We’ve launched a new hardening guide to help integrators install our Enterprise-level intelligent access and security system, Integriti, in the most cyber secure way.
It’s one strand of our new strategic focus on cyber security, and builds on our robust cyber history – with no reported cyber breaches in our 30-year-plus history.
Security versus convenience will differ for every site and organisation so our guide aims to show the options installers have to dial up cyber measures when and where they are needed.
It’s not a complete fail-safe. No system is ever perfectly secure. But we hope the measures we highlight and explain will help reduce the risk of a successful cyber attack.
Basics
Our guide runs through some essentials than can be overlooked, such as ensuring default passwords and PINs are changed, that systems offer the ‘least privilege’ to all users so they only have access to what they need and that new updates to software and firmware are included.
Access to infrastructure
Restricting access to your SQL database is vital. Our guide reminds users of the few processes that need constant or temporary access and the importance of protecting back-ups with secure network locations and encryption.
Likewise, the guide explores ways of securing server nodes and client workstations, such as reserving client seats for workstations to stop ‘rogue clients’ being used to attempt unauthorised access.
Securing SQL server
This is a vast topic in its own right, so our guide covers a few essentials, such as using Windows authentication rather than SQL server authentication, and enabling Transparent Data Encryption (TDE) to protect data at rest. It also provides advice for co-located and remote SQL servers.
System settings
Our guide runs through several settings to configure for maximum cyber security. These include disabling unused authentication models, enabling ‘operator lockout’ protocols and ensuring that if evidence vaults are in use that only ‘service accounts’ can access them.
Communication handlers
All communication handlers should be considered as cyber attack vectors. Our guide suggests securing the REST/XML web service with a range of measures including selecting a single operator account and using the firewall to protect the port. For email, our advice includes using SSL, requiring users to login and using the firewall to restrict access on the email server side to the specific IP address of the Integriti server.
Networking
This is another large topic and so our guide focuses on key information not available elsewhere, such as highlighting that Integriti is a 3-tier application suite that allows security field hardware and the SQL database to be on separate networks to the client workstations, with only the Integriti server requiring access to both. It also offers advice on using a VPN and considers actions across the five layers of the OSI stack.
More information
Inner Range’s full Integriti Cyber Security Hardening Guide is available to download.
For more information about Inner Range’s cyber security measures and award-winning security systems, please contact the sales team on 0845 470 5000 or ireurope@innerrange.co.uk
