Ensuring that the security of OfficeMail product is sufficient

print
Product Feature: User Website
Operating System: Windows Server Platform
Database: MS SQL
Steps to ensure that the security of OfficeMail product is sufficient.
  1. Ensure that Operating system security patches are always installed
  2. Ensure that the MS Internet Information Service security patches are always installed
  3. Ensure that the OfficeMail version is the latest available (4.0.11 currently)
  4. Ensure that MS SQL server security patches are always installed
  5. Only allow HTTPS connection to Admin and User Websites
  6. Keep the Admin Website behind your own internal firewall, without external access
  7. Enforce password security policy

Question

Subject: Hybrid Mail Security Issues

Initial Details: Hi, We recently got our systems Pen Tested and they found a couple of issues related to hybrid mail. Can you help us address those? * High - TLSv1.0 (Driver) * We tried disabling tlsv1 on our firewall and PI Office Mail Driver (3.9.0.2) won’t connect. * Medium - SSL cookie without secure flag set (Website) * Medium - jquery version 1.7.2.min (Website) * Medium -Security Headers * X-Frame-Options + Content-Security-Policy Headers are recommended to be set to prevent clickjacking and XSS attacks. Thanks, Arthur Costa IT Department, Tico Mail Works +353 (0) 1 295 9077 | arthur.costa@ticomailworks.ie | www.ticomailworks.ie T8 Maple Avenue Stillorgan Industrial Park Blackrock Co Dublin A94 RT20 Ireland [1433768648_social_linkedin_box_blue] [1433768535_social_twitter_box_white] [cid:image007.jpg@01D363A5.D5DFBD40] [cid:image005.png@01D363A5.8729BED0][cid:image006.png@01D363A5.8729BED0] The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. ________________________________

UPDATED: December 14, 2018

Contact Us