Home > WebEOC > Admin Guide > FAQs > How Do I Improve WebEOC Security?

How Do I Improve WebEOC Security?

In addition to the security measures applied to your network and policies adopted by your organization, implementing security options inside of the WebEOC application further enhances the security of the system and reduces the vulnerability of the application to malicious attack. Therefore, Intermedix strongly recommends that you take the following actions to make your WebEOC application more secure.

Application Security

  • Ensure you maintain WebEOC and network components at the latest versions to take advantage of the newest security fixes and features.

  • Use a certificate issued by a public Certificate Authority (CA) for encrypting data transmitted between the web and database servers.

  • Implement Secure Socket Layers [SSL], which ensures your data is encrypted during the data transfer.

    • Consideration should also be given to enabling Windows authentication.

  • Configure WebEOC to run under a service account that is part of the Local Administrator's group and not the Administrator account.

  • Configure the security settings in the General Manager tab, System section, of the WebEOC Admin window. Follow the security guidelines established by your organization's IT department, or implement the recommendations presented below.

    • Enforce strong passwords.

    • Set password age for 180 days.

    • Set a minimum password length of eight (8) characters.

    • Set password history to a minimum of three (3) before an old password can be reused.

    • Set user account lockout threshold to three (3) failed attempts.

    • Set account lockout duration for 30 minutes--never zero (0).

    • Enforce the inactivity lockout threshold.

    • Enforce the maximum file storage size of 500MB.

General Practices

  • Do not use blank usernames or passwords.

  • Review documentation and content to ensure login credentials are removed before making items publicly available, guarding against unauthorized access to your system.

  • Do not share login credentials with other users.

  • Monitor the WebEOC Audit Log for abnormal activity.

You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.