Security considerations

The security information in this section is supplied to help the user in the security planning process. Nevertheless, it does not contain the full description of any security resource or support level. For general information about SoftExpert Suite security architecture, refer to the SoftExpert Suite - System architecture overview document, in the "Security Architecture" section.

Version 2.2 requires the use of HTTPS to increase the security while using the solution. We suggest the use of a valid digital certificate, issued by certifying authorities. If your organization does not have a valid digital certificate available, it is possible to generate a self-signed certificate, keeping in mind that a self-signed certificate is intended for testing only. To obtain a valid certificate, we recommend Let's Encrypt (http://letsencrypt.org).

SoftExpert Suite requires a local or domain user, Guests group member or any other group which allows the execution of the PHP exec function.

The #exec function is required to enable Server-Side Include (SSI) in IIS. By default, this function is already enabled. The group policy configuration in Windows may also disable the cmd execution.

SoftExpert Suite uses services with specific functions, such as: generation of reports, activities execution, among others. The communication between the application and those services is defined through the communication ports that will be configured in the firewall. Thus, LAN or WAN workstations may access those services.

For more information on the SoftExpert Suite network, refer to the SoftExpert Suite - System architecture overview document, in the "Network Architecture" section.

SoftExpert Suite uses internal communication ports to access the services. If those services were installed on another server, configure the firewall to allow access between the Web server and the server where these services are installed.

SoftExpert Suite requires the rights to download files, open popups, and execute ActiveX and scripts to be enabled in your browser. We recommend adding the SoftExpert Suite URL to the Trusted Sites zone, and defining the security level as Low for that zone.

SoftExpert Suite may have sessions, url content, popups, and file types blocked by a security software such as Antivirus, URL Scan, Firewall, Proxy, among others. Please check whether your security software is correctly configured and configure SoftExpert Suite as an exception in those programs if necessary.

SoftExpert Suite uses an external e-mail server to send notifications. Make sure your email server is configured to accept emails sent from the Web server and that your e-mail account is configured in SoftExpert Suite.

Email filter rules may block the e-mails sent by SoftExpert Suite. Check whether the e-mail rules are configured correctly.

SoftExpert Suite is integrated with LDAP servers, especially with Microsoft Active Directory, by means of a service. This service is responsible for user authentication in LDAP and for notifying SoftExpert Suite to allow access to the system. It also synchronizes the user data between LDAP and SoftExpert Suite, allowing new users to be imported, information to be updated, and/or deleted users to be disabled.

▪For information about how to configure the browsers for single sign-on, refer to the SoftExpert Suite - Installation guide document (Linux or Windows).

▪For information about the system configuration for single sign-on, refer to the SoftExpert Configuration component documentation, in the "Configuration Authentication" section.