Middle Tier Security

For complex topics that regular users would not be interested in. For power users and database administrators.
Post Reply
User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Middle Tier Security

Post by Ardavan » Tue Apr 30, 2019 9:27 am

Hello,
Every system I put on the internet starts getting hammered by bots trying to break in within minutes of deployment. I have come to accept this as the cost of placing resources online and use Fail2Ban on my linux machines and the BulletProofSecurity plugin on my wordpress installs to help mitigate risk. I understand OpenDental will lock a user after multiple failed attempts which is great, however my knowledge of IIS is not as extensive as my Apache or nginx chops so I'd like to ask:
1) Are login attempts and failures logged by IIS? If so is are the Middle Tier log messages documented anywhere?
2) Does OpenDental consider an instance of the Middle-Tier served over properly configured HTTPS connection with "Strong passwords" enforced secure enough to be open to the public internet?
3) I assume the reason OpenDental doesn't offer the software as a service is the liability involved with doing so, am I off in this assumption?
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

User avatar
cmcgehee
Posts: 711
Joined: Tue Aug 25, 2015 5:06 pm
Location: Salem, Oregon

Re: Middle Tier Security

Post by cmcgehee » Tue Apr 30, 2019 6:04 pm

1. By default every IIS request is logged, typically in the %SystemDrive%\inetpub\logs\LogFiles folder. The information logged will be very bare boned so you probably won't be able to distinguish login attempts. Middle tier does not have the ability to do any additional logging.
2. I would say secure enough. It wouldn't do very well in a denial-of-service attack, but it should be very hard for an attacker to log in maliciously.
3. The main reason we haven't hosted Open Dental as a service is because of large amount of personnel we would have to devote to it. That said, we are preparing to offer Open Dental as a service in the future, although probably not via middle tier. We are working on getting Open Dental to run in the browser.
Chris McGehee
Open Dental Software
http://www.opendental.com

Post Reply