In the upcoming weeks we will publish a step-by-step guide to the first steps with Univention Corporate Server.
In todays first film we give you an overview about the upcoming topics.
One of the most staggering experiences I had when transferring from our Professional Services team to North American management was that suddenly I got into the first line of contact with the potential customer. Suddenly the filter, which was the German Sales team, was gone and I had to handle all customer questions directly. It was a fascinating experience though, because I suddenly didn’t just have to do the work I was used to but also had to explain what our Consulting Team is usually doing and why the customer has to pay for it.
Internet service providers have some thinking to do when it comes to the topic of encryption. Does encryption help you to build your business or does its complexity drive customers away? There’s an increasing awareness that encryption is hugely important, but very few people are using it regularly because it’s too complex. Why is encryption so important, and what can we do to drive adoption?
The current release of Univention Corporate Server supplies various security updates and bug fixes and now offers Dovecot as the default mail server as well as the possibility to define LDAP filters for policies. UCS 4.0-3 now also brings the automatic creation of Univention Apps as images for various virtualization environments. The apps available in the Univention App Center are now automatically provided as complete applications that consist of UCS as the platform, UVMM as the management system, and the app itself. They are ready to download for various virtualization formats such as VMware or KVM.
Even if you only have a small number of staff, the administration of individual user accounts for numerous applications and the corresponding access rights can still prove very time consuming. When responsibilities change hands or when new members of staff join the company at the latest, the IT infrastructure becomes characterized by uncontrolled growth, which not only requires a lot of time to handle, but also becomes more and more insecure over time. More often than not, the administration of the users and their rights gets neglected at some point. As the enterprise expands, this type of out-of-control infrastructure becomes more and more risky and dangerous. Centralized user management in the form of an identity management system can help you to rein your IT back in again.
The beating heart of an identity management system is often a so-called LDAP directory service, which is also integrated in our Univention Corporate Server. LDAP stands for lightweight directory access protocol, so it really only describes the protocol itself, although people also tend to talk about “the LDAP” when they actually mean the LDAP directory service.
According to a survey conducted by analyst firm Statista GmbH, 44 percent of German companies have moved their business to the cloud. During the last couple of years, many cloud providers have developed different applications and the upward trend will remain steady. Our development-team from Sweden designed the business software Fortnox already in 2001, so we can confirm that the trend of moving businesses to the cloud is an upward trend. Especially, the future development is crucial because the requirements for cloud providers are growing continuously. Plenty of new suppliers are entering the cloud market every day, so the competition is increasingly high. Providers of cloud solutions have to stand out with new and innovative products otherwise they will leave the cloud market as fast as they entered it.
Univention integrated Dovecot as new default IMAP/POP3 mail server in UCS. This article gives a first overview about this integration.
Why Dovecot as default IMAP/POP3 server in UCS?
Dovecot has a focus on security, stability and performance, while complying with established standards. Similarly to Postfix Dovecot starts a couple of separate processes for different tasks. The processes can be run with different owner and group permissions to limit the impact of a security incident.
Dovecot supports several backend storage formats: mbox, Maildir and dbox. In each case it uses indices to increase access performance. Their self healing and self optimizing features reduce tedious administrative intervention and simplify backups.
Here at Univention, we are of course also concerned by the attack on the German parliament’s IT infrastructure, better known as the “Bundestag hack”. To recap: It appears that there were some bogus e-mails there including links to malware. A number of the Windows PCs in the Bundestag’s “Parlakom” network were or may still be infected with the malware, which is alleged to have searched for and copied certain confidential Word documents. According to a report in the Tagesspiegel (German) newspaper, this allowed the hackers to gain “administration rights for the infrastructure”. The attack was conducted as an “advanced persistent threat” or “APT attack” for short: in other words, a complex, multi-phase attack on the German parliament’s “Parlakom” IT network.
How IT systems can be taken over
There are a whole host of “classic” approaches for taking over IT systems, such as the exploitation of security vulnerabilities in the software, the interception or guessing of passwords (brute force attacks) and the cracking of password hashes. These methods are well known and it is comparatively simple to reduce the risk of such attacks’ being successful. The requisite measures are: regular, comprehensive and rapid installation of updates, encryption of sensitive data and network communication using state-of-the-art encryption standards, the use of sufficiently long passwords, logging of failed login attempts and blocking of user accounts with too many failed attempts, the use of salted password hashes (the salt converts two identical passwords into different hashes), iteration of the hash functions (rounds) and changing passwords regularly.
As manager of Univention North America, I often find myself working on the go. While free WiFi and mobile Internet are slowly bridging the gap between the office, airport lounges and hotels, connections are often slow and congested whenever many people are congregating.
While many office documents can still be worked on when on the go, synchronization with the office and collaboration with coworkers are still difficult, especially, if you have to consider questions like data and transmission security, including secure access to the company network, travel across time zones or, oh horror, the date line and slow connections.
Of course, travel needs are not the only reason, why you would want to look at these applications, for synchronization and collaboration can also greatly benefit teams that work at multiple locations or colleagues frequently working from home. In the end, nothing is worse than finding out that an employee has uploaded much of the companies confidential knowledge base to a cloud service, because tablets, smart phones or collaborations are words that the IT office can’t be bothered with.