Welcome to VESOFT

Special Letter to Ecometry Users \| Customer Feedback \| Client List Contact Us \| Free Demo \| Home Page

The simple fact is that anyone can gain full control of your data. Here are some of the basic issues (taken from a standard HP3000 environment MIS audit) and VESOFT's solutions:

1) Logon passwords should be unique to each individual	VESOFT recommends that users have session names - ie. "steve,manager.sys", where the relevant password (with all restrictions) is tied to "steve"
2) Automatic password expiration	VESOFT enforces password obsolescence - users are prompted periodically (manager sets the time threshhold) to change their passwords
3) Password integrity enforcement	VESOFT ensures that passwords cannot be same as logon ID; cannot be shown during screen sign-on; must meet minimum length requirements; minimum length standards; cannot re-use previously used passwords.
4) Inactivity lockout	VESOFT offers LOGOFF(part of Security/3000) - terminates unattended sessions - this also helps keep you under your user license limit and helps clear sessions at backup time
5) Lockout after 3 unsuccessful attempts -	VESOFT enforces

6) Desirable to have accompanying audit package to analyze securityexposures	VESOFT's VEAUDIT/3000 reports on security loopholes

7) Should log and report attempted security violations and successful access	VESOFT offers comprehensive and detailed logging. There are many loopholes that are standard to HP3000s - for example: :HELLO MGR.HPLANMGR is just one of many easily guessable ways to acquire high-level access to your system
There are several additional critical issues, such as:
1) Batch security - embedded passwords in job streams are a serious breach of system security ( they can be visible to unauthorized users)	VESOFT's STREAMX module (part of Security/3000) eliminates the need for embedded passwords

2) Database security	VESOFT's VEOPEN

3) Network logons	See Security/3000 manual: REMOTE ACCESS:NETWORK SECURITY LOOPHOLES

4) Device passwording (including modem), time of day and day of week restrictions	See Sec/3000 manual: REMOTE ACCESS: TERMINAL PASSWORDS

5) File security (addressed by MPEX)

How many PM users do you have? How many without passwords?	Did you know that a PM user with colon prompt access can acquire SM? VEAUDIT will show all PM users and which ones are unpassworded - often easy to guess!