mirror of
https://github.com/Karaka-Management/User-Guide.git
synced 2026-01-11 12:28:40 +00:00
Documentation fixes
This commit is contained in:
parent
cc2fd51dce
commit
948d6e26b8
|
|
@ -1,5 +1,4 @@
|
|||
# Summary
|
||||
|
||||
* [Introduction](README.md)
|
||||
|
||||
## Setup
|
||||
|
|
@ -23,4 +22,4 @@
|
|||
## Security
|
||||
* [Server](security/server.md)
|
||||
* [Application](security/application.md)
|
||||
* [Mentality](security/mentality.md)
|
||||
* [Mentality](security/mentality.md)
|
||||
|
|
|
|||
|
|
@ -12,4 +12,4 @@ The backup files will be stored on the server where they are getting generated a
|
|||
|
||||
The import of the backups is also straight forward by simply clicking import and selecting the backup file. In case the backup version is not support by the current application or module version you'll receive a error message.
|
||||
|
||||
During the import process it's also possible to choose which modules should be imported during the import process for better control. Before importing data into the application it's recommended to perform a backup in case of data corruption. In fact the application automatically offers you to perform a backup right before the import.
|
||||
During the import process it's also possible to choose which modules should be imported for better control. Before importing data into the application it's recommended to perform a backup in case of data corruption. In fact the application automatically offers you to perform a backup right before the import.
|
||||
|
|
@ -14,7 +14,7 @@ The password structure is a highly discussed topic however a password with
|
|||
* At least one special character
|
||||
* At least 8 characters
|
||||
|
||||
is one of the business standards. Longer passwords may be required in the future. Just as a quick info in order to convey the importance of these suggestions, a 8 character password with only upper and lower case characters can be found in less than 6 hours. More and different (like numeric and special) characters exponentially increase the time that is required to brute force a password.
|
||||
is one of the business standards. Longer passwords may be required in the future. Just as a quick info in order to convey the importance of these suggestions, a 8 character password with only upper and lower case characters can be found in less than 6 hours. More and different (e.g. numeric and special) characters exponentially increase the time that is required to brute force a password.
|
||||
|
||||
### Aging
|
||||
|
||||
|
|
@ -22,7 +22,7 @@ Passwords should be changed every 3 month. Enforced password changes are very co
|
|||
|
||||
## Permissions
|
||||
|
||||
The application allows permission handly by user groups and directly by users. It is strongly recommended to lay out a basic organisation schematic and job description for every area. Based on these job descriptions groups should be generated. The permission management through groups is preferred since it's much more verbose and shows a clear structure. While permissions on user basis are in some cases more convenient for quick permission handling they indicate that the actual job function compared to the organization layout is not coherent with the actual tasks that person is performing. Permission handling on user level is strongly advised against and restructuing groups and creating new groups is much cleaner even if in some cases a group only has one account assigned. Permissions for accounts should also get re-evaluated on a regular basis in order to prevent non-active accounts or accounts whose job description changed to have permissions they no longer need.
|
||||
The application allows permission handling by user groups and directly by users. It is strongly recommended to lay out a basic organisation schematic and job description for every area. Based on these job descriptions groups should be generated. The permission management through groups is preferred since it's much more verbose and shows a clear structure. While permissions on user basis are in some cases more convenient for quick permission handling they indicate that the actual job function compared to the organization layout is not coherent with the actual tasks that person is performing. Permission handling on user level is strongly advised against and restructuing groups and creating new groups is much cleaner even if in some cases a group only has one account assigned. Permissions for accounts should also get re-evaluated on a regular basis in order to prevent non-active accounts or accounts whose job description changed to have permissions they no longer need.
|
||||
|
||||
## Updates
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Security Mentality
|
||||
|
||||
Security layers and guidelines are usually seen by the every day user as necessary evil. However without a good mindset no amount of guidelines or even technical security measurments will protect the integrity of the server and data. The thought process often goes along these lines:
|
||||
Security layers and guidelines are usually seen by the every-day-user as necessary evil. However without a good mindset no amount of guidelines or even technical security measurments will protect the integrity of the server and data. The thought process often goes along these lines:
|
||||
|
||||
1. I will not get attacked!
|
||||
2. I don't have any data that need protection!
|
||||
|
|
@ -11,10 +11,10 @@ Security layers and guidelines are usually seen by the every day user as necessa
|
|||
|
||||
Here are some of the responses to such a mentality:
|
||||
|
||||
1. You will. Hundreds of attacks get executed on simple personal web pages which really don't have any interesting data on them. Many attacks are automated and don't even require any man power, starting with simple password attacks.
|
||||
2. Just because you don't think these data need protection doesn't mean other people will think the same. You may not care if someone get's access to your personal information but your actions could actually allow attackers to gain access to personal information of other people that may very well think differently from you.
|
||||
1. It will happen! Hundreds of attacks get executed on simple personal web pages which really don't have any interesting data on them. Many attacks are automated and don't even require any man power, starting with simple password attacks.
|
||||
2. Just because data seems to be not important doesn't mean other people will think the same (especially your clients or business partner).
|
||||
3. "Some people just want to watch the world burn" and others hope to gain some monetairy benefit from either returning the data or not publishing the information from you on the internet.
|
||||
4. How can you know this? Unless you've a fundamental IT understanding of the network, permission and application structure you will most definately not know where your seemingly minor security infringement could cause severe damages. Even server administrators or software developers may not see the implications in their own network/application at first and you believe you can?
|
||||
4. Unless someone has a fundamental IT understanding of the network, permission and application structure it's most definately not possible to know where seemingly minor security infringement could cause severe damages. Even server administrators or software developers may not see the implications in their own network/application at first.
|
||||
5. As an employee you could get fired for careless behavior or depending on your residence even face legal actions. As server administrator or company owner you'll most definately be legally responsible for all kinds of security infringements (even if they are executed by your employees or indirectly caused by third parties).
|
||||
6. It is way more time consuming calling your employees, customers, suppliers that their information have been compromised. In case of data loss you'll have to pay large sums for data recovery, potential legal fees etc.
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ HTTPS is a protocol or form of encrypted communication between client and server
|
|||
|
||||
## Root Login
|
||||
|
||||
By deactivating root login you can at least prevent yourself from potentially breaking critical system configurations by accident and much more important even if your login credentials get compromised an attacker will be restricted to the permissions of that account while the administrator/root access would compromise not only the files and areas of the web application but also all other programs and directories or in case of a shared server you would also open all doors for attackers to these user files/information.
|
||||
By deactivating root login you can at least prevent yourself from potentially breaking critical system configurations by accident and much more important even if your login credentials get compromised an attacker will be restricted to the permissions of that account while the administrator/root access would compromise not only the files and areas of the web application but also all other programs and directories.
|
||||
|
||||
## Updates
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user