Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Security policy
Configuring an airtight security policy helps protect your DataSecurity Plus instance against malicious activities involving brute-force and other password-based attacks. There are two parts to the security policy:
- A password policy, which enhances password security with password history, length, and complexity factors.
- An account lockout policy, which locks out user accounts after multiple failed login attempts.
This page will guide you through the steps to enable and configure security policies in DataSecurity Plus.
Password policy
The password policy applies only to technician accounts using DataSecurity Plus authentication. For technician accounts using domain authentication, the existing AD password policy will be enforced.
To set a password policy for your technician accounts:
- Go to the Admin Console.
- Navigate to Admin > Administrative Settings > Security Policy > Password Policy tab.
- Provide the below details:
- Minimum Password Length: This prevents technicians from setting passwords with too few characters. It can be an integer value greater than or equal to eight. For example, if you want passwords to be at least ten characters long, set this value as 10.
- Password History: This prevents technicians from reusing old passwords. It can be an integer value greater than zero. For example, if you wish to prevent the reuse of the last three passwords, set this value as 3.
- These two values are sufficient for a basic password security policy. However, additionally, DataSecurity Plus offers the option to enforce the use of complex passwords. To enable this, check the Enable Password Complexity check box. This will ensure that users set passwords that contain at least the following:
- One upper case letter (A-Z)
- One lower case letter (a-z)
- One special character
- Click Save.
The new password policy will now be in effect and will be enforced the next time a technician changes their password.
Account lockout policy
The account lockout policy applies to all DataSecurity Plus technicians using either DataSecurity Plus authentication or domain authentication. To set the account lockout policy:
- Go to the Admin Console.
- Navigate to Admin > Administrative Settings > Security Policy > Account Lockout Policy tab.
- Check the Enable Account Lockout Policy check box.
- Provide the below details:
- Failed Logon Count: This is the number of failed logon attempts that users will be allowed before they are locked out of their account. It can be an integer value greater than zero. For example, if you wish to lock out users after their fourth incorrect attempt, set this value as 4.
- Lockout Duration: This is the period (in minutes) for which user accounts will be inaccessible after being locked out. For example, if you wish to lock out users for half an hour, set this value as 30. At the end of this period, the failed logon counter will be reset.
- Click Save.
The new account lockout policy will now be in effect.