acen: options: security options

Brute force protection

If brute force protection is enabled, remote host will be allowed to generate only limited number of failures/errors within defined control period of time. Once the number of failures is over defined maximum number of failures STATUS_HOST_TEMPORARILY_BANNED error will be generated until control period of time passes (by default, for 15 minutes since the last recorded failure).

Brute force protection is currently implemented for the following segments of ACEN web site:

- standard login page authentication (login errors are tracked)

new client account page (invalid serial number errors are tracked)

web service authentication (credentials failures are tracked)

- all web licensing methods which do not require any authentication (method errors are tracked).

Period

Control period in minutes

Maximum failures

Maximum number of features within defined period.

Log events

If enabled, brute force protection events will be logged to database.

Notify admin

If enabled, notification email about temporarily banned host will be delivered to selected admin user.

Turning off brute force protection pose serious security risk!

DDOS protection

Period

Ddos tracking period in seconds. Host tracking data is reset after this period of time.

Min wait time

Minimum period of time between requests in seconds.

Max requests

Maximum allowed number of requests per defined tracking period.

Log events

If enabled, ddos protection events will be logged to database.

Notify admin

If enabled, notification email about permanently banned host will be delivered to selected admin user.

Notifications

Recipient

Select administrator user which will receive security notifications in case 'Notify admin' option is enabled for brute force or ddos protection.