Task 6.2: Setting up Advanced Security

Purpose: Setting up Security using TraCS to adhere to the FBI’s CJIS requirements. TraCS has Audit Settings, Account Settings, Password Settings and Certificates that can be set up

Requirements:

• Web Services Environment,

• Distribution run on all mobile(web Clients) computers,

• SMTP server,

• email service enabled on one office machine.

• Log into TraCS Configuration Manager as an Administrator

• Open the Security Editor

  • The Security Button found in the Setting Ribbon

Open

• The Security Editor will load and the first section deals with auditing.

• Open Audit Settings

Open

• Enable Audit Logging - Set to True to turn on automatic logging of the following:

  • User views logs

  • User successfully changes password

  • User change password fails

  • Successful login

  • Failed login

  • User makes forgot password request

  • Add new access level

  • Remove access level

  • Add new action to access level

  • Remove action from access level

  • Access Level Editor viewed

  • Administrator changes user password

  • Access level is given to a user

  • Access level is removed from a user

  • User granted access to another user’s data

  • User access to another user’s data removed

  • User given new access level permission for another user

  • User access level permission for another user is removed

  • User editor accessed

• Audit Log Connection - The database connection tag from the Database Connection editor for the database where the audit logs are to be stored.

  • Should be set to Log

Open

• Audit Log Table - The name of the table in the database where the audit logs are to be stored.

  • Should Be set to AuditLog

Open

Open

• Open Account Settings

  • Enable Account Lockout - When set to True, TraCS will lockout a user from using the application for a defined amount of time after entering the incorrect login credentials a set number of times.

  • Failed Login Attempt Limit - The number of incorrect login attempts before TraCS will lockout the user from using the application.

  • Lockout Duration - The amount of time, in minutes, that TraCS will lockout a user before allowing them to attempt to login again.

Open

• Open Password settings

  • NOTE: This feature is only available in TraCS Web and on TraCS clients running in Workstation mode or in Field Unit mode with web services turned on.

  • Enable Forgot Password - Set this setting to True to enable a “Forgot Password?” link on the TraCS login screen. When a user clicks the link, TraCS will reset the user’s password and send an e-mail with a new temporary password to the e-mail address contained in the user’s TraCS account. Once the user logs in with the new temporary password, they will be forced to change their password.

  • Forgot Password SMTP Setting - The SMTP tag from the Database Connection editor to be used to send an e-mail to the user with a new temporary password. This setting only needs to be set on the TraCS Application Server as the Forgot Password e-mail will be sent using the TraCS E-mail service.

  • Forgot Password Email Subject –The subject of the email sent to the user that contains a temporary password.

Those 3 setting cause the forget password link to show up on the login dialog box. Clicking that will allow the user to enter their username and email address. the system will then send a temporary password to the email on file.

Open

• Minimum Password Length— The minimum length, in character count, for a password.

• Require Number – When set to True, passwords will be required to contain a number

• Require Mixed Case – When set to True, passwords will require at least one capitol letter

• Special Characters – Enter the special characters required for the password.

Open

• Password Expiration Cycle – Enter the number of days in the Password expiration cycle. For example 90 for 3 months

• Password Expiration Notification Time – Number of days left in the notification cycle to begin notifying the user their password is about to expire

Open

• Open Certificate Settings

  • Note: Your network administrator will need to create the certificates needed

  • Enable Web Services Certificate Use—When set to true the rest of the settings need to be set and it allows certificates to the used when using TraCS web services.

  • Certificate File path – File path of where the certificate is located on the computer

  • Certificate Password – password used to access the certificate

  • Certificate Store Location – Store Location of the Certificate, values are CurrentUser or LocalMachine

  • Certificate Store Name – Store name of the Certificate values are

    • AddressBook

    • AuthRoot

    • CertificateAuthority

    • My

    • Rood

    • TrustedPeople

    • TrustedPublisher

  • Certificate Subject Name – Subject name of the Certificate

Open

• Open Log Settings

  • Encrypt Log – When set to true encrypts logs on the computer, those logs can then only be read from TraCS.

• After making all changes necessary

  • Save the settings Click OK

  • Create a distribution to send this file out to all the web clients

• Update the User accounts

•  

Open

• There are 3 settings dealing with security for users.

  • User Secure Password

  • User Password Expiration

  • Force Password Reset

• Account Locked is auto set once a user logs in to many times. A System admin can come in to manually rest the Account Locked back to False.

• Email is also a required attribute for setting up security

Open

• These setting take effect immediately as long as the security file is located on the hard drives.