Security roadmap (DIT)

From IKE
Jump to: navigation, search

Status

  • Stage 3 is complete and ready for testing and implementation.

Preamble

Lots of information is transmitted on modern electronic communication structures. The UWOmeds.com page has several places in which important or sensitive information is transmitted, and almost nothing has been done to protect it in the past. This whitepaper attempts to identify the areas where sensitive information is present, and then outlines a timeline approach to securing the data by bootstrapping from completely unsecured to completely secured.

It should be generally understood that "completely secured" will not be achieved without herculean effort. Having said that, it never hurts to try.

Identification

e-chatbook

The e-chatbook has relatively extensive personal details, and represents the single-most important datasource to secure and protect, mainly from unauthorized (non med-student) access. With regards to editing, internal security controls would be desirable so not everybody could edit everybody else's deets.

Forums

The current security model for the forums is deeply flawed on two major levels. The first is from the software itself: VBulletin and most other forum software allow (or require, even) users to login through an unsecured page. The reprecussion is that all data transmitted for login or password is packet-sniffable. Packet sniffing is a basic and widely used hacker technique, and should always be assumed to be in use.

The second serious security flaw in the current forum implementation was the password selection protocol, which dictates that people should use their UWO mail password for the uwomeds forum. This means that not only is the forum login information compromised, but so is the UWO mail password.

Information posting

One of the functions of the uwomeds.com portal is to provide relatively dynamic or easily managable information for the events calendar, clubs and groups and online resources. Protection of this data could be on data entry or on data retrieval. There is no particular reason to protect this data, so that's that. There is a need to prevent unauthorized data entry, however.


Roadmap

Stage 1: Unsecured

At this stage, all data remains unsecured, with free and unimpeded access to all of it. No effort is made to secure the site, except maybe in the mindful construction of source code that happens before. This would be maintained until public release, but is unacceptable in a production site.

Stage 2: Penetrable security

This would involve basic security precautions such as the use of .htaccess files and single-login systems. With this type of system, everybody would share a single login and password. Since the group authorized to access the data (i.e., the chatbook or such) is homogeneous (i.e., med students) and relatively reliable, this makes sense and is a great first step. A timeline for implementation of this stage would be before public release.

Stage 3: Not-so penetrable security

This stage involves individual logins. It will be possible to have individual logins in a relatively easy and straight forward way by linking up the login structure to phpBB's user-management system. This will provide a flexible, upgradeable and durable method for maintaining users. See the Forum roadmap for more information.

Implementation of Stage 3 was completed in mid-august and tested during two of the beta stages.

Stage 4: SSL

This stage involves the use of SSL wherever secured information is being transmitted. In theory, SSL can be accomplished relatively readily, and would make all important data non-sniffable. There may be integration issues with Dixiesys (do they support SSL? How easily is it supported? etc.), but it's probably doable.

As per correspondence with Dixiesys, SSL can be implemented for the site if a ticket is opened. Ticket #19298 was opened on 03 September 2004 to request SSL capability.