Ideas to increase administrative security / privacy

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
prisma
Senior user
Senior user
Posts: 302
Joined: 2010-07-09 13:16

Ideas to increase administrative security / privacy

Postby prisma » 2017-05-16 17:45

Hello,

regarding exchange I have the possibility to adjust users ACLs. So the user could be able to backup a exchange Server or to do other administrative things with exchange without being able to read all mails.
With hmailserver I only have to click on the right mail address within messages folder an I'm able to use windows search to scan mails for some buzzwords. This is non-existent security.

I know that you guys will now scream, use encryption!!! But to implement a PKI or explain people how to use PGP only to have a little more privacy for the CEOs mails would be overkill. Especially because encryption wouldn't integrate seamless.
We only want to prevent that every dumb IT service technician is able to read internal use mails while he installs windows updates on the mailserver. Just a stupid example.

Has anybody ever had an idea how to solve that problem? I was thinking about EFS encryption. (This would mean hmailserver runs with an own Windows User and this Windows User uses an EFS certificate to encrypt the mail folder...)

Other ideas?

User avatar
SorenR
Senior user
Senior user
Posts: 2327
Joined: 2006-08-21 15:38
Location: Denmark

Re: Ideas to increase administrative security / privacy

Postby SorenR » 2017-05-16 18:47

prisma wrote:Hello,

regarding exchange I have the possibility to adjust users ACLs. So the user could be able to backup a exchange Server or to do other administrative things with exchange without being able to read all mails.
With hmailserver I only have to click on the right mail address within messages folder an I'm able to use windows search to scan mails for some buzzwords. This is non-existent security.

I know that you guys will now scream, use encryption!!! But to implement a PKI or explain people how to use PGP only to have a little more privacy for the CEOs mails would be overkill. Especially because encryption wouldn't integrate seamless.
We only want to prevent that every dumb IT service technician is able to read internal use mails while he installs windows updates on the mailserver. Just a stupid example.

Has anybody ever had an idea how to solve that problem? I was thinking about EFS encryption. (This would mean hmailserver runs with an own Windows User and this Windows User uses an EFS certificate to encrypt the mail folder...)

Other ideas?

How much can you do without a priviledged login to the windows server ??
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Ideas to increase administrative security / privacy

Postby mattg » 2017-05-17 01:11

What if the hMailserver data directory was on a SAN or NAS device with encrypted storage, and no search or indexing capacity...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

prisma
Senior user
Senior user
Posts: 302
Joined: 2010-07-09 13:16

Re: Ideas to increase administrative security / privacy

Postby prisma » 2017-05-17 10:33

@Matt: no bad idea, but as long the SAN is mounted, it's not more than a local drive. Searching is even possible with indexing disabled on that volume. But slow. Mounting a drive only for a special user is not possible with windows. NTFS ACLs could be re-adjusted from every local serveradministrator.

@Søren: regarding microsoft services, especially Exchange but also with other services, you have much more than just a "user" or an "administrator". You have always many roles for several tasks.

I'm slowly understanding, why microsoft does many things so ultimately complex. Because they have to... :)

Cheers Greg

katip
Senior user
Senior user
Posts: 454
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Ideas to increase administrative security / privacy

Postby katip » 2017-05-17 11:33

PMFJI, pls let me understand precisely:
the guy sits in front of the box & opens a local admin session.
so what do we try to hide or protect?
Katip
--
HMS 5.6.6.2383, MySQL 5.5.46, SpamAssassin 3.4.1, ClamAV 0.99.2 + SaneS & SecuriteI

prisma
Senior user
Senior user
Posts: 302
Joined: 2010-07-09 13:16

Re: Ideas to increase administrative security / privacy

Postby prisma » 2017-05-17 11:57

No problem. I want to hear every opinion. We want to protect the messages folder.

The problem is there's at the moment no additional security "around" the messages storage. Storing something plain text and searchable in the FS makes it hard to add security.
I did a lot of MCSE/MCSA certifications, so my example is always Exchange. With exchange a technician would be able to completely administer (e.g. backup, install drivers or what else) a physical server serving Exchange without being able to access communication.

How to achieve that with hmailserver? That's the question.

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Ideas to increase administrative security / privacy

Postby mattg » 2017-05-17 12:33

prisma wrote:@Matt: no bad idea, but as long the SAN is mounted...

Yes, but I wasn't suggesting mounting the drive to the local file system

hMailserver will use UNC paths for the data directory (or any customisable directory for that matter**)
You could send the data directory to device without adding that device to the local OS.
You could even have the database, your eventhandlers.vbs (events) and the logs secured on separate devices.
This is achieved via the hMailserver.ini

With logs, database, events and data directory all secured individually, someone would need a packet sniffer to see email contents, and then only in transit, and that risk is real no matter what you do short of encrypting all messages at individual message level.

**I read once that one thing that many security people forget is to put log files somewhere where they can't be tampered with, eg a write once CD
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

prisma
Senior user
Senior user
Posts: 302
Joined: 2010-07-09 13:16

Re: Ideas to increase administrative security / privacy

Postby prisma » 2017-05-17 13:19

mattg wrote:... someone would need a packet sniffer to see email contents, and then only in transit ...

I agree, this risk exists. But let's leave it aside.

You're right. hmailserver service could run with a special account, and only this account has access to the share. Easier than using EFS for that account...

Ok, we have: storing emails on a protected share or protecting local files with EFS. Any other ideas?

User avatar
SorenR
Senior user
Senior user
Posts: 2327
Joined: 2006-08-21 15:38
Location: Denmark

Re: Ideas to increase administrative security / privacy

Postby SorenR » 2017-05-17 18:59

Image
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.


Return to “Development & alpha discussions”



Who is online

Users browsing this forum: No registered users and 3 guests