

  • User password is stored in hashed "salted" form

  • The password is required to be passed over a secured connection

  • System provides brute force detection capabilities and can temporarily disable a user account if the number of login failures exceeds a specified threshold.

  • Multi factor authentication (using e.g. authentication app) can be enabled for all users.

 

External user management

When external (federated) user management is used, the password is never passed to application server. 

Full authentication process takes place within the external provider and only final result of the authentication is passed on to our system.

System Monitoring

All vital elements of the infrastructure are monitored. In case an abnormal situation is detected, a system support engineer is alerted and can take actions as quickly as possible.

Metrics being monitored include:

  • application availability in general

  • application server load (CPU load, number of processes, response time)

  • storage system (free space, load, availability)

  • database servers

  • network status

  • all other services used by the application server 

System Log Management

Application server environment is using a log management system that gathers, filters and manages logs from application servers and other components of the system.

This allows us to identify any problems or abnormal operation quickly. 

Antivirus protection

User files uploaded and stored in a file repository are scanned using a server installed anti-virus software.

E-mail server used for sending out notifications is using an email scanner anti virus software to eliminate the risk for spreading infected files through e-mails. 

Application Server Security Patching

  1. Security updates installed once a week, if a critical security update is released it is installed as soon as possible

  2. Updates are installed and tested in a staging environment before installing to production servers