Search the ManageEngine site:  
 

Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

General settings

Policy Configuration

Release notes

Troubleshooting

Guides

Third-party software Contact us

Security policy

Configuring an airtight security policy helps protect your DataSecurity Plus instance against malicious activities involving brute-force and other password-based attacks. There are two parts to the security policy:

  • A password policy, which enhances password security with password history, length, and complexity factors.
  • An account lockout policy, which locks out user accounts after multiple failed login attempts.

This page will guide you through the steps to enable and configure security policies in DataSecurity Plus.

Password policy

The password policy applies only to technician accounts using DataSecurity Plus authentication. For technician accounts using domain authentication, the existing AD password policy will be enforced.

To set a password policy for your technician accounts:

  • Go to the Admin Console.
  • Navigate to Admin > Administrative Settings > Security Policy > Password Policy tab.
  • Provide the below details:
    • Minimum Password Length: This prevents technicians from setting passwords with too few characters. It can be an integer value greater than or equal to eight. For example, if you want passwords to be at least ten characters long, set this value as 10.
    • Password History: This prevents technicians from reusing old passwords. It can be an integer value greater than zero. For example, if you wish to prevent the reuse of the last three passwords, set this value as 3.
  • These two values are sufficient for a basic password security policy. However, additionally, DataSecurity Plus offers the option to enforce the use of complex passwords. To enable this, check the Enable Password Complexity check box. This will ensure that users set passwords that contain at least the following:
    • One upper case letter (A-Z)
    • One lower case letter (a-z)
    • One special character
  • Click Save.

The new password policy will now be in effect and will be enforced the next time a technician changes their password.

Account lockout policy

The account lockout policy applies to all DataSecurity Plus technicians using either DataSecurity Plus authentication or domain authentication. To set the account lockout policy:

  • Go to the Admin Console.
  • Navigate to Admin > Administrative Settings > Security Policy > Account Lockout Policy tab.
  • Check the Enable Account Lockout Policy check box.
  • Provide the below details:
    • Failed Logon Count: This is the number of failed logon attempts that users will be allowed before they are locked out of their account. It can be an integer value greater than zero. For example, if you wish to lock out users after their fourth incorrect attempt, set this value as 4.
    • Lockout Duration: This is the period (in minutes) for which user accounts will be inaccessible after being locked out. For example, if you wish to lock out users for half an hour, set this value as 30. At the end of this period, the failed logon counter will be reset.
  • Click Save.

The new account lockout policy will now be in effect.

Topics in this page:

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2024 Zoho Corporation Pvt. Ltd. All rights reserved.