 |
 |
 |
 |
| |
|||||
|
|
|
 Balancing the Requirements Collaborative Security By Christine Eliopoulis
The creators of many commercial collaboration offerings designed them using multimedia and conferencing standards that were not originally developed with security in mind. Although an International Telecommunications Union (ITU) standard for security in multimedia collaboration exists, few if any products are available that claim to implement the standard. Most first-generation applications have been developed with little or no security support, restricting their applicability to environments in which there is a great degree of trust among collaborators and collaboration sessions do not involve sensitive matters. The lack of authentication, access control, and privacy support in these tools requires users to be vigilant in their procedural security and to be particularly conscious of the identities of session participants and their access to local resources. Balancing the often conflicting goals of collaboration and security is a challenge. To enhance tools to support improved security, vendors must decide where and how much security is needed. Electronic conferencing (e.g., text-based chat, audio, and videoconferencing) and data conferencing applications (e.g., shared whiteboard, application and screen sharing) are likely candidates for improved security features. Authentication and access control are particularly important when using conferencing tools such as application or screen sharing that can afford relatively open access to local desktops or networked resources. Users need a mechanism for identifying collaborators and limiting which files, applications, or portions of a system they may have access to during a collaboration session. The use of audio and video tools can introduce opportunities for compromise as well. When using these tools, remote collaborators have "eyes and ears" into the host's environment that could lead to eavesdropping, at the worst, or embarrassment, at the least. Maintaining a physical presence when these tools are in use can limit potential exposure. Another feature that would improve the security of most types of conferencing and information-sharing capabilities is encryption-based privacy. Many tools offer privacy support that restricts the exchange of communications to certain named collaborators. Unfamiliar users, however, often confuse this capability with stronger encryption-based privacy. Private chat sessions and point-to-point audio and video are common examples of this weak brand of privacy. While limiting collaborators is sufficient in some environments, other situations require greater assurance and stronger protection from eavesdropping. Use of digital certificates issued from a Public Key Infrastructure (PKI) form the basis for most strong authentication schemes. Some newer versions of popular collaboration tools incorporate client-server encryption (all exchanges between client and server are encrypted), as well as data encryption for applications such as chat and application sharing. Without built-in application security features users must rely heavily on the elements of trust, perception, and sometimes paranoia. A major barrier to secure collaboration is found in multicast and H.323-based audio and video tools. Generally, use of these tools poses problems in environments where collaborators reside on firewalled networks because the tools often require a less restrictive firewall policy than most administrators are willing to permit. Some of the most popular H.323 implementations require the use of dynamic ports for User Datagram Protocol (UDP)-based audio and video streaming and Transmission Control Protocol (TCP)-based call control. Typical packet filtering firewalls don't support dynamic port filtering—they require application-specific proxies or very permissive firewall policies that open a wide range of ports for a potentially large number of hosts. Development of an application proxy is a very difficult task because of the complexity of the H.323 protocol, and opening a gaping hole in your site's firewall is never a good idea. Though some vendors are marketing H.323 firewall solutions, they are not sufficient for many environments. Most experts propose a wait-and-see approach with respect to H.323 through a firewall—that is, wait until a mature application proxy that brokers H.323 communications securely is available before permitting its use through a firewall. In addition to the H.323 firewall issues, Internet protocol (IP) multicasting—used by many audio and video tools—causes problems when used between firewalled networks. IP multicasting is the transmission of an IP datagram to a set of hosts (i.e., a multicast group) identified by a single IP destination address. Host group membership is dynamic and open; that is, any host may join and leave a group at any time. There is no built-in mechanism for implementing closed groups or communications privacy. Eavesdropping on multicast communications is trivial. Firewalls established as perimeter protection typically block UDP, the transport mechanism for multicast packets. Because of the connectionless nature of UDP, and, in particular, the fact that it does not have flow control or connection direction indication—it is almost impossible to define a reasonable firewall policy that allows some UDP communications and blocks others. Many of the protocols that are implemented over UDP are easily exploitable. In the case of multicast, security risks are compounded due to the fact that it is used as a mechanism for transmitting a single packet to multiple recipients. As you can imagine, this is a very efficient way of attacking a number of systems simultaneously. Researchers are working on solutions to address multicast security issues; however, commercial products that implement true multicast security are more than a year or two away. In the meantime, approaches used to tunnel multicast are being used successfully in environments in which the associated security risks are acceptable. So what does this mean for the company president and her son? In all likelihood the teenager is more worried about his mother listening in on his phone calls than he is about having his conversations with schoolmates snooped or spoofed. The company president has much more at stake. In the absence of security features built-in to the collaboration tools she uses, the president must take special precautions to protect her information from compromise. She should work with her security administrators to ensure that adequate network policies are in place to restrict the use of inherently insecure applications across the company's security boundary. She should make sure that her staff members choose collaboration tools with security requirements and concepts of operation in mind. Most importantly, the president—along with the rest of us—must wait—and anticipate—the contributions that new standards and greater security awareness will make to the collaboration technology market. For more information, please contact Christine Eliopoulis using the employee directory. |
Solutions That Make a Difference.® |
|
|
In
today's high-tech world, just about everyone from the company president
to her teenage son has used collaboration tools of one sort or another.
The company president sends e-mail memos to her staff, participates in
meetings in which participants share presentations online, schedules meetings
through the company's electronic calendar tool, and regularly conducts
meetings via videoconferencing. Her son spends more time chatting with
his friends online than watching television. Chances are, however, neither
is very aware of the security shortcomings of many of the collaboration
tools they use or the technologies put into place by security administrators
or Internet Service Providers (ISP) to protect their computers and networks.