Password and Login Security

NetX provides several security layers and various configuration options to meet modern security requirements.

Session key configuration

When users successfully log in to NetX, they are provided with a session key to access data within the application. By default, user session keys are valid for 30 minutes; that duration is extended as long as the session key is being used to make calls back to the server. Administrators can modify this behavior to meet security requirements with the following properties:

Property Description
user.sessionDuration

This property controls the time in minutes that the internal session keys remain valid. Please only change this value if you know what you are doing as it can affect the security of your installation. The default timeout is 30 minutes. 

Value options: number

Requires restart? Yes

 

Login attempt restrictions

By default, accounts are locked after 10 failed login attempts; and locked accounts remain locked for 30 minutes. Both these can be adjusted with the following properties:

Property Description
user.failedLoginAttemptThreshold

Any integer value is valid; setting this to zero will disable any login failure attempt blocking.

Value options: number

Requires restart? Yes

user.failedLoginAttemptTimeout

Any positive, non-zero integer value is valid; measured in minutes.

Value options: number

Requires restart? Yes

Additionally, any login attempt to a non-existent account is automatically locked to thwart any brute-force attacks.

Strict passwords

NetX has several password complexity options. By default, passwords must be at least 8 characters in length. Here are further password configurations that can tighten security:

Changing password restriction settings will not affect existing users until they (or an administrator) attempt the next password change on the account.

Property Description
sys.minimumPasswordLength

This property checks the minimum length required for passwords; the default value is 8 (characters). Does not require a restart.

Value options: number

Requires restart? No

sys.passwordPattern

This property value can be specified by providing a number and a letter, separated by commas. The number designates the number of instances of that character required; and the letter designates the type of character required.

As an example, a valid value is: "2N,3U,2L"; this would require two numbers, three upper case, and two lower case characters in every password. Requires a restart to take effect.

The following are considered "special characters":

! @ # $ % ^ & * ( ) + = _ - { } ? : ; < > . | [

This property requires a restart before it will take effect.

Value options:

  • N: number (0 - 9)
  • L: lower case ASCII character (a-z)
  • U: upper case ASCII character (A-Z)
  • S: special characters

Requires restart? Yes

 

NetX password security features

  • Password length, a minimum of 8 characters.
  • Password complexity includes the use of alpha, numeric and special characters.
  • Maximum invalid account login attempts: 1
  • Account lockout thresholds: 10
  • Inactive session timeout: 30 minutes
  • Passwords are encrypted while in transit using standard cryptographic methods: SSL.
  • Passwords are encrypted or hashed in storage using standard cryptographic methods: PBKDF2.

 

Was this article helpful?
0 out of 1 found this helpful