S 4.357 Secure operation of groupware systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Auditor, Administrator

After installation and configuration of the groupware components used, safeguards to ensure secure operation must be implemented. In this context, the implementation of the security policies of the relevant organisation must be checked.

The following security-related aspects need to be considered in this regard:

Software and system maintenance

All security-relevant service packs, updates, and patches for the software product being installed is an important security prerequisite for secure operation of IT systems. Therefore, the administrators must regularly inform themselves about new weaknesses in the groupware and operating systems used and promptly implement suitable safeguards to eliminate such weaknesses. Before installing a service pack, update, or patch to the productive system, it should initially be installed in a test environment, however. This way, it can be checked whether undesired side effects are to be expected. Furthermore, the configuration settings of the overall system should be checked at regular intervals as to whether they meet the specifications and the security requirements.

Protection against denial-of-service attacks (DoS)

In order to provide protection against DoS attacks, it is recommendable to introduce restrictions for the maximum possible message and/or storage volumes. This is first and foremost applicable to incoming connections. The users must be informed of the restrictions. In addition, it must be specified and communicated how incoming messages that exceed the maximum possible message volume are handled, i.e., if for example, the recipient and sender are informed that they were not delivered.

Message filtering constitutes another mechanism. This mechanism is not designed to repel large-scale spam attacks, but it can be used reasonably for filtering individual senders.

Checking distribution lists

In order to make addressing of e-mails easier, alias files or distribution lists are frequently kept. If alias files are kept both on the mail servers and on the mail clients it must be clarified first which entries have priority, i.e. if, when the same alias is selected, the alias of the mail server or of the mail client is accepted. When receiving e-mails, the alias implementation of the mail server should be decisive, and when sending e-mails the alias of the mail client. The users must be informed of which aliases are triggered on the mail server so that they can take this into account when disclosing e-mail addresses.

In order for the users to be able to use the alias files on the mail server they must have read access to them. Write access should be reserved to the mail administrator, though.

To prevent e-mails from being sent to the wrong recipients due to incorrect, not up-to-date or manipulated distribution lists, the distribution lists must be regularly checked for correctness and up-to-dateness.

Data backups

Regular data backups of the groupware system must be performed as a basis for quick data recovery, e.g. upon system failure (see S 6.90 Data backup and archiving of groupware and e-mails). Sporadic checks should be performed as to whether the generated data backups can be restored and whether they cover all required areas.

Safeguarding against failure

Ultimately, a practicable business continuity plan should be present as a precaution (see S 6.140 Drawing up a business continuity plan for the failure of groupware systems).

Regular security checks

The security of a groupware system must be checked regularly. Checking the security helps to detect and eliminate faulty configurations and vulnerabilities. Security checks should be performed at regular intervals by different people. For example, administrators should conduct brief checks relatively frequently (about once per month). It is recommended to create a checklist for these checks to guarantee that the scope of the checks performed is well defined. Minor problems detected during a check can usually be corrected immediately by the administrators, and larger problems must be reported according to the process instructions. Security checks should be conducted by other internal roles (e.g. by someone in the IT Security or IT Audit departments) at medium-term intervals (several months). It may make sense to have checks conducted by external auditors at longer intervals.

Review questions:

• Were suitable safeguards for guaranteeing secure operation of the groupware systems taken?
• Are all aspects of the security policy for secure operation of the groupware systems implemented?
• Is the groupware system subjected to a security check at regular intervals?
• Are the security-related groupware logs evaluated regularly?