Technical Specifications - All Products

ASISCaseManager

ASISCorporateSecurity

Technical Specifications

ASISCaseManager - EXAMPLE VERSION

 

Request Demo

 

 

 

Product Development Software

ASISCaseManager®, ASISCaseManager® Professional, ASISCaseManager® Enterprise, ASISCorporateSecurity®, ASISCorporateSecurity® Profesional and ASISCorporateSecurity® Enterprise have been developed using Microsoft Visual Basic.NET. 

Please Note: ASIS reserves the right to change all standard technical specifications without notification.

System Requirements

Client

CPU

IBM 80x86, Pentium and 100% compatibles

Operating System

Windows® XP Professional, Windows® Vista and Windows 7 ®.

Memory

512MB or more of RAM

Hard disk space

50MB at Client

Graphics display

1024x768 or better

Mouse

Any supported by Windows®

Server (LAN Configuration)

Operating System

Windows® 2008 Server

Hardware

Any Intel Pentium

Memory

1GB RAM or better

Hard Disk

4 GB+

Database:

Microsoft® SQL Server 2008

Server (WAN Configuration)

Operating System

Windows® 2008 Server

Hardware

Any Intel Pentium III 733

Memory

1GB RAM or better

Hard Disk

4 GB+

Database:

Microsoft® SQL Server 2008

Database Option Supported

Standard

ASISCaseManager® and ASISCorporateSecurity® have been developed using Microsoft Visual Basic.NET and are designed to use the Microsoft® SQL Server 2008 Express as the entry level database. This database configuration is suitable for either Notebook computers or PC's networked across a Local Area Network (LAN).

Products with Optional Database Configuration

ASISCaseManager® Professional and ASISCorporateSecurity® Professional have been designed to use Microsoft® SQL Server 2008 database utilizing a 'Two Tier' architecture.

 

ASISCaseManager® Enterprise, and ASISCorporateSecurity® Enterprise have been designed to use Microsoft® SQL Server 2008 database utilizing a 'N Tier' architecture.

 

The 'Enterprise' versions of ASISCaseManager® and ASISCorporateSecurity® are suitable to be deployed across a Wide Area Network (WAN).

SECURITY (All versions)

Password Encryption/Hashing

ASISCaseManager® and ASISCorporateSecurity® use SHA-1 with a 512 bit key to hash user passwords.

(Surpasses the Australian Communications - Electronic Security Instruction (ACSI - 33 - March 2005 release). Further information can be found at: Defence

 Signals Directorate)

 

Overview of Password Hashing

During the first login (or following a password change), a salt value is calculated (see below) and is added to the password. The result is then hashed using, for instance, SHA-1 (512 bits). The username is stored along with the hash value of the user's password and the salt value. On subsequent logins, the stored user salt is added to the password entered by the user and the result is hashed using the same algorithm. The resulting hash value is compared with the stored hash value of the username. If the hash is the same, the probability is very, very high that the password entered is the right one.

What is a salt?

A salt is a value added to a password during login authentification, before it is hashed. The value can be anything. A random value, the user id, a sequential number, ... The value is added to the password using, generally, a simple concatenation; but it could be something else (a XOR, for instance). The salt is stored, in the clear along with the username and the hash value. Its purpose is to prevent mass dictionnary attacks. A mass dictionnary attack is when an attacker has precomputed a table of frequently used password and their hash value. The attacker uses this table to lookup in the password database and try to find a match. It is computationally infeasible to precompute a table of all possible variations of frequently used password when salt is used.

 

Example of 'N-tier' (distributed threE-tier) architecture

Presentation Layer

MS Visual Basic forms are used for data presentation

Workflow Layer

Cache infrequently changing data as XML/HTML Transform data from ADO 2.1 disconnected recordsets to XML Store user context data as XML in location-independent manner (cookie, session state, or back end)

Business Logic Layer

Revised interfaces optimized for scalability Microsoft English Query transforms English to SQL

Data Access

SQL Server ODBC driver ADO 2.1 MTS manages ADO/ODBC connection(s)

Database

SQL Server 2008 Modified schema for increased scalability and performance

 

Last updated 15 December 2014

 | Copyright | Terms of Use | Privacy Policy | Contact Us