Sunday, July 7, 2013

Security Checklist for Login Module

While a programmer is proceeding towards architecture of login module design and development, following checklist is quite important not only in terms of security but also to avoid frequent updation in the architecture of login system.

  1. On password reset, all Login Remember must be removed automatically 
  2. On password reset, user must be notified on his mail that his/her password has been reset.
  3. On logout, blockage of pressing backward and again sending login credential information must be taken care.
  4. User can check remember me option, but a special variable must be saved instead of password or user id as cookie in the browser. 
  5. User can be asked to enter password of at least 6 characters.
  6. After a gap of few months users can be prompted to update their password credentials based on their record over the frequency of invalid password entries.
While sending login details to the user, the data must be sent as POST method. When a login credentials are being sent using normal post method, it is necessary to disable back button or clear previous history.

However with the usage of ajax post method, this browser security mishaps are easily avoidable.

Posted by Ravi Saxena at 12:02:00 PM 4 comments
Labels:

Saturday, April 2, 2011

Citrix Terminal Services

The virtualization is being carried out in various ways by the different organizations. And it is the ask of current portfolios in the end-users requirements. Not only it helps in better monitoring and better performance optimization of the remote desktop, it helps in reducing the overall cost investment and also increases ROI.

The virtual terminal servers have many productive outcome:
  • All the users are not using maximum RAM, cache, bandwidth, etc at the same time. So every user has the opportunity to better utilize the infrastructure of the cloud resources with the same low cost investment. Here the resources which are not in use are always available to each user. The truth is that any user needs high amount of cloud resources in web hosting and remote login services only for less than 5% of their service period. So the idle infrastructure are available to the other users; may be from different demography, geographic location, business categories altogether.
  • Citrix allows to better monitor the performance of the users remote desktop and the adding new features, resources, taking back-up is quite effective.
  • In case any fault is detected then Citrix can be configured  to send an email alert to the administrator.
  • Citrix virtual services provides better performance than their counterpart traditional terminal services. Also it can easily allow the administration of users RDP even when it grows beyond 100 users.
Posted by Ravi Saxena at 4:04:00 AM 6 comments
Labels:

Monday, March 7, 2011

Virtual Dedicated Server Backup

On a dedicated or virtual dedicated server environment when one runs custom modules, hosted exchange and hosted WSS version of SharePoint, you might be doing the internal backups but there are chances that you may be doing the wrong files backup. So in case of crisis there is completely no one to help.
Its better to setup the backup parameters at the initial stage so that not to forget any basic step.

To make local back-ups on the server's hard drive then have QB Online grab a series of 7 rolling backups(daily back-up with weekly roll-over) off the server.

Back up straight to QB Online and you only get one version.... no history.

Decide the barriers first before moving to the cloud? Branding, Platform, or Cost? To a lot of extent all of them have important role to play during a productive decision making.
As with any change initiative getting people fully on board and sharing a common vision of the future is vital and that means migrating mindsets and behaviors to ensure successful deployment and effective usage across the organization.

Backup options are always there:
  • You can take a complete backup of the OS, as you have dedicated server running virtually. But now this will involve a lots of unnecessary hard disk storage space accumulation.
  • Second you can do is to take a record of the version of the OS and only take backup of the Encrypted file only, viz. the database of the clients application.
In fact, the practice should be to take a global weekly/monthly back-up of the version of the OS and daily back-ups of the daily transaction data file. This way the risk of data loss is minimized under any case. Also practice should be to keep every groups of clients must be isolated from the central part and must be monitored separately so that invasion in one will leave other groups unaffected.
For this some criteria must be chosen to categorize the clients group on basis of:
  • the frequency of their usage/visit,
  • types of resources often used by them,
  • interaction level with their IT managed applications present,
  • Type of service opted for,
  • Security logs and loop-holes for them by analyzing their behaviours
Posted by Ravi Saxena at 9:05:00 AM 11 comments
Labels:
Subscribe to: Posts (Atom)