Professional Documents
Culture Documents
net/publication/257354739
CITATION READS
1 507
4 authors, including:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Natalia G. Miloslavskaya on 03 June 2014.
ABSTRACT
The paper examines Intranet portal features. After that its logical structure is the following -
"vulnerabilities & threats -> security policies & security requirements -> secure portal model -> portal
design example". Known threats to separate portal resources and their potential users are reminded.
Implied requirements to Intranet portal security are elaborated. Reference model of a secure Intranet
portal is suggested. The MEPhI’s project “InfoWar” is quoted as the described model viability example.
KEYWORDS
Portal, Intranet portal, Web technologies, Information security
1. INTRODUCTION TO PORTALS
The next step of networks' evolution after LANs is a localized Internet of a particular
organization known as an Intranet. This "Search Driven World" [1] is intended to integrate
people, processes and information within an enterprise. Intranet as a corporate uniform
"information network" uses the Internet-based technologies within an organization to facilitate
communication and access to information. Common entry to the Intranet resources is a portal.
It provides a personalized single point of access to applications, content, people and processes
through one common user Web interface. As usual portals have no client software
dependencies beyond a Web browser.
Portals are divided into some classes according to their technical implementation and target
audiences. Well known from 1998 portal type is an Intranet (or corporate) portal. Businesses
are using it to implement a centralized point of access for information and services to customers,
employees and other businesses. Intranet portals provide storage, processing, analysis and
access control to the structured and not structured data used in internal and external business
processes. They accumulate data from diverse internal and external sources, provide access to
data by all users, present information in the format appropriate for each of them, provide
underlying services for such an applications as search, collaboration, workflow and security and
also guarantee performance and availability. Intranet portals solve a lot of the primary goals
facing IT departments: maintenance scalability and portability of corporate applications,
implementation principle of uniform administration and management point, Single Sign-on
support, reduction resources for infrastructure support etc. According to Shilakes and Tylman
[2] "Enterprise Information Portals are applications that enable companies to unlock internally
and externally stored information, and provide users a single gateway to personalized
information needed to make informed business decisions." They are: "... an amalgamation of
software applications that consolidate, manage, analyse and distribute information across and
outside of an enterprise (including Business Intelligence, Content Management, Data
Warehouse & Mart and Data Management applications)". Content Management Systems
process, filter and refine "unstructured" data and information, often restructure it and store it in
a corporate centralized/distributed repository. Business Intelligence tools access data and
information and through querying, reporting, on-line analytical processing. Data Mining and
Analytical Applications provide a view of information both presentable and significant to the
end user. Data Warehouses and Data Marts are integrated, time-variant, non-volatile collections
of data supporting DSS and EIS applications, and, in particular business intelligence tools and
processes. Data Management Systems perform extraction, transformation and loading, "clean
data, and facilitate scheduling, administration and metadata management for data warehouses
and data marts" [2]. As it can be seen even all the modern information and network
technologies are used for portal functioning support. Presence of some known, but unrepaired
vulnerabilities in them may be profited by different malefactors and thus affects general
information security of any portal implementation and ultimately any corporation viability.
2. VULNERABILITIES AND THREATS TO INTRANET PORTAL SECURITY
To be a smart business, companies must deploy a comprehensive and integrated framework of
information and collaborative solutions that work cohesively together to meet their users
requirements. For that purpose they must develop reliable security infrastructure to balance the
need for secure access management with the need for continuously available services based on
security clearance. A typical consumer self-service solution uses a single point of access to a
business through a Web-based Intranet portal. Consumers need to feel confident that portal
information and self-service features are secure. Naturally they need to trust that a portal
"owner" provides proper controls on personal information and transactions being carried out. In
turn information to/from portal users can be more effectively captured, audited and controlled.
The user logs on and is given access only to information that he/she is authorized to access. For
that purposes some notion of user roles or past history is usually supported. At the same time
portals have essentially simplified malefactors’ life. For example, if earlier it was possible to
limit an access to the certain applications at a network level with different passwords, with the
advent of the portal technologies this access is realized through a unique public point, controlled
at an application level. Hence, from the information security viewpoint a portal becomes the
"Enterprise Information Heart" which cardiac arrest leads to the significant losses. Mass users'
access, numerous known and meanwhile unrevealed vulnerabilities in the systems used and
software applied, incorrect configuring and portal architectures and other factors essentially
increase notorious threats to confidentiality, integrity and accessibility of portal resources.
Portals come in many shapes and sizes — and so do the problems associated with their security.
Generally, an Intranet portal is a classical Web application with a set of its typical security
problems. Various Web applications allow users-clients to gain access along the data channels
to a central resource — a Web server and via it to the others such as database servers. In
practice each of these components of the Web client-server architecture (servers, clients and
channels) are susceptible to very many old and modern security threats (executable because of
some vulnerabilities). For example one of unresolved is the problem of storage and transfer
user sessions identifiers (Session ID), used for authentication in a Web application. Today two
most widespread attacks on Session ID are a "cross-site scripting" attack (it allows abducting
Session ID from lawful users) and a "phishing" attack (it lures the unsuspecting user to a fake
web site looking and acting like trustworthy site of some brand). Because the site looks credible
the user often submits his/her personal data and even credit card number. Invitations to visit the
site are usually contained in e-mail messages with a fake return address. CGI scripts usage is
the next Web server threat, as far as many of CGI scripts contain program errors, which can be
used as loopholes by malicious persons. Java and JavaScript usage is one more problem to be
concerned with. Unlike CGI scripts Java code is run on a client side and that is why cannot
damage a Web server, but can contribute troubles to a client. Ensuring secure usage of Java and
JavaScript is based on a browser used by a client. Many of these problems appear as a result of
the errors in Java interpreters used by the browsers.
On the other hand another technologies used in a portal (such as sharing documents, support for
virtual, distributed working teams, usage of different communication tools and protocols, data
repositories, publishing systems etc.) need protection against their own specific types of threats
leading to different local and remote attacks. For example besides many basic possibilities
many portal solutions have tools for information publishing that essentially increases risk of
distribution of data containing malicious code: viruses, Trojan programs, malicious mobile
applications etc. There is also a problem of construction of secure authentication and
authorization subsystems while integrating several automated systems into a portal.
In such a short paper it is impossible to mention all the aspects of Intranet portal security (we do
not make it our aim) — as a typical information system any Intranet portal is subjected to all
typical attacks on it. But even such a brief analysis of its components has uncovered safety
problems facing a portal developer (and no doubt its owner) to make it a trusted tool for
business. Thus a portal application, such as that required by the consumer self-service solution,
must include robust security. It means more emphasis on portal resources’ security including
such an important items as privacy, content integrity, recognition, accessibility etc. As far as
the majority of them require safety assurance, it is reasonable to elaborate implied Intranet
portal security requirements and a complex approach to their realisation in the form of an
information protection subsystem as an integral (build-in) part of a secure Intranet portal.
3. PORTAL SECURITY POLICIES AND REQUIREMENTS
According to the classical approach to the information security maintenance an Intranet portal
should support three basic characteristics — confidentiality, integrity and availability.
Technology and computers cannot safeguard information automatically. It is necessary to
protect portal resources' and clients' information related to using this service.
As usual an Intranet portal needs two types of portal-based Web presence: an internal site for its
employees ("Inportal") and a public portal for its customers and partners (Extranet portal or
"Outportal"). There are different security requirements for these portal types defined to protect
portal resources from two classes of attackers - insiders (corporate employees) and outsiders
(partners, remote users and so on). Inportal should provide more information and services to its
users while Outportal should have essentially stronger restricting and user verification security
policies. Presence of written, approved, maintained and communicated security policies for all
Intranet portal components and users is critical. Without Intranet Portal Security Policies
(IPSP) there is no general corporate security framework. They provide guidelines to users on
processing, storage and transmission of portal resources and define what behaviour is and is not
allowed. IPSP consist of policies for acceptable use, user account and password, remote access,
intranet and extranet, information protection and many others [3, 4]. They must be concise and
easy to understand, implementable, updated regularly to reflect corporation evolution,
monitored and enforced and balance protection with productivity. IPSP also should state
reasons why policies are needed; describe what is covered by them (whom, what and where);
distinct levels of information sensitivity/access; be concerned about internal users as much as
external users; define contacts and responsibilities to outside agencies; discuss how violations
will be handled. IPSP awareness should be a part of employee orientation and education
sessions concerning an Intranet, its portal and their security, should be conducted regularly.
While many definitions of security mechanisms exist, for the sake of simplicity the list of key
Intranet portal security requirements should be defined as follows: identification and
authentication, encryption, centralized and local audits and access control [5].
Authentication is the verification of one's identity. It confirms that users are who they say they
are. For example, a user must provide a user name and password and/or biometric feature that
are checked by an authority (for example a database or a domain server). Authorization is the
process of granting/denying access to resources for specific users. It represents the permissions
that a user/group of users has on a particular resource(s). Both authentication and authorization
of portal resources (such as portlets and pages) should be controlled by a centralized security
mechanism managed in one central repository. Intelligent password policies should be
implemented, encompassing common user and password formats, retry limits and password
update rules.
There are a number of communication flows in Inportal and Outportal. Using encryption
protocols and Virtual Private Networks inside and outside an Intranet ensures that these
transmissions are confidential and transmitted information keeps integrity.
A secure portal is designed to be an application that is integrated to a centralized security access
manager and constantly been audited. Having too many resource objects can be complicated to
manage and can yield an overhead in the authorization lookup. A general rule would be to place
shared or enterprise resources under Intranet central management and leave fine-grained control
in the portal. The portal code in this model is granted unrestricted access to all resources it must
access on behalf of the users. The access control is effectively shifted from native resource
access control subsystems to the portal access control subsystem. Elevated privileges of the
portal code make it an attractive target of malicious attacks, because compromising only one
server gives access to all resources that were accessible to legitimate portal users. Also, the user
registry structure design needs to take into consideration any planned integration at an
enterprise-wide level.
Thus well-designed portal technologies combine standard processes for inventorying and
organizing sources of information, identifying users of that information and establishing rules
for granting and controlling access. Furthermore, an enterprise-level portal access management
solution should provide flexible administration models for cost-effective and time-efficient
management; easy integration with Web-enabled enterprise applications and legacy information
sources; open interfaces and support for standard technologies enabling rapid deployment of
new services; real-time monitoring; scalability to accommodate a continuously growing global
audience; strong universal security. Therefore while designing an Intranet portal it is necessary
to define its security requirements first of all. The suggested here list marks only the most
important requirements divided into six main groups. It does not pretend on the completeness,
because it can be easily extended depending on the specifics of the future Intranet portal usage.
Security Manager
1. Portal server (PS). The portal engine is responsible for the execution and rendering of the
portal. It uses one of the APIs to determine the access rights on a resource.
2. User registry (UR). This is a database containing user account information, typically a user
ID and password. It is used in the modern Single Sign-On systems.
3. User repository. This is a database, which contains user profile information, for example a
name or an address. It is possible for the UR and User Repository to be the separate data stores.
4. Directory server (DS). This subsystem provides the authentication information from the UR
and the user profile information from the User Repository. Information maybe accessed and
updated through the Lightweight Directory Access Protocol (LDAP), an open industry standard
for DS. For the UR there is a choice between using DS or Custom Registry. When using an
External Security Manager, it is more or less implied that a DS will be used. However, in a
stand-alone secure Intranet portal, either can be chosen. Choosing LDAP would allow for easier
integration to an External Security Manager at a later stage.
5. Application server (AS). It is responsible for all basic portal services (including for example
document access, groupware, indexing engines, application gateways, knowledge applications,
etc.), one part of which is Security Services.
6. Authentication proxy server (AP). All requests and responses are directed through the AP. It
is responsible for managing the authentication process. It uses the DS to access the UR for user
ID and password information. A reverse proxy is a component that is generally used to perform
URL mapping and manage user sessions (for example with SSL authentication of both the client
and server) in order to protect the Web site's structure from the outside world, but it can also be
used for authentication. This would typically locate in a Demilitarized Zone (DMZ) in front of
the portal. This extra protection would then influence where to use SSL. Another example is to
have the External Security Manager in its own DMZ.
7. Policy/authorization server (PAS). It is responsible for the system security management.
PAS maintains the master policy store with authorization and access control data. It offloads
the tasks of authorization decisions to the PAS when requests are made.
8. Policy store (PS). The PS as a repository of groups and access control lists (ACLs) is used by
the PAS for resources’ access control.
9. Trust association interceptor (TAI). It is responsible for establishing trust between the AS
and the PAS. It validates the request and provides the user ID to the AS obtained from the PAS.
10. Security Manager. It coordinates all security tools managing a distributed, constantly
changing environment.
Processes of portal users' authentication and authorization (after authentication) are listed in the
Table 1.
6. CONCLUSIONS
Brief motivation of information security implementation expediency for Intranet portals is
emphasized. Key security requirements for Intranet portal security are suggested. Functional
components of a secure Intranet portal model are listed. A real example referred to as
"InfoWar" developed in the MEPhI under the support of the Russian Foundation for Basic
Research demonstrates viability of the suggested reference secure Intranet portal model.
7. REFERENCES
[1] Horgan T. Developing Your Intranet Strategy and Plan - http://www.cio.com
[2] Christopher C. Shilakes and Julie Tylman, "Enterprise Information Portals," Merrill Lynch, Inc.,
New York, NY, November 16, 1998
[3] http://www.sans.org/resources/policies/
[4] http://www.eff.org/Censorship/Academic_edu/CAF/policies/
[5] IBM redbook - http://www.redbooks.ibm.com/
[6] David K. Black. Portal Security: Managing Identities and Relationships in a Competitive
Economy - http://www.accenture.com/xdoc/en/ services/secsol/insights/portal.pdf