As an Waveset administrator, you can further reduce security risks to your protected accounts and data by following these recommendations, at setup time and after.
To reduce security risks during setup:
Access Waveset through a secure Web server using HTTPS.
Reset the passwords for the default Waveset administrator accounts (Administrator and Configurator). To further protect the security of these accounts, you can rename them.
Limit access to the Configurator account.
Limit administrators’ capability sets to only those actions needed for their job functions, and limit administrator capabilities by setting up organizational hierarchies.
Change the default password for the Waveset Index Repository.
Turn on auditing to track activities in the Waveset application.
Edit the permissions on files in the Waveset directory.
Customize workflows to insert approvals or other checkpoints.
Develop a recovery procedure to describe how to recover your Waveset environment in the event of emergency.
To reduce security risks during use:
Periodically change the passwords for the default Waveset administrator accounts (Administrator and Configurator).
Log out of Waveset when not actively using the system.
Set or know the default timeout period for an Waveset session. Session timeout values may differ, as they can be set independently for each login application.
If your application server is Servlet 2.2-compliant, the Waveset installation process sets the HTTP session timeout to a default value of 30 minutes. You can change this value by editing the property; however, you should set the value lower to increase security. Do not set the value higher than 30 minutes.