Contact Info

WebLEDS currently meets all Oregon State Police and NCIC  Security requirements:

• WebLEDS now supports true Hardware Token Authentication (Secure-ID type tokens)!
  
  WebLEDS can now positively authenticate a network user’s identity by coupling something in the user’s possession (a smart card, hardware token, or software token), with something the user knows (a PIN or User ID).
   

  Click HERE for complete details on our CryptoCard support.
   

• All communications between client workstations and the WebLEDS server are completely encrypted using SSL (Secure Socket Layers).  SSL encryption is the industry standard for secure communications.
   
• Workstation connections to the WebLEDS server are granted/denied based on their IP address.  This feature allows administrators to limit access to the WebLEDS server to only those specific devices/subnets/networks that they specifically authorize.
   
• All workstations are subjected to an Administrator defined "Inactivity Timeout", which causes workstations which are inactive for a specified amount of time to be automatically logged out of the application.
   
• The WebLEDS server is configured to maintain a complete log of every WebLEDS page accessed on your server, and by whom, by workstation, and by date.
   
• Full logging capabilities are built into the system to log every transaction that is sent to LEDS, and every response that is received back from LEDS.  Administrators specify the duration these logs are maintained online for easy retrieval and viewing.
   
• Advanced auditing capabilities are built into the system to allow administrators to easily and unobtrusively enable complete audit logging.  Logging may be enable by user, by transaction or both.
   
• No software or viewed responses are ever installed/saved on the end users PC, with the entire application residing solely on the server.
   
• All successful and unsuccessful logons into the WebLEDS application are logged into separate log files for easy review, and include date, time, user name and IP address of logon.
   
• Accounts are automatically locked out after an Administrator specified number of invalid login attempts.
   
• All log files can be easily imported into Microsoft Access or Excel for easy reporting capability.
   
• The server configured to run the WebLEDS application is configured as a Windows stand-alone server, and is not part of the users Windows Domain.  This further prevents unauthorized network access to the server.  Additionally, no Windows User accounts are created on the machine, relying solely on the internal login accounts defined in WebLEDS.
   
• The application is designed utilizing encrypted SSL session state cookies passed between screens, so that no screen within the system may be indirectly accessed without first going through the initial sign-on screen.
   
• Session state cookies are NEVER written to cache, and all session cookies are completely deleted upon exiting from the application.
   
• The URL displayed to the user never changes from the base URL address, so that the user never sees the names of the individual pages being loaded.
   
• All pages presented and displayed back to the user are dynamically generated on the server, thru the use of CGI programming.  This prevents the user from viewing the source code of these pages to gleen any sensitive or OS level information.
   
• The system uses the HTTPS protocol (TCP/IP port 443) for communications between the Client workstation and the server, which can easily be integrated into very stringent filtering schemes/access lists on routers and firewalls.