Vertec’s security in the network

Vertec installation security is a dynamic and ongoing process that must be carried out continuously.

First of all, the following question arises: Is my Vertec accessible to third parties via the internet or not? This leads to the following scenarios:

Scenario 1: Vertec Cloud Suite

When running Vertec in the Cloud Suite, Vertec is used directly from the cloud without on-premises server installation. Vertec operates the software in the cloud and is responsible for most of the security measures.

However, Cloud Suite customers must keep these two things in mind:

1. Secure passwords must be used for logins. Vertec allows, as part of the Password Policy , to set password requirements so that only strong passwords are allowed. To ensure that all users of a Vertec installation actually use a secure password, a password change can be forced the next time they log in.
2. 2 Factor Authentication is another security measure. This should be turned on whenever possible.

Scenario 2: Vertec On-Premises installation with internet access

Customers of a Vertec On-Premises installation have two options to put their Vertec on the internet. Either they use the Web Access service or they put their Vertec Cloud Server on the Internet themselves.

In both cases, Vertec strongly recommends that you address the Password Security and 2 Factor Authentication described above, activate the additional protection mechanisms described below and always use the latest Vertec version.

Additional protection mechanisms

We recommend activating or not deactivating these additional protections (whenever possible):

• After 10 login attempts fail by default, the corresponding account will be locked for the next 10 minutes. The quantity of possible attempts and the length of time can be configured in the [CloudServer] section in the Vertec.ini file . If nothing is specified, the default is used. This protection can be disabled, but it is strongly discouraged.
• Restricted Scripting restricts scripting when accessing via Cloud Clients. This eliminates Vb scripts and introduces a Sandbox for Python.
• The Restricted Session Process setting starts session processes with limited options:
  • The Vertec Session process runs as a Low Integrity process.
  • The Vertec Session process may not start any further subprocesses.

Always use the latest Vertec version

In all these cases, we recommend that you always use the most up-to-date Vertec version , but at least install every major release. Why is this so relevant? This has to be seen in the context of further technical development, because what might have been good enough three years ago is no longer good and vulnerable today. Like the encryption standards used on the Internet when carrying data, Vertec is constantly evolving. Older Vertec versions should therefore no longer be used.

Vertec On-Premises installation via own infrastructure

Customers who place their Vertec on the internet independently must, in addition to the measures mentioned above, also ensure:

• That the Cloud Cerver is operated in encrypted mode with a real certificate.
• That the cypher suites and TLS versions used are up-to-date.

Scenario 3: Vertec On-Premises installation without Internet access

An On-Premises installation that is not connected to the internet is the least common. Only in this case older versions of Vertec are acceptable and passwords of less importance.

What makes a password strong?

The key to a secure password is its length: it is at least ten digits long, consists of upper and lower case letters, numbers, and special characters. Ideally, it is not a “real” word in the dictionary and does not relate to the user. Different passwords should be used for each service, and password generators should be used to create them. Moreover, passwords should never be written down or stored in plain text on storage media. Instead, password managers should be used to manage them, and passwords stored in browsers secured by a master password.