|
|
|
Introduction to the Security framework of Mithi Connect Xf
|
Typical Client server enterprise software deployments (like email messaging infrastructures, collaboration infrastructures, ERP, etc) comprise of multiple servers running component/ service balanced load or provisioned load, storage infrastructure, network devices, load balancers and client devices for application use and administration.
As highlighted by the BS7799 security standard, organizations can achieve high levels of security for their messaging infrastructure by considering parameters such as personnel security, physical & environmental security, computer & network management, system access control, disaster recovery planning etc. High levels of security cannot be achieved by having solutions, which address only a single aspect. For example many organizations believe that by providing multiple filters to scan for in-coming virus, they can ensure that the messaging infrastructure is highly secure.
The BS7799 security standard is defined by 10 sections. These are
- Security Policy
- Security Organization
- Asset Classification and Control
- Personnel Security
- Physical & Environmental Security
- Computer & Network Management
- System Access Control
- System Development & Maintenance
- Business Continuity and Disaster Recovery Planning
- Compliance
As part of their security policies, some of our clients have conducted the BS7799 audit on the messaging infrastructure built using Mithi Connect Xf for their requirements. Typically this includes quarterly internal audits and a yearly external audits. Mithi Connect Xf system was found to comply with and provide support for the related requirements for security policy, compliance, access control, maintenance & management, continuity and disaster recovery.
The solutions and products from Mithi are designed to provide the highest level of security, taking into account different parameters. This document highlights the security features available in Mithi Connect Xf.
Mithi Connect Xf incorporates years of learning and research into the product, and implements standard security measures across the modules and components to get a default installation with maximum security.
Mithi has also done extensive testing of the open source components before making a choice of the building blocks for the solution. The testing is done based on the reliability, security and support available for the open source component. Mithi is continuously researching into the integrated components and providing necessary upgrades in the software to fix vulnerabilities as they are reported.
By default, except for the basic mailing services, almost no other service or port is enabled. This makes the installation less error prone to human errors.
Security of the enterprise solution must address the following areas of information safety, service access and disaster management: |
|
Physical security:
|
| This is largely a matter of policy to secure the resources from unauthorized physical access, thereby reducing chances of a break in or damage. These policies/processes include strict processes to document all accesses to the server, change request management,password change policies, employee joining/leaving processes to allow/disallow access, etc. |
|
Operating system,components and updates:
|
| Securing the operating system, choice and security of the components along with a framework for regular updates/upgrades/patches for the software will reduce chances of vulnerabilities at the platform layer. |
|
Perimeter Security:
|
| These are systems, processes and tools deployed in the system to control access to the core resources/services. This could be in the form of Intrusion detection systems, firewalls, zoning of the servers, separating the resource for handling, scanning the incoming and outgoing traffic, etc. These ensure that the core data is multiple hops away from the entry point and each hop has its appropriate level of control. |
|
Administration Security:
|
| To allow flexibility for multiple administrators with restricted privileges and with capability to provide audit trails. |
|
Service & Application Security:
|
| Since services are one form of entry to the resources, they should be accessed only by authenticated and authorized users/programs to prevent hijacking and misuse of the resources. Service specific strengthening like virus protection, spam control, content filtering, etc to ensure only clean information enters the servers. Applications should be usable from public/shared terminals with no trace left behind for hacking/peeping, etc. |
|
Channel Security:
|
| Ensuring that no program can read content in transit, it is essential to have options to encrypt and sign all kinds of transactions over the wire between servers and between client servers. |
|
Data Security:
|
Ensure only authorized and controlled access to the data. In addition, robust backup and archival mechanisms (policies, tools, processes) to protect against disasters. The diagram below depicts the architecture of Mithi Connect Xf. The following paragraphs explain the working of each of the security features/components.
 Click on the image to Enlarge. |
|
|
|
|
|
