System security guidelines
The following article defines system security measures that are to be taken before starting your business with Crassula.
Configuring a workstation
Hard disk encryption
Any operation workstation has to be provided with an encrypted hard disk drive. Hard disk encryption secures your data if your laptop is stolen or the hard drive is unmounted by an attacker. Use reliable cryptographic algorithms, such as AES-128, AES-192, AES-256, and TDES/TDEA triple-length keys.
Hard disk encryption can be performed by lots of utilities that are either third-party software components or built into the operating system.
Set a strong password for the operating system
The operating system password is recommended to meet the following requirements:
Password length of at least 8 characters.
Containing both upper and lower case characters.
Containing numbers.
Containing special characters (e.g. "$&#~`*").
Do not set common phrases, words, names, dates of birth as a password.
Operating system updates
The operating system is to be configured to update automatically. Almost any operating system provides a way to enable automatic updates, which will deliver the most recent security patches. Applying the patches is crucial to ensure system and software security.
Antivirus updates
Antivirus software is an essential part of operating system security ensuring that your system and data are not compromised.
The most common use case is securing your device if you accidentally open a file via email/messenger from an unknown sender — the antivirus software detects the file and does not allow the system to execute it.
Antivirus software also ensures that no defective component will be run in the background — the antivirus software detects the vulnerability and reports it.
Firewall
A firewall is often built-in and can be enabled in operating systems such as Windows and macOS. A firewall in both Windows and macOS will block all INCOMING connections from the Internet. Thus, an attacker FROM the Internet will not be able to DIRECTLY connect to your workstation using the remote control.
Working on the workstation
Avoid places and situations where an attacker can spy (or shoot on a camera) on what you do on the workstation. For example:
Public places.
An unauthorized person or an employee nearby should not see what is happening on your workstation.
Do not log in to malicious network resources.
The workstation is only for business use.
Always log out when you need to leave your workplace, even for a short time.
Do not leave the workstation unattended when leaving the workplace. It is recommended to have an office equipped with video monitoring and restricted access.
Do not open suspicious emails.
Do not download/open/execute unfamiliar/obscure/suspicious files on the workstation.
Do not use public third-party capture services for sensitive/personal data screenshots (e.g. Monosnap, Gyazo).
Securing Crassula Administrative panel
Always log out of the Admin panel when you leave your workspace, even for a short time.
Ensure that your password is stored securely.
The password must not be stored in plain text on a workstation or anywhere else (for example, notepad).
Do not store your passwords in the Internet browser. If someone succeeds to log in to your device, they will be able to access the Admin panel.
The password must be known only by the account owner. Do not pass it to anyone in any form, such as email, verbal form, messengers.
Use 2FA to log in to the Admin panel.
When creating an account, 2FA must be enabled as an additional level of protection. Using a phone number and SMS is not safe for 2FA. You must use authentication applications, such as Google Auth.
Assign the minimum necessary rights (permissions) when creating an Administrator profile. Grant permissions that are necessary for the job.
Use and view the data from the administrative panel only when necessary and required by the official duties.