One item that is sometimes flagged on internal security scans is that the iSweep appliance has some writable network shares and that the network shares do not have authentication. This is required for operation of the ProDOC application. Here is a quick look at how the shares are used:
-
Upon launching, the ProDOC application needs unauthenticated read access to the "Control" folder share. This allows ProDOC to authenticate against the iDOC Vault website, and this folder also contains all of the form definitions.
-
When exiting ProDOC, the upgrade process requires unauthenticated read access to the "Upgrade" folder share to update itself.
-
When "Save" is clicked, ProDOC saves an encrypted copy of the document image to the "Holding" folder share, which requires unauthenticated write access.
-
When "Pend" is clicked, ProDOC saves an encrypted copy of the document image to the "Pending" folder share, which requires unauthenticated write access.
-
When "Load Pending" is selected, ProDOC reads the document images from the "Pending" folder share, which requires unauthenticated read access.
This access is required by the ProDOC application; without this access, ProDOC will not function.
It is important to note that any confidential information (document images) on the iSweep are encrypted.