The security information in this section is supplied to help the user in the security planning process. Nevertheless, it does not contain the full description of any security resource or support level. For general information about SoftExpert Suite security architecture, refer to the SoftExpert Suite - System architecture overview document, in the "Security Architecture" section.
▪Understanding the IIS access rights
SoftExpert Suite requires a local or domain user, Guests group member or any other group which allows the execution of the PHP exec function.
▪Understanding the Firewall configuration
SoftExpert Suite uses services with specific functions, such as: generation of reports, activities execution, among others. The communication between the application and those services is defined through the communication ports that will be configured in the firewall. Thus, LAN or WAN workstations may access those services.
▪Determine the browser configuration security requirements
SoftExpert Suite requires the rights to download files, open popups, and execute ActiveX and scripts to be enabled in your browser. We recommend adding the SoftExpert Suite URL to the Trusted Sites zone, and defining the security level as Low for that zone.
▪Determine the Security Software configurations
SoftExpert Suite may have sessions, url content, popups, and file types blocked by a security software such as Antivirus, URL Scan, Firewall, Proxy, among others. Please check whether your security software is correctly configured and configure SoftExpert Suite as an exception in those programs if necessary.
▪Determine the e-mail server configuration security
SoftExpert Suite uses an external e-mail server to send notifications. Make sure your email server is configured to accept emails sent from the Web server and that your e-mail account is configured in SoftExpert Suite.
▪Understanding “Single Sign-on Authentication”
SoftExpert Suite is integrated with LDAP servers, especially with Microsoft Active Directory, by means of a service. This service is responsible for user authentication in LDAP and for notifying SoftExpert Suite to allow access to the system. It also synchronizes the user data between LDAP and SoftExpert Suite, allowing new users to be imported, information to be updated, and/or deleted users to be disabled.