Security

Follett Software, LLC continues to invest in technologies to enhance product security and help identify potential security vulnerabilities. You can use several configuration options in Destinyto implement a tight password policy and help prevent denial-of-service attacks.

User Login Policies

Use Destiny's Password Policies options to enforce a strict password policy, and temporarily disable a user account after a specific number of invalid login attempts.

To access these controls:

  1. Log in as the Destiny Administrator.
  2. Select Setup > District Options sub-tab.
  3. Next to Password Policies, click Edit.
  4. Choose from the following options:
    Password Policies page.
    • To require users to create passwords that are eight or more characters and include a mixture of digits and letters, select the Strong password required checkbox.

      Note: This setting does not invalidate existing passwords.

    • To enforce your district's password change policy, enter the number of days in the Login expires field.
    • To set an account lockout after so many attempts, select a number from the Login attempts allowed drop-down.
    • Enter the number of minutes to disable the account in the Login lockout delay field.

      Example: If you select 2 from the Login attempts allowed drop-down and enter a 5 in the Login lockout delay field, then, after two failed login attempts, Destiny will lock the user's account for 5 minutes.

  5. Click Save.

Advanced Security Options

Follett offers tools to configure Destiny to deal with a denial-of-service attack. The configuration can be complex and requires a consultation with Follett Technical Support. A solution will be tailored to the specific needs of your district, your network infrastructure, and your user's specific searching and transaction patterns. The configurable settings include:

  • HTTP Session Creation Governor, limiting the number of new sessions that can be created per second
  • Total Web Request Size Filter, preventing overflow attack
  • Limit percentage of total thread pool available to Guest
  • Limit percentage of total thread pool available to external IP addresses

Although these settings are beneficial to prevent a network attack, they can be misconfigured and unintentionally restrict the performance of Destiny. Contact Follett Technical Support for more details.

Your system's security is central to protecting your district’s data. Security is especially critical as the pace of technology changes and installations become more complex. To ensure your system remains reliable and to protect data integrity, Follett will continue to implement safeguards that enhance the security of your Destiny system.

For a printable version see Security.