S 5.3 Groupware
Description
The term groupware refers to applications which help support and organise the procedures and business processes in work groups via IT systems. Groupware is focused on supporting work groups with collaboration, coordination of dates, general coordination, as well as daily communication. The term groupware system collectively refers to the groupware application server, the associated groupware clients and the required groupware services.
Amongst other things, groupware is intended to enable internal and external exchange of messages, such as e-mails, in organisations. Therefore, messages can be administered, delivered, filtered, and sent using groupware. Furthermore, typical communication applications such as newsgroups, calendar, and task lists, as well as Unified Messaging are offered and managed by groupware systems.
The range of functions of groupware systems varies greatly. Since one of the basic functions is generally e-mail, this module also covers general security requirements for e-mail systems.
Numerous manufacturers offer software for groupware systems. Examples include Microsoft Exchange and Outlook (see S 5.12 Microsoft Exchange/Outlook ) and Lotus Notes (S 5.5 Lotus Notes / Domino). In addition, there are numerous other groupware systems or components which are based on freely available sources.
This module examines general security aspects of groupware systems regardless the product actually used. This also includes general security aspects of an e-mail system, encryption and digital signature, handling of active content, use of anti-virus software and many more. There are additional modules for product-specific security aspects in the IT-Grundschutz Catalogues that should be applied to the corresponding groupware system in addition to this module.
Threat scenario
The following typical threats to the IT-Grundschutz of a groupware system are assumed to exist:
Force Majeure
| T 1.2 | Failure of the IT system |
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.2 | Insufficient knowledge of rules and procedures |
| T 2.7 | Unauthorised use of rights |
| T 2.54 | Loss of confidentiality through hidden pieces of data |
| T 2.55 | Uncontrolled use of Groupware |
Human Error
| T 3.1 | Loss of data confidentiality or integrity as a result of user error |
| T 3.8 | Improper use of the IT system |
| T 3.9 | Improper IT system administration |
| T 3.13 | Passing on false or internal information |
Technical Failure
| T 4.20 | Overloaded information systems |
| T 4.32 | Failure to dispatch a message |
| T 4.37 | Lack of reliability of groupware |
Deliberate Acts
| T 5.9 | Unauthorised use of IT systems |
| T 5.23 | Malicious software |
| T 5.24 | Replay of messages |
| T 5.25 | Masquerade |
| T 5.26 | Analysis of the message flow |
| T 5.27 | Repudiation of a message |
| T 5.28 | Denial of services |
| T 5.71 | Loss of confidentiality of classified information |
| T 5.72 | Abuse of groupware |
| T 5.73 | Impersonation of wrong sender |
| T 5.75 | Overload due to incoming e-mails |
| T 5.77 | Unauthorised monitoring of emails |
| T 5.110 | Web bugs |
| T 5.111 | Misuse of active content in e-mails |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
Security safeguards for groupware apply to the clients used as well as to servers operated in the own area. The clients and servers must be protected accordingly. However, this is not covered in this module. The modules in layer 3 must be implemented for their secure operation. The security precautions and instructions to be adhered to by the users are of particular importance.
Groupware systems are generally used in an environment together with other systems controlling access to the internal network from the outside. Such systems include, in particular, security gateways and systems for remote maintenance the groupware must collaborate with. For this reason, it is always necessary when implementing the safeguards specific to the groupware to take the corresponding recommendations from the modules for the other systems affected into account. This includes the following modules, among others:
- S 3.1 Security gateway (firewall), provided that the groupware systems are used in a firewall environment.
- S 4.4 VPN, if the groupware system is accessed using VPN.
A series of safeguards must be implemented to successfully design and implement a groupware system, starting with the strategic decision and continuing through the planning and design phase, the installation phase, and up to the operation phase.
Planning and design
If the decision to use a groupware system has been made, the secure use of the system must be planned and designed. The aspects to take into account during the planning and design phase are summarised in safeguard S 2.454 Planning the secure use of groupware systems. It is possible to significantly influence the security of a groupware system during the planning and design phase by taking security-related aspects into consideration in these phases.
Implementation
Once the preparatory organisational and planning tasks have been completed, the groupware system can be installed. Safeguard S 4.356 Secure installation of groupware systems must be taken into consideration for the installation.
Safeguards for specific user training can be found in S 3.74 Administrator training on groupware system architecture and security and S 3.75 User training on groupware client security mechanisms since the security of groupware systems is affected by the level of knowledge of the users and administrators.
However, the actual installation of the groupware system represents only a small portion of the work which needs to be done during the implementation phase. Most of the work involves setting up the initial configuration of the groupware system after installation. The initial configuration defines the basic security when starting operation and the framework conditions for the future security of the groupware system.
Secure administration must be planned (see S 2.456 Secure administration of groupware systems).
Groupware systems are designed as distributed systems and therefore communicate with each other or with other external client or server systems over a variety of interfaces. It is therefore important to adequately secure communication. In general, a groupware system can use many different communication channels. The channels used depend on the applications and modules installed. However, usually only a few basic communication mechanisms and interfaces are actually used. The relevant introductory safeguard in this case is S 2.456 Secure administration of groupware systems.
Operation
After the initial installation and a test operation phase, regular operations can be initiated. To ensure prompt detection of security problems, the groupware system must be monitored appropriately. More information can be found in S 4.358 Logging groupware systems.
Since a groupware system is subject to constant changes, usually due to new or changed requirements or modified application scenarios, it must be ensured that the desired level of security is also maintained (see also S 2.221 Change management) and S 1.14 Patch and change management).
Contingency Planning
Parallel to the operation phase, the contingency planning phase must ensure that operation of the system is also maintained in an emergency. The Security Management and Audit departments must make sure that these rules are also followed. Recommendations on contingency planning for groupware systems can be found in S 6.140 Drawing up a business continuity plan for the failure of groupware systems.
The bundle of security safeguards for groupware is presented in the following.
Planning and design
| S 2.42 | (A) | Determination of potential communications partners |
| S 2.274 | (A) | Deputisation arrangements for e-mail |
| S 2.454 | (A) | Planning the secure use of groupware systems |
| S 2.455 | (A) | Defining a security policy for Groupware |
Purchasing
| S 2.123 | (Z) | Selection of a groupware or mail provider |
Implementation
| S 2.122 | (Z) | Standard e-mail addresses |
| S 2.456 | (A) | Secure administration of groupware systems |
| S 3.74 | (A) | Administrator training on groupware system architecture and security |
| S 3.75 | (C) | User training on groupware client security mechanisms |
| S 4.64 | (C) | Verification of data before transmission / elimination of residual information |
| S 4.355 | (A) | Rights management for groupware systems |
| S 4.356 | (A) | Secure installation of groupware systems |
| S 5.57 | (A) | Secure configuration of the groupware/mail clients |
Operation
| S 3.76 | (C) | Basic user training on how to use groupware and e-mail |
| S 4.199 | (B) | Avoiding problematic file formats |
| S 4.357 | (A) | Secure operation of groupware systems |
| S 4.358 | (B) | Logging groupware systems |
| S 5.54 | (B) | Dealing with unwanted e-mails |
| S 5.56 | (A) | Secure operation of a mail server |
| S 5.108 | (Z) | Cryptographic protection of groupware and/or e-mail |
| S 5.109 | (Z) | Use of an e-mail scanner on the mail server |
Contingency Planning
| S 6.90 | (C) | Data backup and archiving of groupware and e-mails |
| S 6.140 | (C) | Drawing up a business continuity plan for the failure of groupware systems |