Security Considerations

---

The security of a system that manages data is essential when running a mission critical application such as CorporateTime Server. This appendix describes a number of security safeguards that could be put in place for further protection of CorporateTime Server data.

Dedicated Server

We recommend that CorporateTime Server, if financial resources permit, be placed on a dedicated computer. Additionally, turn off any TCP and UDP services on the CorporateTime Server which are not critical to the application (e.g., ftp, NFS server and client, X server, etc.) There should be only two accounts configured on the system: unison and root (UNIX) or administrator (NT).

Password Management

The following are Policy/Procedure recommendations on the operations and maintenance of passwords:

• When users are initially assigned a password, they should be required to change this password to one of their own choosing.
• Manual policies should enforce the following password rules:
  • Passwords should never be empty (or blank). This is especially important for the SYSOP or node administrator password.
  • Passwords should never be words, names, or personal information which would be easy for others to guess.
  • Passwords should be at least 8 characters long, and contain a combination of letters and numbers.
  • Avoid using the same password to access the CorporateTime Server and other mission critical systems.

Trust Management

Even if the server is dedicated to the calendaring application, there are still additional security safeguards to consider:

If you have security servers within your organization, consider sending audit trail information from the CorporateTime Server to your central security server. Turn on auditing on the server and conduct spot audits of the commands issued by unison. The CorporateTime Server protects a great deal of aggregate data; ensure that your backups are protected from theft. Consider separate ownership of the root/administrator (auditing account) and the unison (CorporateTime Server management) accounts. This would allow root/administrator to detect potential abuses by the unison owner.

Networking

It is more secure to run mission critical applications within firewall-protected intranets. Make sure that the dial-up connections to your intranet are protected. This can be improved by using one-time password technology (e.g., SecurID). As with many TCP/IP protocols, promiscuous listening (where the attacker monitors network traffic) is a threat in any broadcast network. A number of steps can be performed to reduce the risk of this threat:

• Physically protect hubs and routers. Use switched hubs when possible, especially on the server itself. Some hubs will block unauthorized, or unregistered MAC (or Ethernet addresses) on the LAN.
• Consider router filtering between untrusted internal networks.
• Commercial firewalls also allow more complex TCP/IP filtering rules.

Auditing

The CorporateTime Server generates a number of useful audit trails. It is important to become familiar with these audit trails, and to check them regularly. Many commands will create log files on error conditions. Routinely check for the existence of new log files, and review their contents. Monitor the /users/unison/log/act.log for login attempt abuses. You can detect login attempt abuses from the originating IP addresses. After the application is initially installed, note the file dates and sizes of all the binaries. Periodically check that none of the binaries have been edited. Review <temp> directories, looking for any suspicious files. Hackers have been known to cover their tracks by using <temp> directories as work areas.

Backup and Recovery

CorporateTime data is very important and should be backed up regularly.

PC Security

Be sure to delete confidential or sensitive temporary attachment files saved in <temp> directories. Have a local contact in your organization for reporting and investigating suspicious or fraudulant calendar entries.

Avoid placing CorporateTime client downloaded schedule files on public or shared disk drives. Even though the data is not readable, it could still be subject to password guessing attacks.

Application Security

The CorporateTime Server supports a very rich set of user controlled access privileges (or rights). It is important to train end-users on how these capabilities can be managed, so that the users' information is protected from unauthorized access.

Try to limit who you give designate rights to. You should only give designate rights to trusted individuals.

Review the Options|Access Rights that an individual has established:

The default designate rights should be no designate rights. Set the viewing rights to no privileges, and add privileges as needed.

There are a number of overall limits, set by the CorporateTime Server administrator, that can be set for all CorporateTime Server users.

Disabling attachments ([LIMITS] allowattachments) can prevent users from propagating proprietary information improperly. Setting maximum attachment size ([LIMITS] maxattachmentsize) can help prevent denial of service attacks, where a hacker can send very large files that would cause a server to run out of disk space.

Information Protection

Many companies consider their personnel directory to be a proprietary asset that should be carefully protected. Avoid putting confidential or proprietary information into the public directory. The server allows for a public directory search. The directory can be used for the discovery of user names (e.g., to determine the correct spelling of a meeting attendee).