The System Configuration page displays system configuration and security information. The configuration information is for viewing only, but some of the security settings can be changed.
You can see a summary of information about the different components of the system. If you wish, you can embed this summary in intranet sites that use wiki markup.
To view system-configuration information
- In the Main Menu, under Tools, select System Admin > System Configuration. The System Configuration screen opens and displays the Default tab, in which the system-configuration information is displayed.
To embed the system-configuration information in an intranet site
SpeechMiner complies with the security standards defined in the PCI-DSS standard (Payment Card Industry Data Security Standard). These standards are designed to prevent confidential information from being accessed by unauthorized individuals. For example, one purpose of SpeechMiner security settings is to prevent unauthorized people from hearing interactions that are stored in the database. Some of the options that must be implemented in SpeechMiner in order for it to conform to the PCI-DSS standard are:
- Interaction export is disabled for all users.
- Anonymous Permalinks are disabled for all users.
- Numbers are filtered out of all interaction playback.
- All audio files are encrypted.
- The password for encrypting audio files has been changed from its default value.
- The password for the default user account (Administrator) has been changed from its default value.
- Access to the SpeechMiner browser-based interface is available using Windows, Genesys or SpeechMiner authentication.
- Access to the system is blocked after ten consecutive attempts to log in with an invalid password.
- Permissions are set properly for all users and components of the system.
- All web services use a secure API, and can only be accessed using a token that is supplied by the system upon user login.
- Secure SSL connections are used for all connections to and between servers in the system.
- The SSL certificate is valid and includes all the domains used by the site.
- All user events are logged.
- Tracing is disabled on all web servers in the system.
The settings that must be configured in order to implement these options are defined in various locations in the system, including SMConfig (the SpeechMiner configuration tool), the SpeechMiner web interface, and the configuration files of specific system features. In some cases, more than one setting must be configured in order for a requirement to be met. (For example, SSL connection requirements must be configured separately for different servers in the system.) The Security Center lists all of the PCI-related settings in your system and, whenever possible, automatically checks the system to see if they conform to the standard. In some cases, the system can correct an issue for you by changing the relevant settings; in other cases, you must manually correct the settings. You can also choose not to implement some or all of the PCI requirements; you can manually change the settings as you see fit.
The Security Center also contains a log of all security-related actions that were performed in the system. The log lists configuration changes and failed login attempts. This information can be used to monitor the system for security breaches.
Opening the Security Center
The Security Center is accessed from the System Configuration screen.
The upper part of the tab contains PCI-compliance information. The lower part contains a log of security-related user actions. Both tables can be sorted by any of the columns they contain.
- In the System Configuration screen, click the Security Center tab.
The PCI-DSS Recommended Configuration section contains a table that lists all of the PCI-related settings. The table has three columns:
|Setting||Name of the setting|
|Explanation||Description of what conditions must be met in order for the setting to conform to the standard.
Note: If the system cannot check whether the setting meets the conditions, "Make sure that..." appears at the beginning of the explanation.
|Action||The current status of the setting, and/or the type of action required to correct it:
To correct a setting that can be fixed automatically
- Under Action, click Fix.
- Click Yes. The system corrects the setting and changes its Action status to Fixed.
You are prompted to confirm that you want to change the setting.
To correct a setting manually
- Follow the instructions under Explanation to manually correct the problem. For additional information, please refer to the SpeechMiner PCI Implementation Guide.
To correct all the settings that can be fixed automatically:
- At the top of the list, click Reset.
- Click Yes. The system corrects the settings and changes their Action status to Fixed.
You are prompted to confirm that you want to change the settings.
The lower table in the Security Center lists system configuration changes and failed logins that occurred in a specified time period. (System configuration changes are changes that are implemented using SMConfig, the SpeechMiner system configuration tool.)
Configure the display in the table
- Select the display options as follows:
- Click Refresh. The display in the table is updated to match the options you chose.
|Last||Enter the number of hours or days (prior to the current time) to include in the table.|
|Time Unit||Select Hours or Days.|
|Failed Login||Select this option to include failed logins in the list.|
|Configuration Change||Select this option to include configuration changes in the list.|