The security of Vertec on the web

Vertec installation security is a dynamic and ongoing process that must be carried out continuously.

First of all, is my Vertec accessible via the Internet or not? This leads to the following scenarios:

Scenario 1: Vertec installation with Cloud Suite

When running Vertec in a Cloud Suite, Vertec is used directly from the cloud without local server installation. Vertec operates the software in the cloud and is responsible for most of the security measures.

However, Cloud Suite customers need to keep these two things in mind:

1. Secure passwords must be used for logins. Vertec allows you to Password Policy the password requirements to allow only strong passwords as part of the to be discontinued. To ensure that all users of a Vertec installation use a secure password, you can Force password change a password change the next time you log in.
2. The 2 Factor Authentication is another security measure. This should be turned on whenever possible.

Scenario 2: Vertec On-Premises Installation with Internet Access

Customers of a Vertec On-Premises installation have two options to put their Vertec on the Internet. Either they use the Webaccess service from spektra netcom ag, or they put their Vertec Cloud Server even on the Internet.

In both cases, Vertec strongly recommends that you address the already described Password Security and 2 Factor Authentication, activate the additional protection mechanisms described below and always use the latest Vertec version.

Additional protection mechanisms

We recommend activating or not deactivating these additional protective measures (whenever possible):

• After 10 failed login attempts by default, the account will be locked for the next 10 minutes. The quantity of possible attempts and the time period can be configured in the [CloudServer] session in the Vertec.ini file. If nothing is specified, the default will be used. This protection can be disabled, but it is strongly discouraged.
• Restricted Scripting restricts scripting when accessing via cloud clients. This stops running Vb scripts and introduces a Sandbox for Python.
• The Restricted Session Process setting starts the session processes with limited capabilities:
  • The Vertec Session process runs as a Low Integrity process.
  • The Vertec Session process must not start any other subprocesses.

Always use the latest Vertec version

In all of these cases, we recommend that you always the current Vertec version use the current version of Vertec, but at least install every major release. Why is this so relevant? This has to be seen in the context of further technical development, because what was good enough perhaps three years ago is no longer OK and vulnerable today. Like the encryption standards used on the Internet for data transmission, Vertec is constantly evolving. Old versions of Vertec should therefore no longer be used.

Vertec On-Premises Installation via your own infrastructure

In addition to the measures mentioned above, customers who place their Vertec independently on the Internet must also ensure that:

• That the Cloud Server is operated in encrypted mode with a real certificate.
• That the cypher suites and TLS versions used are current.

Scenario 3: Vertec On-Premises Installation Without Internet Access

a locally operated (On-Premises) installation that is not connected to the Internet is the least common. Only in this case are older Vertec versions acceptable and passwords of less importance.

What is a strong password?

The key to a strong password is its length: it is at least ten digits long, upper and lower case, numbers, and special characters. Ideally, it does not appear as a “real” word in the dictionary and does not relate to the user. For each service, a different password should be used, and password generators should be used to create it. Passwords should also never be written down or stored in plain text. Instead, password managers should be used to manage them.