Security considerations
The security information in this section is provided to help the user in the security planning process. Nevertheless, it does not contain a thorough description of any security resource or support level. For general information about the SoftExpert Suite security architecture, refer to the SoftExpert Suite - System Architecture Overview document, "Security architecture" section.
Version 2.2 requires the use of HTTPS to increase the security while the solution is being used. We suggest using a valid digital certificate issued by certificate authorities. If your organization does not have a valid digital certificate available, it is possible to generate a self-signed one; however, keep in mind that a self-signed certificate is intended for testing only.
Understanding IIS access rights
SoftExpert Suite requires a local or domain user, a Guests group member, or a member of any group that allows executing the PHP exec function.
The #exec function is required in order for Server-Side Includes (SSI) to be enabled in IIS. By default, this function is already enabled. The Windows group policy configuration may also disable the cmd execution.
Understanding the Firewall configuration
SoftExpert Suite uses services with specific functions, such as: report generation, activity execution, and more. Communication between the application and those services is defined through the communication ports that will be set up in the firewall. Thus, LAN or WAN workstations may access those services.
For more information about the SoftExpert Suite network, refer to the SoftExpert Suite - System Architecture Overview document, "Network architecture" topic.
SoftExpert Suite uses internal communication ports to access the services. If those services are installed on another server, set up the firewall to allow access between the Web server and the server in which the services are installed.
Determine the browser configuration security requirements
SoftExpert Suite requires that the rights to download files, open popups, and execute ActiveX and scripts be enabled in your browser. We recommend you add the SoftExpert Suite URL to the Trusted Sites zone, and set the security level to Low for that zone.
Set security software configurations
SoftExpert Suite may have sessions, URL content, popups, and file types blocked by security software such as Antivirus, URL Scan, Firewall, Proxy, etc. Please check if your security software is correctly configured and, if necessary, set SoftExpert Suite as exception in those pieces of software.
Set the e-mail server configuration security
SoftExpert Suite uses an external e-mail server to send notifications. Make sure your e-mail server is configured to accept e-mails sent from the Web server and that your e-mail account is configured in SoftExpert Suite.
E-mail filter rules may block e-mails sent by SoftExpert Suite. Check if the e-mail rules are configured correctly.
Understanding “Single Sign-on Authentication”
SoftExpert Suite is integrated with LDAP servers, especially with Microsoft Active Directory, by means of a service. This service is responsible for user authentication in LDAP and for notifying SoftExpert Suite to allow access to the system. It also synchronizes user data between LDAP and SoftExpert Suite, allowing new users to be imported, information to be updated, and/or deleted users to be disabled.