Reference: Securing WebWatchBot

From WebWatchBotWiki
Jump to: navigation, search
 Share 

Introduction

WebWatchBot includes 128-bit encryption of sensitive data stored in its database. Securing sensitive data is essential to ensuring the data used by WebWatchBot is not seen or used by unauthorized parties.


How to Effectively Secure WebWatchBot

The following steps will guide you to configuring WebWatchBot to encrypt sensitive data.

  1. Close any open Remote Clients.
  2. Start the WebWatchBot Manager Application.
  3. Back-up your data.
    1. If using SQL Server as the back-end database, use appropriate back-up procedures.
    2. If using the Standard (MS Access) database: Select from the WebWatchBot Manager menu: Help -> ExclamationSoft Support -> View Data Folder, make a copy of the file named "webwatchbot.mdb".
  4. Select Tools -> WebWatchBot Preferences.
  5. Select the "Advanced Properties" folder.
  6. Select the "Security" section.


The following settings are recommended for the highest level of security.

  1. Enable encryption: set "Use Encryption" to true.
  2. Use a strong PassPhrase. Find and use free resources on the Internet to generate a strong password to use for your PassPhrase.
  3. Set "Require Login" to true. You will be prompted to enter your password occassionally; however, the security benefits are worthwhile.
  4. Set the "Password Storage Type" to "File".
  5. Set directory of the "Password Storage Filename" in a directory other than the root directory, then set Windows file permissions to prevent regular users from accessing the file. Be sure that all users of WebWatchBot, the SYSTEM account, and the user account that starts the WebWatchBot service all have access to the file.


Remote Client Configuration

  1. Configure your main server as prescribed above.
  2. Start your Remote Client.
  3. Do not modify any Watch Items.
  4. Select Tools -> WebWatchBot Preferences.
  5. Select the "Advanced Properties" folder.
  6. Select the "Security" section.
  7. Configure your Remote Client with identical settings as the main server with the exception of the PassPhrase Storage Filename. If PassPhrase Storage Type is set to "File", the PassPhrase Storage Filename should not point to the same location as on the Main Server or another Remote Client.