Security Settings

Security Settings

Security settings allow you to configure various security measures to protect your EquiBillBook account and data. Proper security configuration is essential for protecting sensitive business information and preventing unauthorized access.

What are Security Settings?

Security settings include:

• Password Policy: Password complexity and requirements
• Login Security: Login attempt limits and lockout policies
• Two-Factor Authentication: Additional security layer for login
• Session Management: Session timeout and concurrent session limits
• IP Restrictions: IP whitelisting and access control
• Audit Logging: Track user activities and system changes
• Data Encryption: Encryption settings for sensitive data

Accessing Security Settings

To configure security settings:

1. Navigate to Settings → System Settings → Security Settings
2. You'll find various security configuration options
3. Configure settings based on your security requirements

Password Policy Configuration

Configure password requirements:

• Minimum Length: Minimum number of characters (recommended: 8-12)
• Require Uppercase: Must contain uppercase letters
• Require Lowercase: Must contain lowercase letters
• Require Numbers: Must contain numeric digits
• Require Special Characters: Must contain special characters (!@#$%^&*)
• Password Expiry: Days before password expires (e.g., 90 days)
• Password History: Prevent reuse of recent passwords
• Password Complexity: Overall complexity requirements

Login Security Settings

Login Attempt Limits

• Maximum Failed Attempts: Number of failed login attempts before lockout (e.g., 5)
• Lockout Duration: How long account is locked (e.g., 30 minutes)
• Lockout Type: Account lockout or IP-based lockout
• Reset Attempts: Time before failed attempts reset

Login Monitoring

• Track Login Attempts: Log all login attempts
• Email Notifications: Notify on suspicious login attempts
• Login History: Maintain history of user logins
• Device Tracking: Track devices used for login

Two-Factor Authentication (2FA)

Enable additional security layer:

• Enable 2FA: Require two-factor authentication for login
• 2FA Methods:
  • SMS-based verification
  • Email-based verification
  • Authenticator app (Google Authenticator, etc.)
  • Hardware tokens
• 2FA Required For: All users or specific user roles
• Backup Codes: Generate backup codes for account recovery

Session Management

Configure user session settings:

• Session Timeout: Automatic logout after inactivity (e.g., 30 minutes)
• Maximum Session Duration: Maximum time a session can last
• Concurrent Sessions: Limit number of simultaneous sessions per user
• Session Security: Secure session cookies and tokens
• Force Logout: Ability to force logout of all user sessions

IP Restrictions and Access Control

Control access by IP address:

• IP Whitelisting: Allow access only from specific IP addresses
• IP Blacklisting: Block access from specific IP addresses
• Allowed IP Ranges: Define IP address ranges for access
• Geographic Restrictions: Restrict access by country/region
• VPN Detection: Detect and manage VPN connections

Audit Logging

Track system activities:

• Enable Audit Logging: Log all user activities
• Log Events: What to log:
  • Login/logout events
  • Data modifications
  • Configuration changes
  • Financial transactions
  • User permission changes
• Log Retention: How long to keep audit logs
• Log Access: Who can view audit logs

Data Encryption

Protect sensitive data:

• Encryption at Rest: Encrypt stored data
• Encryption in Transit: Encrypt data during transmission (SSL/TLS)
• Encryption Standards: Encryption algorithms and standards
• Sensitive Data Fields: Encrypt specific sensitive fields

Step-by-Step Configuration

Step 1: Configure Password Policy

1. Navigate to Security Settings → Password Policy
2. Set minimum password length (recommended: 8-12 characters)
3. Enable password requirements (uppercase, lowercase, numbers, special characters)
4. Set password expiry period (e.g., 90 days)
5. Configure password history to prevent reuse
6. Save password policy settings

Step 2: Configure Login Security

1. Go to Security Settings → Login Security
2. Set maximum failed login attempts (e.g., 5 attempts)
3. Configure lockout duration (e.g., 30 minutes)
4. Enable login attempt tracking
5. Configure email notifications for suspicious activity
6. Save login security settings

Step 3: Enable Two-Factor Authentication

1. Navigate to Security Settings → Two-Factor Authentication
2. Enable 2FA for your account or organization
3. Choose 2FA method (SMS, Email, Authenticator App)
4. Configure 2FA requirements (all users or specific roles)
5. Generate and save backup codes
6. Test 2FA setup

Step 4: Configure Session Management

1. Go to Security Settings → Session Management
2. Set session timeout (e.g., 30 minutes of inactivity)
3. Configure maximum session duration
4. Set concurrent session limits if needed
5. Enable secure session settings
6. Save session settings

Step 5: Configure IP Restrictions (Optional)

1. Navigate to Security Settings → IP Restrictions
2. Enable IP whitelisting if needed
3. Add allowed IP addresses or IP ranges
4. Configure geographic restrictions if applicable
5. Save IP restriction settings

Step 6: Enable Audit Logging

1. Go to Security Settings → Audit Logging
2. Enable audit logging
3. Select events to log
4. Set log retention period
5. Configure log access permissions
6. Save audit logging settings

Security Best Practices

• Strong Passwords: Enforce strong password policies
• 2FA: Enable two-factor authentication for all users
• Regular Updates: Keep system and security settings updated
• Access Control: Limit access based on user roles
• Monitor Logs: Regularly review audit logs for suspicious activity
• Session Management: Use appropriate session timeouts
• IP Restrictions: Use IP whitelisting for sensitive operations
• Encryption: Ensure data encryption is enabled
• Backup Security: Secure backup files and storage
• User Training: Train users on security best practices

Troubleshooting

Cannot login after enabling security settings?

• Check if account is locked due to failed attempts
• Verify password meets new password policy requirements
• Check if IP address is whitelisted
• Verify 2FA setup is correct
• Contact support if issues persist

2FA not working?

• Verify 2FA is properly configured
• Check if authenticator app time is synchronized
• Verify SMS/Email delivery
• Use backup codes if available
• Contact support for assistance

Account locked frequently?

• Review login attempt limit settings
• Check for automated login attempts
• Verify correct password is being used
• Consider increasing lockout duration
• Review IP restrictions

Cannot access from certain locations?

• Check IP whitelisting settings
• Verify IP address is in allowed list
• Review geographic restrictions
• Check VPN settings if using VPN
• Contact administrator to add IP address

Important Notes

• Security settings affect all users - configure carefully
• Strong security may impact user convenience - find balance
• Test security settings before enforcing organization-wide
• Document security configuration for compliance
• Regularly review and update security settings
• Keep backup codes and recovery options secure
• Monitor security logs regularly for threats

Additional Resources

For related information, see:

• User Management article
• Access Control article
• System Configuration article
• Backup Settings article

Proper security configuration is essential for protecting your business data. Configure security settings based on your risk assessment and compliance requirements!