If you want even more security

Data security  has always been important to SCHUHFRIED and we have made it our priority that customers who use the Vienna Test System (VTS) do not run  into risk of exposing their test data to attackers. VTS already implements several measures to provide a high degree of data security. This article provides a list of additional measures that users can take to improve data security even further.

However, let’s briefly cover how VTS can be installed before reviewing the safety measures.
The first option is to install VTS on a single machine. In this case, VTS stores all data in a database that is located on that single machine. Since VTS loads all necessary data from the database, no internet connection is required.
The second option is to install VTS in a distributed environment. In this case, the server component (the component that holds the data and provides functionality) of VTS is installed on a server machine, whereas the client component (software used for administration and test execution) is distributed to many client machines. Contrary to a single place installation, an internet connection (or better to say the connection to server) is almost always required in this scenario.

Now that we know how to install VTS, let’s have a look at a list of safety measures we recommend for minimizing the risk of an unwanted data breach:

Configure BitLocker

BitLocker is a highly effective measure to prevent attackers from reading stolen data. It is a data protection feature that integrates and encrypts the hard disk with a user-specific password so that the attackers are not able to read the hard disk. BitLocker conveniently often comes preinstalled with modern-day operating systems. For more information, please check out the following article: https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview.

BitLocker is especially effective for single-workplace installations because there is a higher risk of an attacker getting access to or even stealing the machine on which VTS is installed.

Set up password

VTS already requires setting up a username and password during installation. However, you can add another layer of security by protecting access to the machine itself via a secure Windows login. If possible, 2-factor authentication should be configured as well. Regarding passwords, we also recommend limiting access to VTS to only those users who are going to use it and also further limiting user access by applying the appropriate security level and access rights.

Secure the database

Sometimes it is very important to specifically protect the database. For example, in a distributed environment the database could be hosted externally on a database server. Transparent Data Encryption proves to be quite effective in securing data in a database. It encrypts data at rest; meaning that attackers cannot read the database if they somehow manage to steal the database files. Transparent Data Encryption is a feature of Microsoft SQL Server and it requires a licensed version (SQL Server Express does not support it). Learn more about Transparent Data Encryption at https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption.

Use a firewall

VTS already protects data in transit by using HTTPS, but using a firewall offers an additional layer of security, as it prevents attackers from reaching certain components of VTS over the internet. Depending on the use case, there are different options how the firewall can be used. The firewall can completely block access to VTS, for example, if tests are executed within private networks. On the other hand, certain parts of VTS can be hidden behind a firewall. For example, putting the database behind a firewall prevents attackers from reaching it in the first place. This measure can only be applied in cases where VTS is installed in a distributed environment.

Please make sure to take these extra steps to protect your data, if necessary. If you need help with that or have questions regarding that matter, feel free to contact our technical support team.