Internet service providers have some thinking to do when it comes to the topic of encryption. Does encryption help you to build your business or does its complexity drive customers away? There’s an increasing awareness that encryption is hugely important, but very few people are using it regularly because it’s too complex. Why is encryption so important, and what can we do to drive adoption?
The current release of Univention Corporate Server supplies various security updates and bug fixes and now offers Dovecot as the default mail server as well as the possibility to define LDAP filters for policies. UCS 4.0-3 now also brings the automatic creation of Univention Apps as images for various virtualization environments. The apps available in the Univention App Center are now automatically provided as complete applications that consist of UCS as the platform, UVMM as the management system, and the app itself. They are ready to download for various virtualization formats such as VMware or KVM.
Even if you only have a small number of staff, the administration of individual user accounts for numerous applications and the corresponding access rights can still prove very time consuming. When responsibilities change hands or when new members of staff join the company at the latest, the IT infrastructure becomes characterized by uncontrolled growth, which not only requires a lot of time to handle, but also becomes more and more insecure over time. More often than not, the administration of the users and their rights gets neglected at some point. As the enterprise expands, this type of out-of-control infrastructure becomes more and more risky and dangerous. Centralized user management in the form of an identity management system can help you to rein your IT back in again.
The beating heart of an identity management system is often a so-called LDAP directory service, which is also integrated in our Univention Corporate Server. LDAP stands for lightweight directory access protocol, so it really only describes the protocol itself, although people also tend to talk about “the LDAP” when they actually mean the LDAP directory service.
According to a survey conducted by analyst firm Statista GmbH, 44 percent of German companies have moved their business to the cloud. During the last couple of years, many cloud providers have developed different applications and the upward trend will remain steady. Our development-team from Sweden designed the business software Fortnox already in 2001, so we can confirm that the trend of moving businesses to the cloud is an upward trend. Especially, the future development is crucial because the requirements for cloud providers are growing continuously. Plenty of new suppliers are entering the cloud market every day, so the competition is increasingly high. Providers of cloud solutions have to stand out with new and innovative products otherwise they will leave the cloud market as fast as they entered it.
Univention integrated Dovecot as new default IMAP/POP3 mail server in UCS. This article gives a first overview about this integration.
Why Dovecot as default IMAP/POP3 server in UCS?
Dovecot has a focus on security, stability and performance, while complying with established standards. Similarly to Postfix Dovecot starts a couple of separate processes for different tasks. The processes can be run with different owner and group permissions to limit the impact of a security incident.
Dovecot supports several backend storage formats: mbox, Maildir and dbox. In each case it uses indices to increase access performance. Their self healing and self optimizing features reduce tedious administrative intervention and simplify backups.
Here at Univention, we are of course also concerned by the attack on the German parliament’s IT infrastructure, better known as the “Bundestag hack”. To recap: It appears that there were some bogus e-mails there including links to malware. A number of the Windows PCs in the Bundestag’s “Parlakom” network were or may still be infected with the malware, which is alleged to have searched for and copied certain confidential Word documents. According to a report in the Tagesspiegel (German) newspaper, this allowed the hackers to gain “administration rights for the infrastructure”. The attack was conducted as an “advanced persistent threat” or “APT attack” for short: in other words, a complex, multi-phase attack on the German parliament’s “Parlakom” IT network.
There are a whole host of “classic” approaches for taking over IT systems, such as the exploitation of security vulnerabilities in the software, the interception or guessing of passwords (brute force attacks) and the cracking of password hashes. These methods are well known and it is comparatively simple to reduce the risk of such attacks’ being successful. The requisite measures are: regular, comprehensive and rapid installation of updates, encryption of sensitive data and network communication using state-of-the-art encryption standards, the use of sufficiently long passwords, logging of failed login attempts and blocking of user accounts with too many failed attempts, the use of salted password hashes (the salt converts two identical passwords into different hashes), iteration of the hash functions (rounds) and changing passwords regularly.
As manager of Univention North America, I often find myself working on the go. While free WiFi and mobile Internet are slowly bridging the gap between the office, airport lounges and hotels, connections are often slow and congested whenever many people are congregating.
While many office documents can still be worked on when on the go, synchronization with the office and collaboration with coworkers are still difficult, especially, if you have to consider questions like data and transmission security, including secure access to the company network, travel across time zones or, oh horror, the date line and slow connections.
Of course, travel needs are not the only reason, why you would want to look at these applications, for synchronization and collaboration can also greatly benefit teams that work at multiple locations or colleagues frequently working from home. In the end, nothing is worse than finding out that an employee has uploaded much of the companies confidential knowledge base to a cloud service, because tablets, smart phones or collaborations are words that the IT office can’t be bothered with.
Identity management (IdM) in essence refers to the management or administration of individual identities within a system, such as a company or network.
Within the corporate world, ID management refers more specifically to providing IT managers with a centralised administrative system (Identity Management System – IdMS) where company users and permission restrictions to applications such as ERP, CRM, e-mail client etc etc can be grouped together and managed collectively. The principle objective behind IdM is to improve security and protection for sensitive company data and systems, whilst simultaneously improving productivity as well as reducing costs, downtime and repetitive time consuming tasks. [1]
What makes Identity Management Systems such as Univention Corporate Server (UCS) so useful is that they can be integrated into a whole host of systems including for example corporate phone systems like pascom’s mobydick VoIP Communications Solution as illustrated by the following video.
It’s not just in our working lives that digitalisation is constantly gaining ground; the number of digital devices we use at home is also increasing on a daily basis. A family of four or a shared flat can easily boast a formidable number of different devices and applications. It gets even more interesting when friends come to visit and want to play a movie on your television or use your printer. And it gets downright complicated if all these digital devices have to interact with each other too! In such cases, the requirements are often hardly any different from those of a small company, and the need for more comprehensive functions soon arises.
Many people already have a small home server at home, even if they don’t realise it. Boxes like QNAP, Synology and the like are often used for central file storage and as media servers, and these little boxes can really do much more than you’d think. So why not tap the existing potential?
When I started at Univention’s Professional Services in Germany, one of the questions I was asked was “Where do you see yourself in 5 years?”. Being prepared for the interview, my answer was a mixture of showing my idea of working with customers, my understanding of the technologies of UCS as well as my personal goals and dreams. Looking back to my answers in our HR folder, I have to admit that life has taken many turns that I didn’t plan for. Today, I’m no longer working in Professional Services. For a bit over a year, I’ve been Univention’s North American Operations dealing not only with technical projects but also with Sales, PR and Management as a whole.
What better chance is there to look back at the challenges and opportunities our move to the US has presented to us at Univention. I will look at the problems we could solve for our customers, the technical challenges UCS has mastered and how it changes us as a company when striving for perfection. For this reason, I’m happy to introduce this short series of blog posts looking back at the past and giving an outlook into the future: