It is recommended that Administrators review our full Implementation and Security Guide for more detailed advice and information although a few of the key area have been included within this article.
Passwords
Easysite provides facilities for password encryption, strength enforcement, expiration and recycling rules.
Note: Passwords cannot be retrieved from the system, they can only be replaced.
To set password expiry configuration go to Administration -> System -> Configuration. The following view will be presented:
It is recommended that Administrators set password expiry rules. Password strengths are defined as follows:
| Strength | Points required |
| Very Weak | 0-9 |
| Weak | 10-15 |
| Medium | 16-30 |
| Strong | 31-40 |
| Very Strong | 40+ |
Below are the most common rules used when determining the strength of an EasySite password, along with the associated points awarded:
| Rule | Points |
| Length less than 3 | +6 |
| Length between 3 and 5 | +12 |
| Length more than 5 | +18 |
| Contains lowercase a – z | +1 |
| Contains uppercase A – Z | +5 |
| Contains a single digit (0-9) | +5 |
| Contains multiple digits (0-9) | +7 |
| Contains Punctuation character | +5 |
| Contains multiple punctuation characters | +7 |
| Contains a mixture of letters and numbers | +3 |
| Contains Mixture of letters, numbers and punctuation | +3 |
Access Control (Users and Groups)
For direct authentication Easysite provides user and group management with granular privileges and permissions – there are no default or pre-determined access rights for any groups.
There are over 200 privileges that can be assigned to Groups, these relate to individual options on the system, for example differentiating between formatting buttons (i.e. Bold or Italic) for the Content Editor.
At the same time Easysite sets permissions on all Objects on the system, including pages and assets, by folder or by category. Explicit permission is required before any Group with a respective privilege can make changes. This way each individual object is secured, so that images, videos and documents appearing on pages have different permissions, workflow and auditing. So if a document becomes restricted it will be automatically and instantly removed from all pages for non-authorised users.
It is recommended that Administrators review all content and apply appropriate access control.
SSL
Also known as https, where web pages are secured, represented by a padlock icon in the browser. Each and every domain you operate under which data is captured or accessed will require a digital certificate.
Easysite allows the site operator to enable SSL on a page by page basis or across an entire microsite although also across the administration interface. Any pages that captures data should be secured (such as Login, Registration and forms). We would also advise that the Easysite Administration also run under SSL.
