 |
| |
| |
FirstClass Communications Platform Security
FirstClass is an inherently secure design. The information provided below describes some of the inherent security features of the product and details the strategies and standards FirstClass utilizes to provide a secure environment.
FirstClass combines a robust message store and access control system with an encrypted client-server connection to ensure that messages are secure. FirstClass employs a stream-cipher to implement secure log-ins and data communications. The encryption scheme uses a 3-way handshake with keys exchanged by the server and client at link startup, to ensure that the encryption is different each time. Everything from user activity, Address Books, messaging and chats are encrypted over the link. The public keys are stored in the directory, and for internal FirstClass users, the process of sending a secure message is transparent.
Encryption at this level provides secure transmission for not only passwords, but for every message, calendar item, and Address Book entry. Notification and authentication are provided using MD5 for excellent account security. Packet level encryption is inherent to FirstClass and as such, works regardless of whether the system is communicating using TCP/IP, IPX, AppleTalk, ISDN, or even by modem.
In addition, FirstClass also offers packet-level encryption. Essentially, this means that every portion of every message transmitted between the client and the server is significantly more difficult to successfully intercept. Almost all network applications, from file sharing to printing to sending messages, expose content directly to anyone utilizing a simple packet analyzer program. Packet level encryption ensures secure message transfer regardless of connection type.
In addition to the encryption of content traveling between the client and server, FirstClass provides 5 layers of security.
Layer 1: UserID and Password
The user ID and password is first level of security. All users must have a valid UserID and password to log on to the server. Password restrictions can be customized to ensure that userÕs accounts are not easily accessible. In addition, most conventional email systems accomplish user log-in by making use of the userÕs mail address, which is public information. Within the FirstClass environment however, UserIDs and email addresses are unrelated to each other, unrelated to the userÕs password, and also unrelated to the name of the actual user. Using this private information makes it far more difficult to break into a FirstClass UserÕs mail account than conventional email systems.
Password Security within FirstClass Unified Communications
Users have two sets of user IDÕs and passwords Š one for access to the FirstClass server via the PC or web (Internet Services), and one for access through the phone (FirstClass Voice Services). Accounts can be created and deleted on an individual basis or via Batch Administration commands for larger groups of users. When provisioned with a new account, users are assigned a unique username and password, subject to the strengths of the FirstClass security features outlined here. New users can be notified of their new username and temporary password via two separate emails (for security purposes), and instructed to change the temporary password to a different alphanumeric password, subject to FirstClassÕ password rules.
For PC or web access, Administrator(s) can set the password restrictions for all users on the system. If the Administrator does not set any password restrictions, FirstClass sets default restrictions according to User Group settings. More specifically, the Administrator can set:
� Password Expiry period
� Allow or disallow recent passwords
� Password minimum character length
� Password use of alphanumeric characters
� Password encryption: Password length is masked Š The assword field will fill with Ō*Õ characters, rather than displaying the actual password. (This occurs regardless of the passwordÕs actual length)
� 1 minute Timed Lock-Out after 3 failed attempts at login.
Layer 2: User Privileges
The second layer encompasses the user's privileges within FirstClass. With over 30 different user privileges, the administrator can control everything from the userÕs ability to create private mail to the ability to publish a home page.
Layer 3: Directory Security
The third level of security is the Directory. Administrators can configure a different view of the Directory for each user group. If a conference name is not in the Directory, the user cannot send mail to the conference. If a person's name is hidden from view, the user cannot send email, view the personal calendar, or see the person's web page. The contents of a directory controls the user's ability to access any conference or any other user.
Layer 4: Conference Subscriptions
Conference subscriptions are the fourth security layer. If a user is placed on a subscription list to a particular conference, that conference folder will appear on his/her desktop. The user is then able to interact within that conference based on his/her access permissions. If a conference is not on a user's Desktop, or accessible in a sub-layer of a conference that appears on the userÕs desktop, the contents cannot be accessed. Unlike most mail systems, FirstClass offers a complete user and group access control system, and provides this at both the system and the conference level. It is possible to maintain the utmost control over access to specific information, conferences, and folders by allowing the administrator to assign discrete levels of access permissions for individual users, or groups, based on their requirements. An
individualÕs access is secured through their unique User ID and password, which, as discussed above, is difficult to compromise.
Layer 5: Access Permissions
The final level of security is the ability to set access permissions. The conference controller can customize access permissions for each participant or user group. Access permissions can also be applied to calendars. Access permissions encompass 16 levels of permissions that can be assigned to individual users or groups. In addition to the Five Layers discussed above, security may additionally be broken down into three components:
� Content security (making sure that data on the server is secure)
� Network security (making sure that the data flowing between the client and server is secure)
� Attack security (making sure that the system is protected against viruses and denial of service attacks)
FirstClass addresses each of these components.
Content Security: FirstClass stores all user data in a secure Collaborative Store. This data is managed by the server, and provides a complete history and audit trail of data movement. This ensures that users and administrators know exactly who is creating, sending and accessing content. Every message and file stored is encapsulated, so raw files are never written to the Post Office. This avoids any possibility of viruses running on the server machine. The Collaborative Store may also be mirrored to another backup Post Office to ensure that user content is secure against hardware failure or disaster.
Network Security: The connection between the FirstClass Server and the FirstClass client is made using a secure network connection. FirstClass uses an advanced streaming cipher to provide protection against network sniffers. As described above, all data is encrypted, as compared with some systems, which encrypt only the body of the message. In addition, FirstClass has an additional level of encryption for passwords, ensuring that passwords are double-encrypted.
Security risks from outside the local area network are generally associated with a remote access solution such as remote IPX or TCP/IP routers, ARA and terminal servers. These can easily expose a network to outside and potentially damaging access. FirstClass is an excellent network firewall. It allows connections directly to the server machine via both direct modem and remote TCP/IP protocols. There is no method for such a connection to bypass the server machine, access the network or access anything other than the FirstClass server, as controlled by the usersÕ permissions.
In the event that a user has gained knowledge of the AdministratorÕs password (perhaps through observing the login process or other physical means) there is still no facility to have access to the server machineÕs file structure or the network.
One of the reasons for this is that FirstClass connections employ entirely proprietary protocols that are designed to run on top of inherently secure operating systems. Windows NT and the Macintosh OS (both used as FirstClass Servers) are not susceptible to intrusive OS level access.
With FirstClass, users are completely locked into an environment that cannot be accessed or bypassed from within that environment. If a user, in an attempt to break in, were to attempt to bypass FirstClass by somehow disabling FirstClass (which is not something the system is susceptible to), the user would be instantly disconnected when the server ceased working. FirstClass, because it handles all of the communication protocols internally, is the only element handling the connection and no connection will exist when it ceases to function.
The FirstClass Post Office files all reside on locked volumes, so the files themselves cannot be accessed from the network, except when logged in as a FirstClass user. This, as discussed above, strictly controls the level of file access. This contrasts with several well-known email products that require that their mail users have read AND write access to their post office files that must reside on an accessible volume on the file server. This allows completely free ability to edit, corrupt or even delete selected files. The standard method suggested to protect against this eventuality is to frequently back up the files in question so that restoration is more easily accomplished. While providing some protection against data loss, this in no way prevents intruders from gaining access to the information contained within the mail system.
Attack Security: FirstClass is highly resistant to attack security, for two reasons. First, on the server, all data (including files, messages and attachments) is encapsulated, which ensures that any viruses will pass harmlessly through the server. Second, since the FirstClass client has no user data stored locally, any virus that does run on a client machine will have no ability to access client data (such as messages and Address Book entries), and thus will be unable to reproduce itself.
A History of Supporting Secure Communications
For over a decade the designers of FirstClass have emphasized security as the most important aspect of a messaging system, avoiding the security problems found in systems that emphasize features over security. The FirstClass Division of Open Text maintains close ties to security-monitoring standards and is committed to addressing any security concerns as quickly as possible.
|