Security (Conf)

This section provides the administrator with multiple security related settings.


../../../../_images/security.png

Authentication

  • Allow legacy authentication: Genius Server offers improved security configuration options in version 2.22.4 and higher (see credential encryption keys below). The keys can be configured to further secure the connection between the Genius MFP Clients and the Genius Server and can be used in combination with Genius MFP Clients version 2.22.x.x or higher. The „Allow legacy authentication“ option is available for backward compatibility reasons and should be enabled until clients are updated to 2.22.x.x or higher and the keys have been configured for all clients.

  • Credential encryption key (128 bit): credential encryption key (128 bit) in hexadecimal format (32 hex digit) used to encrypt credentials that are transferred between client and server. The credential encryption key delivers security enhancements and is recommended to be used in addition to other secure protocols (HTTPS etc.). With the buttons below, a key can be generated, copied, changed or the field can be cleared. Note that for the key to be copied, it first needs to be made visible by clicking on the eye symbol.

  • Credential encryption key (256 bit): the credential encryption key (256 bit) in hexadecimal format (32 hex digit) used to encrypt credentials that are transferred between client and server. The credential encryption key delivers security enhancements and is recommended to be used in addition to other secure protocols (HTTPS etc.). With the buttons below, a key can be generated, copied, changed or the field can be cleared. Note that for the key to be copied, it first needs to be made visible by clicking on the eye symbol.

[Advanced] Logging

  • Security audit log enabled: if enabled, security measures and security attack detection are logged in a seperate log, named security-audit.log.

[Advanced] Failed Login Attempts

  • Failed login attempt lifetime: the amount of time, failed login attempts are saved in days. The oldest attempts are deleted automatically with the scheduled cleanup.

  • Failed login attempt cleanup execution cron: the cron expression for automated failed login attempts cleanup.

[Advanced] Credentials Attack Detection

  • Alert threshold: the number of allowed retry attempts for logins for the same username. If more attempts than configured here are made, an alert e-mail is sent to the respective user.

  • Detection mail subject template: the template for the e-mail subject when a possible credential attack is detected.

  • Detection mail body template: the template for the e-mail body when a possible credential attack is detected.

  • Notification grace period: the amount of time until another alert e-mail is sent in minutes.

[Advanced] Brute Force Attack Detection

  • Alert threshold: the number of allowed retry attempts for logins. If the same IP sends more attempts to login in one minute, an alert is sent to the administrator and possibly other recipients that can be configured.

  • Alert additional recipients: here the additional recipients for alert e-mails can be configured here.

  • Detection mail subject template: the template for the e-mail subject when a possible brute force attack is detected.

  • Detection mail body template: the template for the e-mail body when a possible brute force attack is detected.

  • Notification grace period: the amount of time until another alert e-mail is sent in minutes.

[Advanced] Brute Force Attack Prevention

  • Blacklist threshold: the number of allowed retry attempts for logins. If the same IP sends more attempts to login in one minute, an alert is sent to the administrator. Also the IP is blacklisted, if the checkbox Automatic blacklist enabled is checked.

  • Automatic blacklist enabled: if checked, an IP that exceeds the Blacklist threshold for login attempts, is automatically blacklisted.

  • Prevention (auto blacklist on) mail subject template: the template for the e-mail subject, for mails sent when Automatic blacklist is enabled.

  • Prevention (auto blacklist on) mail body template: the template for the e-mail body, for mails sent when Automatic blacklist is enabled.

  • Prevention (auto blacklist off) mail subject template: the template for the e-mail subject, for mails sent when Automatic blacklist is disabled.

  • Prevention (auto blacklist off) mail body template: the template for the e-mail body, for mails sent when Automatic blacklist is disabled.

  • Blacklist retention preiod: the amount of time a blacklisted IP stays blacklisted in minutes.

  • Blacklist cleanup execution cron: the cron expression for automatic blacklist cleanup.

Hint

Templates can be added in the System section under Templates in the Genius Server configuration tool.