How to be secure using MOR

From Kolmisoft Wiki
Revision as of 05:13, 18 October 2011 by Admin (talk | contribs) (Created page with '= How to be secure using MOR = This guide will give you some hints where you could improve your MOR system security <br><br> == Passwords == # Never give passwords to people you …')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

How to be secure using MOR

This guide will give you some hints where you could improve your MOR system security

Passwords

  1. Never give passwords to people you do not trust
  2. Use only secure passwords:
    1. Your passwords must be at least 12 symbols length
    2. Your passwords must contain letters (a-z)
    3. Your passwords must contain numbers (0-9)
    4. Your passwords must contain special characters (!@#$%^&*() and so on..)
  3. You must use different passwords for all types of services, for example MOR GUI, ROOT, phpmyadmin and stats passwords must be different
  4. When using SSH - please consider using SSH keys instead of passwords. More information about SSH can be found here.



MOR good practices

  1. It is recommended to disable public new user registrations or to be careful with:
    1. Default user settings - it is common for new users to do these mistakes:
      1. DO NOT put any initial balance - if you do so you will give money for calling for your new customers for free - such service is often abused and one or more users make a lot of of free account registrations to call for free.
      2. DO NOT MAKE USER POSTPAID - if you do so with public registrations enabled and you set any credit for that user (it can also be automatically applied from default user settings) - that user will be allowed to call for free and you risk that the unknown customer will not pay you.
  2. Do not connect external PBX systems or at least ensure that they ARE SECURE. Please read more about this here:
  3. Use Action log feature in MOR to monitor suspicious users actions in MOR system. More information about Action log can be found here.


To be continued........