15 Junee 2013 Team Maanageer Security 1 INTRODUCTIO ON The purpo ose of this do ocument is to describe the security meaasures taken tto ensure all the data used d in Belt Analyyst Team Man nager is prote ected and also o all the userss using Belt A Analyst Team Manager aree protected d. The document first describes an overrview of the TTeam Manageer architecturre, then goes into detail for each to describe the meassures taken to secure dataa and commu unications. 2 ARCCHITECTURRE Team Manger is a web b application that t can be accessed from m inside Belt A Analyst. Theree are three m main layers to the t architectu ure of Team Manager: M 1‐ Team Manager M Client Applicatio on: This is a so oftware moduule embedded in Belt Analyst that acts as the User Interface for Team T Manager. It allows Team T Mangerr users to con nnect to the TTeam Mangerr web services and a use all its features. 2‐ Team Manager M Web b Services: This T layer is caarries all the TTeam Manageer features an nd is the gateeway to the dattabase. 3‐ Team Manager M Data abase: This laayer stores all the Team M Manager userss, data and files. 3 TEAAM MANAAGER CLIEN NT APPLICA ATION This sectio on will cover security measures taken to t protect useer information on the userrs’ side of Teaam Manager. 3.1 PASSWORDS All passwo ords entered in Team Man nager are enccrypted the m moment they are typed. Teeam Managerr uses the Windo ows Data Pro otection API (D DPAPI) to enccrypt passworrds. When a user logs in to Team Managger, the encryypted passwoord is kept in memory so itt can be used to establish connections to t the Team Manger M serve er as needed.. This preventts detecting the password by scanning the t memory on the machiine. Once the e user disconnnects from the server or closes Belt Anaalyst, the encrypted passworrd is deleted from memoryy. Belt Analyst ™ ‐Team Manager Securitty 15 June 2 2013 3.2 REMEMBER PASSSWORD FEATTURE ore passwords locally so th hat users wonn’t have to typ pe them everry time they w wish Team Manager can sto m Manager se erver. Team Manger M uses tthe Windowss Data Protecttion API to to connecct to the Team encrypt th he passwordss and store th hem locally. Fo or this featurre, the passwo ord is “salted d” to further increase the t complexitty of the encrrypted passwo ord. When a user logs into o Team Manaager with the “Rememb ber Password” checkbox ch hecked, Team m Manager enncrypts the paassword and stores it on tthe user’s harrd drive for later access. 3.3 FORGOT PASSW WORD FEATUR RE et their passw words using thhe “Forgot Password” feature. When a user Team Manager allows users to rese creates th heir Team Maanager user, they t are asked d to create a Secret Questtion and a Seccret Answer. In the eventt of the user forgetting the eir password, the user is prresented with h the Secret Q Question so they can input the Secret An nswer. If the Secret Answe er is correct, aan email is seent to the useer’s saved email address with w the new password. p 4 TEAAM MANAAGER WEB SERVICESS This sectio on will cover the security measures m takken to protectt the Team M Manager web services on th he cloud. 4.1 FIRREWALL The web services s layerr is protected by a local sofftware firewaall, which screeens incoming packets accordingg to rules about their conte ents, sources,, and port. Paackets that arre not needed d for operatio on of the software are discarded, along with w packets with w untrusteed sources or packets that are sent repeatedlly, packets wiith invalid con ntents, or pacckets that apppear altered. 4.2 AMAZON M SECURRITY GROUP Amazon Web W Services provides a method m of scre eening all connnections com ming into, or o out of, an Am mazon instance by b source, port, or protoco ol. This allowss us to set a fiirst line of deefense, restriccting the communications passing into, out of, o or between n servers. Thhis acts as an outer firewall to prevent disallowed packets from ever reach hing the web services s layerr, and also restricts accesss to the datab base component solely to th he web servicces layer. 4.3 WSSDL AND MEETADATA By defaultt, web service es publish information on their interacttion parameters, protocols, and specifications. While th his informatio on can help se ervices conneect appropriaately, or aid su upport for custom clients, it can also help p hackers dete ermine the be est method oof attack. Disaabling metadaata display for our Belt Analyst ™ ‐Team Manager Securitty 15 June 2 2013 web services prevents the use of th his data by potential attackkers. Debuggiing and error reporting aree disabled, except to autthorized Overrland personn nel, to furthe r prevent thee malicious usse of metadatta and serve er information n. 4.4 HTTTPS & SSL The web services s are configured c to so that all co onnections maade to the servers use thee Hyper Text Transfer Secure S (HTTPSS) protocol, which w utilizes the Secure S ockets Layer (SSL) protoco ol. This is don ne by storing a SSL S Certificate on the servver after it hass been “signeed” by a Certificate Authorrity (CA). The CA signature validates the e certificate which w in turn prevents p Mann‐In‐The‐Middle attacks. TThe server theen uses the certificate c to encrypt all traaffic between n the server aand the clientt application. 4.5 CONSECUTIVE O FAILED LOGIN ATTEMPTS After 5 co onsecutive failed login atte empts, the user will be lockked out of the web servicees. This allow ws us to protectt our users in the event of brute‐force attacks a perfo rmed on the web servicess that guess o our users’ passswords. 4.6 ACCESS TO BELTT ANALYST PROJECTS R ontrolled thro ough the web services. Eacch request maade to download Access to Belt Analyst Projects is co or upload is inspected to make sure e that the use er making thee request has the right to d do so. Access to projects depends d solely on the userr’s access to the t containingg folder. Userr access inforrmation is nevver cached in the web servvices. This forrces each request to reachh the database to make sure the user haas access to the projects at the time th he request waas made and avoids all staale cache prob blems. 4.7 WEB E SERVICES BEST PRACTICES In addition to the abovve, our web services layer implements iindustry standard best praactices for serrver configuration and web b service security. This help ps assure thatt, even in thee event of an attack, servicce functions and informattion are prote ected. In addiition, removinng unused modules and fu unctionality from the web servers s helps reduce attack area and prrevent wastedd resources, iincreasing relliability and further so olidifying secu urity. 5 TEAAM MANAAGER DATAABASE This sectio on will cover the security measures m takken to protectt the Team M Manager datab base on the ccloud. 5.1 PASSWORDS ords are salte ed and hashed d with an enccryption algorrithm before getting saved d in the datab base. All passwo This proce ess is called: One O way passsword encryp ption. Salting is a techniquee used to make the encryp ption process more m complexx. It entails ad dding a randomly generateed string of ch haracters to tthe password Belt Analyst ™ ‐Team Manager Securitty 15 June 2 2013 before haashing the passsword. This method m of en ncryption makkes recoverin ng passwords almost impo ossible, the reason being that an a attacker –in the highly unlikely evennt of acquiringg the passwords in the database – would not be able match the passwo ord hashes wiith any “Rainb bow Table” b because of thee randomlyy added salt. A Rainbow w Table is a pre‐calculated d table of all common c passswords and th heir resulting hashes. 5.2 SQ QL INJECTION ATTACKS SQL Injecttion attacks are a done by passing SQL statements to tthe databasee using string variables to gget the datab base to either store malicio ous information, force it too corrupt itseelf, delete itseelf, delete datta or give up im mportant information such h as username es, passwordss, etc. To preven nt against the ese attacks, we w installed th he first line off defense at th he web servicces layer. All Strings paassing through h the web serrvices are che ecked for lenggth and validiity before gettting passed tto the database.. The secon nd measure we w are taking is we are nott using any dyynamically creeated SQL staatements, wee only use Stored Proceduress to communicate with the e database. Sttored Procedures ensure tthat all Stringg variables passed to the e database arre “escaped” so that any sppecial characcters that could be interpreeted as statem ments are bypaassed and handled safely, that preventts the execution of any maalicious Stringg content. en is we restrricted the ability to edit, addd or removee databases aand user The third measure take informatio on to the adm ministrator usser of the database. We ennsured that th he web servicces can’t perfform any edit, add a or removve database operations. o 5.3 AMAZON M SECURRITY GROUP As describ bed in the pre evious section n, an Amazon n Security Grooup is used to o restrict netw work traffic to oa group of computers c ru unning on the Amazon clou ud. To make ssure the database is isolated, it is placeed in a separate security s group that allows only traffic in nitiated by thhe web servicces to reach th he database.