S 2.456 Secure administration of groupware systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, Head of IT

The administration of groupware systems requires careful planning. The planning should take sufficient separation of the administrative tasks and the corresponding administrator accounts into account. The security-related aspects described below should be taken into account for the administration of groupware systems.

Appointment of administrators

To ensure the smooth operation of a groupware system, administrators must be appointed and trained. Administrators for e-mail services are also referred to as postmasters. Their tasks include:

• providing groupware services at the local level,
• protecting the groupware systems against misuse,
• checking if the external communication connections function properly,
• being the point of contact in the event of groupware problems for end users as well as for the operators of gateway and relay services.

In order to perform these tasks, the postmaster@<domain> and abuse@<domain> mailboxes are to be set up. These mailboxes must also be set up for all subdomains involved in e-mail traffic.

All error messages can be forwarded to the administrators using the postmaster@<domain> address: They should try to eliminate the sources of error. The administrators should also proactively check the protocols of the supported IT components for any errors and eliminate them.

The administrators are typically informed of the abuse of e-mail services through the abuse@<domain> mailbox. If complaints by external mail participants are sent to this mailbox, e.g. complaints about spam mail from the organisation's own network, the administrators need to check these complaints promptly and eliminate their causes. Otherwise, they risk the e-mail service being restricted in terms of its functionality, for example, because it is placed on blacklists.

Furthermore, one or several persons responsible must be appointed for the maintenance of the communication services offered. This depends on the structure and size of the organisation. In addition to server operations, the communication clients used by the users must also be supported. All administrators and/or their substitutes should be available by telephone and e-mail at any time for the users.

Authorisations

When assigning rights, the following basic principles should be taken into consideration (see also S 4.355 Rights management for groupware systems):

• There should be clear authorisation structures. All administrative task areas and authorisations should be documented adequately.
• The administrative access to groupware systems should be protected in particular due to the wide-ranging authorisations. Only the absolute minimum rights necessary should be granted to perform the administrative tasks.
• The administrative tasks should be divided carefully and assigned understandably to the persons responsible. It should be examined whether the division of tasks can be supported by using already existing administrator roles in the groupware system.
• A global administrator possessing full access rights to all groupware components and all database objects is generally created by default during the initial installation of a groupware system. This should be changed during the initial installation of the directory service. The access rights should be distributed according to the administrative model defined in advance.

Sufficient dimensioning of a groupware system

Groupware servers must be provided with enough disk space and adequate storage performance. The three most important factors to be taken into account are the selection of the processor, the size of the memory and the selection of the storage solution. It should be checked at regular intervals if the dimensioning of the groupware system is still sufficient.

Use of groupware documentation

Software manufacturers usually provide a large number of documents and information, many of which are offered as online documentation. The security-related documentation must be available to administrators in particular and they must be able to access such documentation. Especially in the case of online documentation, it must be checked at regular intervals whether there are new versions and new security instructions.

Secure configuration of groupware servers

Following the installation of the groupware solution used, the software of both the server components and the client components must be configured securely. Before an administrator continues with the configuration steps upon successful installation of the groupware, the general recommendations for administration should be implemented. During the actual configuration of the groupware, the focus should then mainly be placed on the following aspects:

• limiting the access authorisations to the absolutely required extent,
• secure configuration of the groupware interfaces and other components,
• secure configuration of the communication protocols and configuration of adequate logging.

Secure configuration of groupware clients

After the installation and distribution of groupware clients within an organisation, the client software needs to be configured accordingly to guarantee secure operation of the groupware environment. Here, safeguard S 5.57 Secure configuration of groupware/mail clients must be implemented as a basis.

Secure configuration of the database in groupware systems

Groupware systems typically use a database to save all essential information in a persistent manner. The groupware system and the database communicate using queries transmitted over the local network provided that the database and the groupware system components are not installed on the same computer. For this reason, access to the database must be protected as well as possible. This database is a critical component that, by all means, must be protected against unauthorised access. It must be installed and operated securely; the specific recommendations in module S 5.7 Databases must be implemented for this purpose.

Review questions:

• Are the administrative tasks and the granted authorisations documented adequately?
• Were the groupware components configured securely after they have been installed?