Would you mind expounding for me? I need more detail to understand your reply. Sounds constructive for us.
Yes, basically. The access is attained via a generic VPN with nothing more than an Epicor ID and PW. Would Access Scope be a constructive avenue? I have experimented a bit and I am quite concerned regarding the crashing of the active home pageā¦
How do they have VPN access? Your vpn should have 2 factor first
Second access scope can help but only for v2 unfortunately v1 of the api is still there and enabled by default
It is also used by kinetic home page so you canāt easily disable it
You can turn up your Epicor password complexity (and should)
Do these personnel have access to the BOM via engineering workbench or other screens? If they arenāt taking security seriously than they will have additional opportunities to cause problems and they will need to be trained to take security / secrecy seriously.
If they have no legitimate reason to be working with BOMās than it seems like termination and perhaps involving law enforcement might be required depending on what your company works on.
Are you running Microsoft 365? Or do you have Azure AD enabled? If so, you can have multi-factor authentication on your Epicor logins as Epicor supports Azure AD authentication (hopefully more OAUTH in the future.)
Passwords are the weakest link and the industry is moving away from them. Microsoft can do authentication without passwords and now Ciscoās DUO can too.
If you are asking about Service security, it is possibility to restrict access to specific service or method.
It is located in System Setup\Security Maintenance\Service Security Maintenance.
There you can select service, and who can have access to it.
1 Like