Software Security



Parishinfo Software Security

Online technology is designed to handle the challenges of securing online data on a regular basis. There are a set of requirements that needs to be followed diligently to maintain it safe. Parishinfo is implemented with security requirements (similar to net banking) as Standard Operating Procedure (SOP) and maintains it. These measures are given below:-

Encryption: Encryption is the conversion of electronic data into cipher text, which cannot be easily understood by anyone except authorized parties. The name Parishinfo when encrypted looks like this: HR+kFj1j8ZvTp4VnIA/K29xsiclrTDjKB7sUshEnt

Forced Secure Socket Layer (SSL). With SSL, all data entered on system and uploaded to the server is encrypted. This provides on-the-fly security to user Id and passwords.

Source Code Encryption: The entire software is encrypted using latest licensed encryption tools with domain and IP restrictions. This means even if someone gains access to the source code, he can’t use it until he also has access to the diocese domain name and IP address of the server.

Physical protection and Security: Online server comes with add-on physical security, highly restricted access, disaster protection and backup of data and application.

Firewall: The firewall restrict access to the server as required by the diocese.

Brute Force Protection: This prevents attempts to break into the system using guessed Login Ids and password by blocking failed IPs

Root Login alerts: Diocese admin gets and email alert for all failed as well as successful login attempts.

Login information: The software maintains log files that contain information of the Login ID, User IP, Date and duration of software access along with the files the user has accessed.

Server hardening: The server services that are usually a target of hackers is permanently locked and starts only when needed.

Random User Id and Strict password: The software enforces random Id to make it difficult for others to guess it. The password enforcement policy contains alpha-numeric-special character password combination.