Professional Documents
Culture Documents
As businesses move to take advantage of collaborative computing and electronic commerce on the Internet, data security has been
a growing area of interest. Although there are undoubtedly more data security related products and services available today than
ever before there are also more security related incidents each year. The rapid growth of the Internet and the constant
introduction of new technologies, while creating new opportunities for businesses, also create new opportunities for hackers.
For the Internet, security was an afterthought. It is often said that the Internet was not designed with security in mind. The
Internet is composed of many different technologies and is inherently open. Openness was one of the design goals behind basic
Internet technologies like TCP/IP, which is a hardware and network independent protocol. While this enables any computer or
network to be connected to the Internet it also makes it easy for hackers to attempt break-ins while at the same time making
them hard to trace.
The rise in the complexity and diversity of the Internet has caused the need for security expertise to exceed the supply. As a
result, inexperienced technical staff often implement security measures that are vulnerable to hackers.
On the Internet, hackers don't always need to break in to access confidential information since much of the traffic on the Internet
is not encrypted. Encryption has been a growing area of activity in the past few years and today intranets, extranets, and email all
involve some type of security. Developing Internet standards have come to drive security technology.
The purpose of this article is to familiarize you with the basic Internet security technologies. Over the next few months we'll look at
Domino's historical security model and contrast this with the emerging Internet standards-bases security technologies that will be
integrated into Domino 5.0 and beyond.
Encryption
The best place to start is with encryption. Encryption means that information is scrambled so that only authorized people or
systems can understand it. Understanding encrypted information requires decrypting it. For example, substituting numbers for
letters is a primitive form or encryption. To decrypt the information you have to know what numbers represent what letters. In this
example, the mapping of letters to numbers is a simple an encryption key used to guarantee the privacy of information.
An encryption key is information (a string of alphanumeric characters) that is used to encode or decode information. The
difficulty lies in telling people who need to decrypt information what the encryption key is. The most secure way of handling
this is to use a public encryption key to encode information in such a way that only a different, private encryption key can
decode it. In other words if I send a note to you, I encrypt it with your public key which is available to everyone but only
you can decrypt the note using your private key. This is called Public Key encryption. Public Key encryption is good because
public keys can be made available over the Internet and through directory services.
Deploying and managing public and private keys requires a framework for managing security information. Such a
framework is called Public Key Infrastructure or PKI. For several years Domino was practically the only messaging and
groupware system providing a PKI and PKI management tools, but it was implemented with proprietary RSA technology.
The Notes ID with which all Notes administrators are familiar is actually a form of digital certificate containing public and
private encryption keys. The most popular implementation of Public Key encryption for email is Secure Multipurpose
Internet Mail Extensions or S/MIME.
S/MIME provides end-to-end Public Key encryption for email messages. A message encrypted by the sender can only be
decrypted by the recipient. At no time during the transmission or routing of the message is the message stored
unencrypted nor does any user or administrator have access to the content of the message. Through digital signatures,
S/MIME also provides sender authentication and tamper detection.
Today, Internet standards-based security technologies dominate the market. Vendors which had previously lacked a
security model equivalent to that of Domino have now implemented similar security models using Inter standards-based
technologies. At the same time, competition is taking shape around the business of providing enterprise (intranet) and
inter-enterprise (extranet) PKI management facilities. In a sense Domino has a head start but Lotus faces the challenge of
integrating Internet standards-based security technology with its existing security model.
Digital certificates
Digital certificates are widely used for Internet applications and I mentioned that the Notes ID is a proprietary form of
digital certificate. The Internet standard for digital certificates is X.509. Like the Notes ID, the X.509 certificate contains a
user's public and private keys. Certificates are used in several ways including Public Key encryption, digital signature (a way
of verifying the originator of information), and to establish trust between applications or organizations based on the issuer
of the certificate (the Certificate Authority or CA). A certification authority (CA) is a trusted third party authorized to issue
digital certificates.
A certificate consists of a public key signed by a trusted third party or Certificate Authority. Certificates make it possible for
different users to trust one another's public keys. X.509 certificates are an electronic credential like a government-issued ID
or passport. A certificate can be used to access an intranet or extranet application. For example, in order to log in to a
system a client application such as a web browser presents the user's certificate to the system and uses it for
authentication and access control. Information for external users, such as a business partner, can be made available to
users whose certificates were issued by the organization for that purpose.
Certificates can be revoked or they may expire. Key escrow entrusts certificates to the third party so that an organization can
retrieve information that may have been encrypted maliciously.
Conventional intranet and extranet applications typically use a combination of security mechanisms that include:
• Encryption
• Authentication
• Access Control
Authentication means there is a mechanism in place to verify that an entity accessing information is permitted to do so. The best
example is a login ID and password but there are other types of authentication. One example is verifying the network address of a
connecting host. Authentication is like a gate. Once a user passes through the gate there are secondary controls (Domino Access
Control Lists or ACLs) that determine what information may be accessed or manipulated.
In summary, encryption applies to the connection or transport (such as SSL) or to other data (S/MIME for email). A document or
application may be digitally signed to prove the identity of the originator. X.509 certificates provide Public Key encryption and
digital signatures just as the Notes ID does within the proprietary Notes and Domino security model. Authentication provides a
gate through which only authorized users may pass and access controls determine what information may be accessed or
manipulated by a given user.
Playing a key role in the proliferation of PKIs is the Lightweight Directory Access Protocol (LDAP). LDAP directories are used to
provide a facility for access to the Public Keys of users and to store access control information. The Domino Name and Address
Book (NAB) is accessible through LDAP. In coming version we can expect to see tighter integration of the Domino NAB with LDAP
and integration of X.509 certificates with existing Domino PKI. Since Domino provides a complete PKI management solution
extending this technology to fully embrace Internet security standards is a natural step.
Introduction
1.1 Background
Today more than ever before, governments operate in an environment of
evolving risk. The world as a whole is more connected; unexpected events are
more likely to happen; and attacks on infrastructures, networks, and systems
have become increasingly more sophisticated. The Abu Dhabi Government has
begun to aggressively develop and facilitate the electronic delivery of its
services through a new e-Government programme—but this move, while
essential, compounds these risks by exposing the Government to technology-
driven threats and infrastructure vulnerabilities and allowing intentional and
unintentional access to sensitive information. A risk-based approach to
information security must now be adopted.
1.2 Purpose
1.1 Background
Today more than ever before, governments operate in an environment of
evolving risk. The world as a whole is more connected; unexpected events are
more likely to happen; and attacks on infrastructures, networks, and systems
have become increasingly more sophisticated. The Abu Dhabi Government has
begun to aggressively develop and facilitate the electronic delivery of its
services through a new e-Government programme—but this move, while
essential, compounds these risks by exposing the Government to technology-
driven threats and infrastructure vulnerabilities and allowing intentional and
unintentional access to sensitive information. A risk-based approach to
information security must now be adopted.
1.2 Purpose
The Information Security Programme goes beyond the traditional view of
information technology to ensure that sensitive Government information is
protected throughout its lifecycle within a service as well as within the
automated systems where data is processed. Abu Dhabi recognises the
importance of developing this programme to be coordinated and integrated with
the related assurance disciplines of physical and personnel security, business
continuity, and cross-functional risk management, and understands the need for
it to provide both assurance and security for Government missions. All of these
areas are included in the Information Security Programme, with activities to
ensure their integration under a mission assurance umbrella.
The Abu Dhabi Information Security Policy establishes overall direction for the
Government-wide Information Security Programme and its roles and
responsibilities. Endorsed by the Executive Council, it sets the Programme’s
scope and boundaries and establishes uniform roles and responsibilities for pan-
Government ADGEs. The Information Security Policy also establishes polices
across 14 management and functional information security processes, and
includes a glossary of key programmatic terms.
Procedural Guides
Functional Guides
ST&E is conducted to verify and validate that security controls have been
implemented as documented in the Information Security Plan. This is Step 3 of
the Risk Management process, and can be conducted by either an internal test
team or an external party depending upon the classification of the system being
assessed. Systems categorised as HIGH or MODERATE must follow an
Independent Verification and Validation method of assessing controls, which
requires testing to be conducted by an independent party. ST&E for systems
categorised as LOW may be handled by a team from within the ADGE. The
ST&E phase produces a report that details findings from the test and
subsequent evaluation—this will be used to objectively determine the security
exposure of the ADGE’s information system as it identifies need for additional
controls to be implemented and current controls to be strengthened.
2.4.4 Certification and Accreditation
ADGEs should begin implementing the Risk Management process for their
systems during the design phase, and establish a C&A plan prior to the system
going live. While the recommended method is to implement the Information
Security Programme’s 14 information security processes from the beginning
and moving down the list, these processes do not necessarily have to be
implemented in order.
ADSIC’s role in going forward is to guide and assist the ADGEs as they
implement the Abu Dhabi Information Security Programme. As it continues the
process of fully building out the Programme, ADSIC will provide the ADGEs
with additional guidance and offer training on the Risk Management process on
a periodic basis.
The Abu Dhabi Information Security Policy establishes overall direction for the
Government-wide Information Security Programme and its roles and
responsibilities. Endorsed by the Executive Council, it sets the Programme’s
scope and boundaries and establishes uniform roles and responsibilities for pan-
Government ADGEs. The Information Security Policy also establishes polices
across 14 management and functional information security processes, and
includes a glossary of key programmatic terms.
Procedural Guides
Functional Guides
ADSIC has designed the Risk Management process to safeguard not only the
ADGE’s information technology assets, but also its organisation and business
processes. It includes both management and functional controls, and can be
broken down into the four distinct phases—Risk Assessment, Information
Security Planning, ST&E, and C&A—mentioned previously. Each phase has
its own ADSIC process guide.
ST&E is conducted to verify and validate that security controls have been
implemented as documented in the Information Security Plan. This is Step 3 of
the Risk Management process, and can be conducted by either an internal test
team or an external party depending upon the classification of the system being
assessed. Systems categorised as HIGH or MODERATE must follow an
Independent Verification and Validation method of assessing controls, which
requires testing to be conducted by an independent party. ST&E for systems
categorised as LOW may be handled by a team from within the ADGE. The
ST&E phase produces a report that details findings from the test and
subsequent evaluation—this will be used to objectively determine the security
exposure of the ADGE’s information system as it identifies need for additional
controls to be implemented and current controls to be strengthened.
ADGEs should begin implementing the Risk Management process for their
systems during the design phase, and establish a C&A plan prior to the system
going live. While the recommended method is to implement the Information
Security Programme’s 14 information security processes from the beginning
and moving down the list, these processes do not necessarily have to be
implemented in order.
All ADGEs, as outlined in the Abu Dhabi Information Security Policy, are
required to comply with the Information Security Standards. Implementation of
security controls can be fully effective only when all stakeholders understand
the consequences of not securing Government information.