2. General Security for Local Solutions

Any site that is accessible from the internet is exposed to some danger of attack from malicious visitors, where the visitors may be either hackers or scripts. In this respect, OpenEngagement is no different than any other application on the internet. Malicious users may attempt to deface the website, view data, modify data or delete data.

Some strategies firms may use to mitigate this are:

• Install virus checkers on the server computer and every computer in the office network. Keep these up to date;
• Install and monitor intrusion detection software;
• Keep the DMS behind a network firewall. This can be set to, at minimum, block all ports other than the port used by the DMS. Many firewalls can also check for common attack signatures;
• Keep the DMS behind an application firewall. These can check for common attack signatures specific to web applications, which are not normally caught by network firewalls;
• Run as few applications as possible on the server on which the DMS is installed;
• Use a secure operating system, such as OpenBSD;
• Use SSL to encrypt all data sent between the server and clients. Note, if SSL is used, please ensure any intrusion detection and firewalls are utilized once the data is decrypted, as these applications can not properly check encrypted data for attacks;
• Have the site audited either by a security auditing firm or by security auditing software;
• Keep the DMS accessible only from within the office network. This removes some benefits of the product, but also makes security much easier to implement. 

It may not be necessary to implement all or even most of these but we do suggest firms at least consider each of these and implement whichever they determine are necessary for them. Firms may also consider Hosted Solutions where they desire a high degree of security but do not wish to implement a security system. Some work may also be done by OpenEngagement for Local Solutions on a consultancy basis.