At DEVNET, we constantly strive to make improvements to our products, be it bug fixes, new features, or other optimizations. Often times, when entering a new market, we add new modules to our DEVNET Edge® application suite, or redevelop an existing module to meet the needs of a new client or market. Our security infrastructure (which is part of the System Maintenance module) recently received some major upgrades as the result of one such project, and DEVNET is now making these changes available to the rest of its customer base.
Under the hood, almost everything security related is new. DEVNET’s custom encryption has been replaced by Microsoft’s Cryptographic Services, meaning all passwords and sensitive data in the system are backed by military-approved encryption. New password restrictions have been built into the product line, allowing administrators to restrict, protect, and control access to DEVNET applications in much the same way they do the county network. New reporting options help administrators and outside auditors verify and validate access into DEVNET Edge® product suite.
How Does it Work?
Everything is centered around the User Maintenance screen in System Maintenance:
For those familiar with User Maintenance, it is immediately apparent that the Maintain User box has significantly changed. Administrators can never see a user’s password. Should a user forget a password, an administrator can create a temporary password for a user, click Expire Now, and force the user to set a new password upon their next login.
User audit information is now immediately apparent on the user maintenance screen. Administrators can see when a user last changed their password, when it expires, when the user was last changed, and who changed the user.
Users now have an additional status: suspended. Previously, users were either Active or Inactive. Suspended indicates users that have been locked out of the system for failing the password policies (more on this in a moment).
There are many new user details, including their address, phone/fax/mobile numbers, and email address. Not only does this help administrators keep track of where their users are located, but this information will be used by DEVNET in future enhancements this year.
Clicking the new Edit Password Policy button yields the policy editor:
Administrators can very simply set the password restrictions they wish to enforce.
How Do I Get This?
If you are interested in enabling these new features, please contact the DEVNET Helpdesk to make arrangements.
The areas of our product line that are common to all applications don’t often receive a lot of attention. There’s generally no need – these pieces are stable and proven, and do what they need to do without complaint or breaking. DEVNET is spending some time this year revisiting these components and making some pretty awesome enhancements to them. Keep watching this blog throughout the summer for other announcements!