|
|
|
JBS
Reisterstown
Posts: 2,982
Joined: September 2009
|
|
#36293
10/10/2011 9:06 PM
|
Joined: Jun 2010
Posts: 9
Member
|
OP
Member
Joined: Jun 2010
Posts: 9 |
Hello AC User Community,
We are going to be upgrading to a very nice new Dell Windows Server 2008 system in the near future. I don't think a "best practices" document exists in relation to security of the AC system. Does anyone have any security tips that they've come across specifically related to an AC install? I don't mean things like "backup your data" or "use RAID", but more operational improvements above and beyond what the standard installer of AC v6 does.
Anyone explored or came across anything to improve security? I know I'm seriously worried about having the entire Import Items subfolder in the same one as the AC startup file, but I don't know if there is a good way to tweak that problem.
Thanks,
Tom
|
|
|
|
|
Joined: Dec 2009
Posts: 1,197 Likes: 8
Member
|
|
Member
Joined: Dec 2009
Posts: 1,197 Likes: 8 |
The only thing you have to do is follow the usual best practices:
1. Have a firm password policy that is enforced. If you are in a domain, your server can do this for you.
2. Have a stateful firewall between yourself and the Internet. Those little routers the DSL providers give you don't count.
3. Do not allow users to log on as administrators.
4. Make sure you are not using the EVERYONE group on any file share.
5. Do NOT disable UAC, I don't care what anyone says.
6. Make certain your anti-virus is up-to-date. I recommend Trend Micro for domain environments.
7. Do not store anything important on workstations only. Use folder redirection to get user documents to the server.
8. Use Windows Server Update Services to deploy security and other updates to servers and workstations. WSUS is free.
Those above will solve the majority of your security issues.
What most fail to realize is that programs like Amazing Charts are totally dependant on your network's overall security. Scumbags don't have to log on to AC to get your stuff when they can just copy the entire database off the server if they can log on to that with an easy password.
JamesNT
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
This is cool. I did all of this without even thinking about it. Didn't even realize I was doing it.
|
|
|
|
|
Joined: Jun 2010
Posts: 9
Member
|
|
OP
Member
Joined: Jun 2010
Posts: 9 |
Thanks James, we've also got those covered. Anyone done any tweaking of NTFS permissions or anything else that makes those imported items more difficult to access directly from a user's workstation?
|
|
|
|
|
Joined: Dec 2009
Posts: 1,197 Likes: 8
Member
|
|
Member
Joined: Dec 2009
Posts: 1,197 Likes: 8 |
Tom,
There really isn't much you can do here. I assume users need to at least read those files. Once a user reads a file, they have it. You can stop them from making changes to the copy you have, but you can't stop them from saving that file on their machine and emailing it out to someone else - at least not easily.
Regardless of what anyone says, security boils down to two things:
1. Keep that bad guys out.
2. Make sure you can trust your employees.
The stuff I posted above will keep the bad guys out. But if you have an employee you can't trust and you either don't know or are unwilling to do anything about it, make sure your retainer for your bankruptcy lawyer is paid up.
JamesNT
|
|
|
|
0 members (),
44
guests, and
28
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
|
|
|
.png "ACUF Donor I")
