Zope/Plone secure enough for the army?
Hi Zopers For a multi-national military project I have suggested using Plone as CMS and collaboration platform. However, I need to convince people that Zope/Plone is secure enough to prevent leaking of sensitive data. Is it possible to set up a publicly accessible Web server with Plone that contains public as well as private data neatly separated depending on login user and group? Even group members should not be able to see data of other groups unless explicitly permitted to do so. What is the best pattern of use? Are there good examples of similar deployments (NATO, NASA)? How do they deal with this? thanks a lot for your help Andre -- Dr. Andre P. Meyer http://home.hccnet.nl/a.meyer/ TNO FEL Command & Control and Simulation, http://www.fel.tno.nl/div2/ Delft Cooperation on Intelligent Systems, http://www.decis.nl/
On Thu, Apr 08, 2004 at 12:07:10PM +0200, Andre Meyer wrote:
For a multi-national military project I have suggested using Plone as CMS and collaboration platform. However, I need to convince people that Zope/Plone is secure enough to prevent leaking of sensitive data.
There are a lot of technologies you can use. For example: Use Apache as front-end server, use https and 128 bit encryption, use certificates/pki (with or without tokens), single sign-on, ldap/active directory/radius, use seperate zope/plone instances. There are enough technical means to choose from. Zope3 might get TUV-IT approved, see http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Zope3Newsle... (don't know current status) Take the following quote of Bruce Scheiner into consideration: "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology" So focus on non-technology side of information security: for example 'Code voor informatiebeveiliging' (I assume you're dutch), British BS 7799 2002 standard on security, ISO17799, etc.. Pieter
Andre Meyer wrote:
For a multi-national military project I have suggested using Plone as CMS and collaboration platform. However, I need to convince people that Zope/Plone is secure enough to prevent leaking of sensitive data.
Security always depends on how deeply you want to look. At the end of the day, any application will only be as secure as you can make it given your understanding of the problem. Very few people would be so brash as to claim to understand *every* aspect of zope and its security implications. What matters is how well you understand what it is you're trying to accomplish and how the tools at your disposal work. That said, can you define "sensitive data?" Is a username sensitive data? Is a document a user uploads senstive data? Is the path the on the host system the software is running beneath sensitive data? To answer "is X secure enough" you have to be able to define "enough."
Is it possible to set up a publicly accessible Web server with Plone that contains public as well as private data neatly separated depending on login user and group? Even group members should not be able to see data of other groups unless explicitly permitted to do so.
Sure. Provided you understand what you're doing and limit the privileges of your users accordingly.
best pattern of use? Are there good examples of similar deployments (NATO, NASA)? How do they deal with this?
The "best" (there's no such thing) pattern of use for secure applications is probably that of 'least privilege'. If you don't need it, get rid of it. If a user doesn't need to do something, make it so they can't. [Of course, I've seen people try to take this too far and actually end up hurting system security; again, you have to know what you're doing.] -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy
Andre Meyer wrote:
Is it possible to set up a publicly accessible Web server with Plone that contains public as well as private data neatly separated depending on login user and group? Even group members should not be able to see data of other groups unless explicitly permitted to do so. What is the best pattern of use? Are there good examples of similar deployments (NATO, NASA)? How do they deal with this?
Zope (not Plone) is in use at NATO, NASA, and others. http://www.zope.com/ZopeClientList Shane
participants (4)
-
Andre Meyer -
Jamie Heilman -
PieterB -
Shane Hathaway