Tag: Cyber Attacks

Categories
Knowledge Support Technical Advisory Bulletins exacqVision EDGE Support exacqVision Enterprise Other exacqVision Client exacqVision Server exacqVision Mobile exacqVision Webservice exacqVision Hardware Products exacqVision Integrations

Support procedure for reporting newly discovered cyber security vulnerabilities in Exacq Software 

This document will outline the procedures expected from Exacq Support staff in the event of discovering a previously unreported security vulnerability in an exacqVision product.

Product 

Any exacqVision product

Procedure:

  1. Verify the vulnerability has not already been properly reported at: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
  2. Email the GPS (Global Product Security) team at: productsecurity@jci.com
    • Provide vulnerability analysis in this email and any relevant links
    • Provide customer details and contact information in this email
    • Provide software product and software versions in this email
    • CC the customer on the email
  3. Inform the customer you have notified the appropriate team (GPS) and will be closing the Support ticket.

Our Global Product Security team will then be responsible for following up with this customer and resolving vulnerability.

<br>

Categories
Knowledge Support exacqVision Client Categories

Why do we enforce password complexity ?

Why do we enforce this complexity?

As the threat from cyber-attacks continues to rise, cyber-protection measures have become critical to combat these threats. Like many other technology leaders, Exacq has implemented the use of complex passwords as one measure to combat potential cyber-attacks.

Password cracking programs are one of the tools hackers use to gain unauthorized access to systems, and some of these programs can test over 100,000 passwords per second. To decrease the chances of a password being discovered by one of these programs, the usage of complex passwords is highly recommended, as passwords that contain common words or letter combinations are much more susceptible to being cracked. 

<br>

What is the rule for password complexity?

Complex passwords typically follow the same basic requirements, such as a minimum number of characters and the usage of a special character, a capital letter, and a number. Exacq products require a password of at least 8 characters, including a special character, a capital letter, and a number. It’s highly recommended to use a group of random letters together as opposed to a word or phrase, as this greatly decreases the chance it will be discovered by a password-cracking algorithm.

<br>

How will I know what password is acceptable?

When entering a new password, a tool tip will appear that updates as you type to let you know what characters are missing from the complexity. Your password will also be checked against a list of commonly used passwords to prevent their use and make it less likely for an attacker or unauthorized user to guess your credentials. If any of the fields are highlighted in red the password has been deemed unacceptable. Complexity rules do not apply if you choose to use a passphrase of 20-characters or longer. 

<br>

Does it affect current accounts with passwords that don’t comply?

No – Users with legacy passwords can still access the system. Complex password enforcement only applies when creating new user accounts or changing an existing user’s password.

<br>

Why-do-we-enforce-password-complexity.pdf
Categories
Knowledge Support exacqVision Server

Exacq servers and ransomware

With the rise of ransomware, here are some things you can do to better secure your ExacqVision servers.

AntiVirus – Article 853

Windows Updates – Article 848

<br>