Protect against security breaches

Visual Guard comes with protections against the following security breaches:

Unauthorized access to the security data

• Security data stored in the Visual Guard repository is serialized and unreadable by direct SQL access. Users must go through the access-restricted API provided by Visual Guard.
• Sensitive data like passwords are encrypted by Visual Guard, using SHA256 cryptographic hash functions.

Denial-of-service

In the case of n-tier architectures, security data is transferred via VG components and benefits from IIS protections and security systems. This prevents Visual Guard from attempts to make it unavailable to users, by saturating it with numerous logon requests.

Unauthorized administration operations

In the case that a user discovers how to access the administration interface or the Visual Guard APIs. Visual Guard internal security mechanisms prevent assigning access rights to user accounts if they have not explicitly received permission from the Master Administrator.

Interception of information

• Between the application and the VG Repository in a 2-tier/LAN architecture: VG is compatible with RDBMS encryption mechanisms. You can activate such mechanisms to prevent the data from being read between client and server.
• Between a client browser and the web server in a 2-tier/Web architecture: VG is compatible with the SSL/HTTPS protocol and allows encryption of the communication between the browser and the web server.
• Between .NET components inside an application: Visual Guard .NET relies on the Microsoft Proxy System (Marshall) to manage such communications and protect against this type of risk.

Password cracking

This attack typically consists of repeatedly trying to guess passwords in order to gain unauthorized access to your system. As a preventive measure, administrators should not allow easily “crackable” passwords. Visual Guard helps enforce such measures by defining a Password Policy.

Packet sniffing

Visual Guard includes a protection against the capture of data packets to find passwords or security tokens in transit over the network. A hacker could steal these tokens to make system calls as though they were a user.

SQL injection

Visual Guard contains search fields – for example, to find a user account. It includes a protection against SQL injections, which consist of inserting parts of SQL orders into a search, hoping to consult confidential information or illegally modify security data.

References

• Password cracking (Wikipedia) http://en.wikipedia.org/wiki/Password_cracking
• Denial of Services (Wikipedia) http://en.wikipedia.org/wiki/Denial-of-service_attack
• Packet sniffing (Wikipedia) http://en.wikipedia.org/wiki/Packet_analyzer
• SQL Injection (Wikipedia) http://en.wikipedia.org/wiki/SQL_injection
• SHA 256 (Wikipedia) http://en.wikipedia.org/wiki/SHA-2