Knowledgebase
Knowledgebase : Visual Guard > Security and compliance
We would need username and password to never be sent in plain text over the wire to the server and should not be stored in unencrypted form on the client machine. Passwords of users name/password accounts are encrypted (256 bits) in the VG repository. Windows accounts passwords are not visible/accessible at anytime within VG. Visual Guard - Version 3.1.912.08 - TBR
At what point within the ASP.Net request pipeline and the page life cycle does Visual Guard .Net come in? This is relevant for all requests in general and the user login page in particular.On HttpApplication_AuthenticatRequest event: Visual Guard .Net gets the current identity (WindowsIdentity for site based on Windows authentication, FormsIdentity for site based on Forms authentication). Visual Guard .Net checks against its repository whether the current user can access or not to the application and provi...
We have an application which encrypts the information in a column (this information is highly confidential), we are thinking to have a digital authentication for this part. Can Visual Guard support this kind of tools (to decrypt the information when it is the good user, then to manage digital authentication)?We may need more specifications about your need to give you an accurate answer. In the meantime, below is some information: Visual Guard can work together with 3rd party encryption and/or authenticatio...
If Visual Guard applies security settings when the form is loaded, can these control settings be overwritten with other code? For example, if cmdSave is disabled when a form loads for a specific user, can another procedure re-enable this button if it's coded within the form? Or is there a way to ensure that the permissions set in the console application are not circumvented? Our goal is to make sure that ALL application security is controlled through Visual Guard and password protected.You can run the permi...
Could someone access the source code of the application in production?VG is compatible with the existing solutions to encrypt the source code of the application and decrypt it when the application is running (i.e.: safenet). Visual Guard .NET - Version 2.8.812.19
What about interception of communications between Windows and Active Directory on the company network?Visual Guard .Net uses the.NET framework standard mechanisms to communicate between Windows and Active Directory. These mechanisms secure the communications between Windows and Active Directory. Visual Guard .NET - Version 2.8.812.19
Can communications between .NET components inside the application be intercepted?Visual Guard .Net relies on Microsoft Proxy System (Marshall) to manage such communications. Thanks to this tight integration with the DotNet Framework, most of the security issues are covered by Microsoft itself. We also run a very large list of security tests for each new version of Visual Guard .Net.
How is Visual Guard .Net protected against interception of communications between the browser and the web server on the internet network?VG is compatible with the SSL/HTTPS protocol to encrypt the information transferring between the browser and the web server (for a web app). Visual Guard .NET - Version 2.8.812.19
What if someone intercepts communications between the client and the DB Server on the company network?If VG repository is stored in a SQL server DB or Oracle DB, VG is compatible with the standard mechanisms provided with the DBMS to encrypt the data transferred between the client and the server. It will prevent the data from being read. Visual Guard .NET - Version 2.8.812.19
Can someone have a direct access to the tables of the repository, and see or modify confidential data?The main part of the data in VG repository is serialized, so it is unreadable. A user who connects to the database will not be able to use this information. Moreover, the very sensitive data, as passwords, will be encrypted by Visual Guard using the algorithm SHA256.
Can we forbid access to the source code of the application in production?VG is compatible with the existing solutions to encrypt the source code of the application and decrypt it when the application is running (i.e.: safenet). Visual Guard .NET - Version 2.8.812.19
Is Visual Guard protected against interception of communications between .NET components inside the application?Visual Guard .Net relies on Microsoft Proxy System (Marshall) to manage such communications. Thanks to this tight integration with the DotNet Framework, most of the security issues are covered by Microsoft itself. We also run a very large list of security tests for each new version of Visual Guard.
Are there any guarantees that Visual Guard .Net does not have a "back door" leaving our systems vulnerable to cyber attacks?Visual Guard .Net relies on Microsoft Proxy System (Marshall) to manage the communication between DotNet components. Thanks to this tight integration with the DotNet Framework, most of the security issues are covered by Microsoft itself. We also run a very large list of security tests for each new version.
Are there any guarantees that at some point in time the method that Visual Guard .Net uses to "hook" into the application will not be altered by Microsoft by a security patch, thus suddenly disabling the application security?Visual Guard .Net relies on Microsoft Proxy System (Marshall) to manage the communication between DotNet components. In case a Microsoft security patch blocks this low-level technology, not only Visual Guard .Net will stop working, but also all DotNet applications, which is qu...
Can Visual Guard .Net go across several firewalls?If your firewalls are already configured so that your application can go through, Visual Guard .Net will not be blocked.Also, Visual Guard .Net relies on IIS and ASP.Net to supports https and ssl protocols. Visual Guard .NET - Version 2.7.802.29
What would happen if the Visual Guard .Net data base controlling permissions goes down?By default users do not have access to your applications when the repository is not available. It is possible to check availability of the database in your application and retry another authentication on an alternate database. Some database provides FailOver database mechanism. Visual Guard .NET - Version 2.7.802.29
What encryption mechanism does Visual-Guard use?
We use SHA256 for all passwords. Rijndael for some internal data.
Are the encryption keys used by Visual-Guard, unique to each
installation? No
Where does Visual-Guard keep the encryption keys? In the repository
and in memory when the application is running.
Help Desk by Novalys