Views
This is a work in progress, but I thought it worthwhile to build it on the Wiki.
It's pretty much a late night brain dump at the moment - I'll tidy and refactor as I go along.
I'll remove these comments when I'm done. In the meantime, feel free to fix any errors or add a note asking me to expand or clarify any points.
I tried to upload a diagram to include on this page, but don't know where it's gone!
Mifos Security
Background
Three options for network security have been discussed in the list. This page is intended to gather information about options, discuss their strengths and weaknesses, and look at ways to implement them.
There may be others: Add them to the page!
This is not, currently, intended to discuss data security (backups and the like) or authentication of clients and users, although both these areas are worthy of attention.
Why Would We Want to do It?
Mifos contains personal and financial data, which is often carried between the Mifos Server and users over the network. These data must be protected from unintended disclosure.
Options
The options discussed were:
- A Virtual Private Network
- TLS/SSL (HTTPS)
- IP Limiting
These will be analysed briefly, followed by some real-life examples.
Virtual Private Network
A VPN normally provides secure, encrypted traffic over the Internet between nodes. See this Wikipedia page for lots of information.
In the case of Mifos, one node will be the Mifos Server and others would be either single workstations or a group of workstation on an office LAN.
There are commercial options, but the one considered here is OpenVPN with the OpenVPN GUI client installed on Windows workstations.
This is a TLS/SSL VPN. The other main option is IPSec, with Openswan as an example. We have tried both and now use OpenVPN.
Referring to the diagram, the users make their VPN connection to the firewall, then they use an internal IP address within the VPN session to connect to resources on the network. Suitable firewall rules are required.
How To Build an OpenVPN Network
Two option will be covered:
- A VPN Gateway with multiple Windows workstations
- A Gateway to Gateway network, allowing multiple workstations at the remote site to connect.
A hybrid network combining both options can also be set up if you have a combination of remote sites with multiple computers and single-PC sites or mobile users.
TLS/SSL (HTTPS)
This is one of the most common ways to secure information in a browser session, and gives the familiar padlock icon to show a page is secure.
Data is encrypted to a reasonable level - banks trust it - making interception of confidential information unlikely.
Users are familiar with it: they will be used to seeing the padlock when they visit secure sites.
The downside is that the MFI will need a server certificate, which costs money and may be an inhibiting factor.
Free certificates are available CACert is an example, but their root certificate is not included in mainstream browsers and needs user intervention to install.
Referring to the diagram, the users' sessions are directed to the web server or reverse proxy by the firewall and the traffic is decrypted there.
Note: HTTPS is straightforward to implement with a web server using, for example, Apache or IIS, but I haven't worked out how to do it with Tomcat as yet. This is a current area of research, and I'd appreciate any pointers...
IP Limiting
The IP addresses of the nodes allowed to connect to Mifos are defined in advance.
I'll put in some more analysis later, but believe this to be the weakest option for a few reasons including:
- Data is not encrypted unless some other mechanism is employed
- It will fail for dynamic IP addresses, typical of dial-up or ADSL links