lunes, 16 de julio de 2012

Seguridad Web


Session Token Hijacking

  • If an attacker can guess or steal the token associated with your session, he/she can impersonate you.
  • Example: predictable session token
    • Server picks session token by incrementing a counter for each new session.
    • Attacker opens connection to server, gets session token.
    • Subtract 1 from session token: can hijack the previous session opened to the server.
  • Solution: session tokens must be unpredictable.
    • Don't build your own mechanism! Use something provided by your framework.
    • Example: Rails token = MD5(current time, random nonce)
  • Even if session tokens chosen carefully, network attackers can read cookies from unencrypted connections. Sessions not using HTTPS inherently vulnerable to network attacks.
  • HTTP/HTTPS upgrades:
    • Suppose session starts out with HTTP, converts to HTTPS after login.
    • Network attacker could have read session token during HTTP portion of session.
    • Once logging is complete, attacker can use the token to hijack the logged in session.
    • Solution: change the session token after any upgrade in privileges.

Cross-Site Request Forgery (CSRF)

  • Attackers can potentially hijack sessions without even knowing session tokens:
    • Browser always includes cookies in requests to a particular server.
    • Scenario:
      • Visit your bank's site, log in.
      • Then visit the attacker's site (e.g. sponsored ad from an untrusted organization).
      • Attacker's page includes form with same fields as the bank's "Transfer Funds" form.
      • Form fields are pre-filled to transfer money from your account to attacker's account.
      • Attacker's page includes Javascript that submits form to your bank.
      • When form gets submitted, browser includes your cookies for the bank site, including the session token.
      • Bank transfers money to attacker's account.
      • The form can be in an iframe that is invisible, so you never know the attack occurred.
    • This is called Cross-Site Request Forgery (CSRF).
  • CSRF solution: server can mark forms that came from it
    • Every form must contain an additional authentication token as a hidden field.
    • Token must be unpredictable (attacker can't guess it).
    • Server provides valid token in forms in its pages.
    • Server checks token when form posted, rejects forms without proper token.
    • Example token: session identifier encrypted with server secret key.
    • Rails automatically generates such tokens: see the authenticity_token input field in every form.

Data Tampering

  • Server can't pass information to the browser and count on the browser to return it.
  • Example:
    • Server is expected to be stateless.
    • But, sometimes information is generated at the time a form is created, needed later on when the form is submitted.
    • One possible approach: include the information as hidden form fields; they will be returned when the form is posted.
    • Unfortunately, an evil browser can modify these fields before the form is submitted.
    • Similar issues exist for cookies, AJAX requests, URL query values.
  • Bottom line: server data coming from the browser is only as trustworthy as the user.
  • Solution #1: revalidate any information coming from the browser.
  • Solution #2: use Message Authentication Codes (MACs) to validate the sensitive data:
    • MAC function takes arbitrary-length text, secret key, produces a MAC that provides a unique signature for the text.
    • Without knowing the key, cannot generate a valid MAC.
    • Server includes MAC with data sent to the browser.
    • Browser must return both MAC and data.
    • Server can check the MAC using its secret key to detect tampering.
    • Problem: not always clear which data is sensitive, easy to forget MACs (MACs add complexity).
  • Solution #3: keep the state on the server, store it in the session. Unfortunately, this is hard to manage:
    • Session could include state from several different pages; must keep all of this information separate.
    • When can state be deleted from session?
    • User can display a form, go onto other pages, come back to form, and submit: still need state information.
    • Can't keep forever: results in too much session state on server.

jueves, 12 de julio de 2012


CryptoApplet de Universitat Jaume I

CryptoApplet es una aplicación Java para la realización de firma electrónica avanzada. Su funcionamiento es muy simple. Dada una entrada de datos y una configuración definida en el servidor, un cliente web podrá realizar una firma digital sobre los datos, y devolverá como resultado una representación de la firma en el formato definido en la configuración.
Los formatos de representación de firma soportados por CryptoApplet son los siguientes:
  • Firma "en bruto".
  • CMS/PKCS#7.
  • XAdES-X-L en formato DigiDoc.
  • Firma PDF.
La gestión de los certificados con los que se va a firma se lleva a cabo de forma transparente para el usuario mediante el acceso directo al CryptoAPI si se utiliza Microsoft Internet Explorer o PKCS#11 si se usa Firefox (en Windows XP o GNU/Linux). También permite utilizar los certificados almacenados en el Clauer si el sistema cliente tiene el software del Clauer instalado.
El applet también es capaz de ejecutarse en los sistemas operativos Microsoft Windows XP y GNU/Linux con el único requerimiento de tener instalada la Máquina Virtual Java de SUN (versión 1.5 o superior).



Metodología 5S


El método de las 5S, así denominado por la primera letra del nombre que en japonés designa cada una de sus cinco etapas, es una técnica de gestión japonesa basada en cinco principios simples. Se inició en Toyota en los años 1960 con el objetivo de lograr lugares de trabajo mejor organizados, más ordenados y más limpios de forma permanente para conseguir una mayor productividad y un mejor entorno laboral. Las 5S han tenido una amplia difusión y son numerosas las organizaciones de diversa índole que lo utilizan,tales como, empresas industriales, empresas de servicios, hospitales, centros educativos o asociaciones.
La integración de las 5S satisface múltiples objetivos. Cada 'S' tiene un objetivo particular:
DenominaciónConceptoObjetivo particular
EspañolJaponés
Clasificación整理, SeiriSeparar innecesariosEliminar del espacio de trabajo lo que sea inútil
Orden整頓,SeitonSituar necesariosOrganizar el espacio de trabajo de forma eficaz
Limpieza清掃, SeisōSuprimir suciedadMejorar el nivel de limpieza de los lugares
Normalización清潔,SeiketsuSeñalizar anomalíasPrevenir la aparición de la suciedad y el desorden
Mantener la disciplina躾,ShitsukeSeguir mejorandoFomentar los esfuerzos en este sentido
Por otra parte, la metodología pretende:
  • Mejorar las condiciones de trabajo y la moral del personal. Es más agradable y seguro trabajar en un sitio limpio y ordenado.
  • Reducir gastos de tiempo y energía.
  • Reducir riesgos de accidentes o sanitarios.
  • Mejorar la calidad de la producción.
  • Seguridad en el trabajo.
Estas no requieren que se imparta una formación compleja a toda la planta o entidad, ni expertos que posean conocimientos sofisticados, es fundamental implantarlas mediante una metodología rigurosa y disciplinada.
Se basan en gestionar de forma sistemática los elementos de un área de trabajo de acuerdo a cinco fases, conceptualmente muy sencillas, pero que requieren esfuerzo y perseverancia para mantenerlas.

Contenido

  [ocultar

[editar]Clasificación (seiri): separar innecesarios

Es la primera de las cinco fases. Consiste en identificar los elementos que son necesarios en el área de trabajo, separarlos de los innecesarios y desprenderse de estos últimos, evitando que vuelvan a aparecer. Asimismo, se comprueba que se dispone de todo lo necesario.
Algunas normas ayudan a tomar buenas decisiones:
  • Se desecha (ya sea que se venda, regale, recicle o se tire) todo lo que se usa menos de una vez al año. Sin embargo, se tiene que tomar en cuenta en esta etapa de los elementos que, aunque de uso infrecuente, son de difícil o imposible reposición. Ejemplo: es posible que se tenga papel guardado para escribir y deshacerme de ese papel debido que no se utiliza desde hace tiempo con la idea de adquirir nuevo papel llegado de necesitarlo. Pero no se puede desechar una soldadora eléctrica sólo porque hace 2 años que no se utiliza, y comprar otra cuando sea necesaria. Hay que analizar esta relación de compromiso y prioridades. Hoy existen incluso compañías dedicadas a la tercerización de almacenaje, tanto de documentos como de material y equipos, que son movilizados a la ubicación geográfica del cliente cuando éste lo requiere.
  • De lo que queda, todo aquello que se usa menos de una vez al mes se aparta (por ejemplo, en la sección de archivos, o en el almacén en la fábrica).
  • De lo que queda, todo aquello que se usa menos de una vez por semana se aparta no muy lejos (típicamente en un armario en la oficina, o en una zona de almacenamiento en la fábrica).
  • De lo que queda, todo lo que se usa menos de una vez por día se deja en el puesto de trabajo.
  • De lo que queda, todo lo que se usa menos de una vez por hora está en el puesto de trabajo, al alcance de la mano.
  • Y lo que se usa al menos una vez por hora se coloca directamente sobre el operario.
Esta jerarquización del material de trabajo prepara las condiciones para la siguiente etapa, destinada al orden (seiton).
El objetivo particular de esta etapa es aprovechar lugares despejados.

[editar]Orden (seiton): situar necesarios

Consiste en establecer el modo en que deben ubicarse e identificarse los materiales necesarios, de manera que sea fácil y rápido encontrarlos, utilizarlos y reponerlos.
Se pueden usar métodos de gestión visual para facilitar el orden, identificando los elementos y lugares del área. Es habitual en esta tarea el lema (leitmotiv) «un lugar para cada cosa, y cada cosa en su lugar». En esta etapa se pretende organizar el espacio de trabajo con objeto de evitar tanto las pérdidas de tiempo como de energía.
Normas de orden:
  • Organizar racionalmente el puesto de trabajo (proximidad, objetos pesados fáciles de coger o sobre un soporte, ...)
  • Definir las reglas de ordenamiento
  • Hacer obvia la colocación de los objetos
  • Los objetos de uso frecuente deben estar cerca del operario
  • Clasificar los objetos por orden de utilización
  • Estandarizar los puestos de trabajo
  • Favorecer el 'FIFO' (en español, PEPS) primero en entrar primero en salir

[editar]Limpieza (seisō): suprimir suciedad

Una vez despejado (seiri) y ordenado (seiton) el espacio de trabajo, es mucho más fácil limpiarlo (seisō). Consiste en identificar y eliminar las fuentes de suciedad, y en realizar las acciones necesarias para que no vuelvan a aparecer, asegurando que todos los medios se encuentran siempre en perfecto estado operativo. El incumplimiento de la limpieza puede tener muchas consecuencias, provocando incluso anomalías o el mal funcionamiento de la maquinaria.
Normas de limpieza:
  • Limpiar, inspeccionar, detectar las anomalías
  • Volver a dejar sistemáticamente en condiciones
  • Facilitar la limpieza y la inspección
  • Eliminar la anomalía en origen

[editar]Estandarización (seiketsu): señalizar anomalías

Consiste en detectar situaciones irregulares o anómalas, mediante normas sencillas y visibles para todos.
Aunque las etapas previas de las 5S pueden aplicarse únicamente de manera puntual, en esta etapa (seiketsu) se crean estándares que recuerdan que el orden y la limpieza deben mantenerse cada día. Para conseguir esto, las normas siguientes son de ayuda:
  • Hacer evidentes las consignas «cantidades mínimas» e «identificación de zonas».
  • Favorecer una gestión visual.
  • Estandarizar los métodos operatorios.
  • Formar al personal en los estándares.
Metodología
  • Involucrar a todos los niveles de la organización.
  • Diseñar un plan de acción a seguir, con reglas y lineamientos en acuerdo al orden y limpieza que debe de existir.
  • Revisión constante por parte de los mandos.
  • Métodos de gestión visual. Considerar colores formas e iluminación.
  • Estandarización de los uniformes e higiene del personal.

[editar]Mantenimiento de la disciplina (shitsuke): seguir mejorando

Con esta etapa se pretende trabajar permanentemente de acuerdo con las normas establecidas, comprobando el seguimiento del sistema 5S y elaborando acciones de mejora continua, cerrando el ciclo PDCA (Planificar, hacer, verificar y actuar) . Si esta etapa se aplica sin el rigor necesario, el sistema 5S pierde su eficacia.
Establece un control riguroso de la aplicación del sistema. Tras realizar ese control, comparando los resultados obtenidos con los estándares y los objetivos establecidos, se documentan las conclusiones y, si es necesario, se modifican los procesos y los estándares para alcanzar los objetivos.
Mediante esta etapa se pretende obtener una comprobación continua y fiable de la aplicación del método de las 5S y el apoyo del personal implicado, sin olvidar que el método es un medio, no un fin en sí mismo.

[editar]Pasos comunes de cada una de las etapas

La implementación de cada una de las 5S se lleva a cabo siguiendo cuatro pasos:
  • Preparación: formación respecto a la metodología y planificación de actividades.
  • Acción: búsqueda e identificación, según la etapa, de elementos innecesarios, desordenados (necesidades de identificación y ubicación), suciedad, etc.
  • Análisis y decisión en equipo de las propuestas de mejora que a continuación se ejecutan.
  • Documentación de conclusiones establecidas en los pasos anteriores.

[editar]Consecuencias

El resultado se mide tanto en productividad como en satisfacción del personal respecto a los esfuerzos que han realizado para mejorar las condiciones de trabajo. La aplicación de esta técnica tiene un impacto a largo plazo. Para avanzar en la implementación de cualquiera de las otras herramientas de Lean Manufacturinges necesario que en la organización exista una alto grado de disciplina. La implementación de las 5S puede ser uno de los primeros pasos del cambio hacia mejora continua.

[editar]Aplicaciones dentro de ámbito educativo

Las 5S tienen aplicaciones en el ámbito educativo, ya que permite la formación de hábitos de limpieza y orden entre alumnos, docentes y directivos de los centros escolares. Al utilizar la técnica de las 5S en la escuela, nos estamos refiriendo a la implementación de las mismas para mantener los salones de clase y áreas de trabajo limpios, ordenados y solamente con lo necesario. Además, se estandariza lo que se hace con los alumnos, docentes, directivos y padres de familia y se promueve la disciplina y nuevos métodos de trabajo que permiten mejorar los resultados de aprendizaje. El fundamento psicopedagógico de esta técnica está referido al paradigma de la mejora continua para promover un cambio de cultura en las instituciones escolares a partir de los rituales implementados por todos los integrantes de una comunidad escolar

[editar]Véase también

[editar]Referencias externas


“But I’m scanning to PDF now…” 7 reasons why this isn’t enough

Whether in Fresno or Sacramento, everyday we seem to come across organizations who say exactly the above, “But I’m scanning to PDF already John-Paul…” They wonder what would be different with the solutions we recommend, and are curious how other clients are benefiting compared to the simple approach they’ve been taking.

This article will explore 7 unique reasons why scanning to PDF should not be your end goal. Don’t get us wrong, it’s a great place to start but there are quite a few limitations with this approach compared to using a dedicated document or content management solution (like Laserfiche or Fortis). We will share each item below with a focus towards HR to provide context.

#1. File Names Don’t Matter

With a simple PDF, you are limited by the name of the file in terms of providing context (what it actually is). However, with most document management systems, you have the ability to provide a template or set of metadata for a document. Here you can provide other context like “First Name”, “Last Name”, “SSN”, “Date Hired”, etc. if it’s a personnel file as an example.

We recommend populating whatever fields in this template would make sense from a retrieval standpoint. In other words, you don’t want to get super detailed but it’d be helpful to have some of the most common information indexed. At this point, the documents name becomes irrelevant as we can see at a glance the Last Name, First Name, SSN, Doc Type, etc.

With a PDF you are limited to a combination of characters and this cannot exceed 255 in Windows. While this might be a good approach for a single set of documents within a single department (say employee files within HR), when you branch out from here the system can collapse and you end up with a lack of standardization. New employees will come in and ask “Why did the person before me set this up this way, it makes no sense” or “How can I replicate this across XYZ documents now?”.

#2. Security

Security with a PDF is based on basic user security whereby John Doe has access to the following set of folders on the network and he can access all documents within those folders. Generally each document is treated the same as the others (in terms of what you can do with it once inside these folders) and if a document is incorrectly placed in the wrong location, it’s now possibly able to be accessed. You could encrypt PDFs and sometimes require a password, but this is an unnecessary step that will become a nuisance after a while (both for those accessing the documents and those having to secure them).

Document management solutions on the other hand provide a very granular approach to security. First and foremost, staff are required to login to the application with a username and password or they can just pass their Windows login credentials to the application if this is more convenient. This is the first step of security, and this alone dictates what type of access to documents the system will display. John Doe may be in HR and only be allowed to see the HR documents while his manager Jane Smith may be able to also see the Fiscal and Legal documents.

So not only can security be at the folder level, but once inside the respective folders, staff may have limited access rights or actions they can perform. Some may only have read only access, while others may be able to scan or edit documents. Perhaps you don’t want some staff to be able to see SSNs, so you could annotate or redact this sensitive information but still have a user with the ability to “See through redactions” while a lower level user might not have this ability. In this case, they will just see white or black redactions in those locations. You can even go so far as to give people the ability to view but not print information and really maintain control over your content and how it’s accessed.


#3. Network & Web Access

If we look at a PDF, generally the best way for us to share this with staff is through our network of Windows folders. Staff can navigate to a particular drive and then access the respective documents or records (for example, Jane will head to E:/Human Resources/Employee Files). While this is good in practice, it has limitations as there will be times when Jane may need to access something but it resides in a folder she hasn’t been given permission to access. Yes it could be that she’s not supposed to see that respective folder, but many times it’s simply that it hasn’t been done yet OR the documents reside in someone’s local folder. How is Jane able to access a related HR record if it’s on John’s desktop?

So with PDFs we really only have one way of sharing these documents amongst staff (Windows folders) and yes the occasional emailing of them which is more of a reactive approach as it involves too many steps. Compared to Jane going straight to the source and retrieving it herself, she has to contact John who then has to perform a search, and then create an email, attach the files, and send to Jane.

For people outside the organization, it’s even more cumbersome as the process of putting PDFs on your website is always a manual push. In other words, you may want to share board minutes or agendas or particular forms for people to download and access, but you always have to upload or point to a static file. If that file is ever revised, or a new document needs to be uploaded for consumption (say minutes), there’s no simple way to do this without updating that particular page of your website with a new link to that then uploaded PDF document. So for both the public and your own staff, PDFs have limitations on HOW you distribute them and more importantly the steps it takes to retrieve them.

With a dedicated document management solution though, you have a variety of ways to make that information available to both staff and those outside the organization. Number one is that you will be providing a centralized repository to all staff (and even the public if you wanted) where all your content will reside. These applications will serve as the foundation and provide a single source or location for staff to go to when they need to pull information up. Gone will be the information silos, the multiple applications each housing their own respective data (documents & records), and staff will then have a shared service they can all use simultaneously and to access their content.

If it becomes a policy that staff are not to store HR records or related documents locally on their computers, but rather in the document management solution than you will always have a single location to go to with the ability to still provide granular security as we mentioned earlier. So to confirm, Jane Doe could access the solution, login with her username and password, and possibly see just the HR records. John Doe on the other hand will login with his username and password, and also see the Engineering folder, the Accounting folder, etc. A big benefit here is that both didn’t have to ask themselves “What system did I save that record to?” or “Where did Jane/John store the X or Y records that were scanned?”

In addition to simple access through a desktop client, many solutions today offer both web accessibility and even mobile access. So leveraging the same back-end solution where all your content already resides, you can then also add on tools to web-enable the applications. Staff are then able to access documents and records wherever they are in the world really, so long as they have internet access. Most are browser-independent so whatever web browser staff are comfortable using will be just fine, but they are able to search and retrieve records, provide indexing, annotate documents, print, email, and even scan new documents in an ad-hoc fashion.

Mobile solutions allow them to be able to use their iOS devices (iPhone, iPad), as well as Android devices, and pull up any document. They can do almost anything they would in the web-based client on their smartphone, including the ability to use the devices camera as a capture tool while adjusting for the curvature of an image, possibly OCRing (optical character recognition) the document, and sending it directly to the centralized repository for others to access. So you could be out in the field, have a need to capture a specific page or form, capture it with your devices camera and it would then end up in your application for staff at your home office to access, all in real time.

You can see how there are far more benefits to having a dedicated document and/or records management solution compared to just scanning to PDF alone (relying on just storing the content in a network or local Windows folder). We will visit auditing and records management differences in the next post of this series.


#4. Auditing

Today, more than ever, it’s important to be able to not just secure your data but also provide insight on what’s occurring with it.

In the “paper world” documents can be left on someone’s desk, eventually read by someone else, removed, lost, damaged, etc. Many people think that their records are more secure here vs. in an electronic format but that’s not the case. We discussed Security earlier, and with a PDF it’s rather hard to track or audit the activity of your staff or colleagues.

Let’s say we have an HR folder on the network where we store all of our PDF files and items we scanned into the computer. So long as staff have access to this folder, they can access these documents, print them, make changes or delete them (given the right), as well as other activities. Say someone did delete a document in here, it’s hard to later go back and track that activity. It’s difficult to run a report showing who accessed the document, what they did with it, and what their final action with it was.

With a document management solution though, all true/false events can essentially be audited or tracked. For example, we could see not only that Jane Doe logged into the system at 2:57 p.m. on April 23, 2012, but also that once inside she attempted to access the John Smith file, and then tried to save it locally. Or she accessed the file, made changes to a particular field. Or she simply selected the file and deleted it. All of these activities can be tracked so that after the fact, there’s an “e-paper trail” a manager could follow. The organization now has insight into the activity surrounding their digital assets, and a report can even be generated highlighting all of this activity.

As a side note, many document management solutions have Recycle Bins (similar to Windows) where if an item is deleted, it’ll end up here. So while Jane Doe may delete a file in the example above, it won’t be permanently deleted and a manager may have access to the Recycle Bin to restore it or see what has been deleted by staff.

#5. Records Management

Another large reason why scanning to PDF today is not enough is records management (RM). Today records management is a phrase spoken and heard by many, and organizations of different sizes are becoming more and more aware of the need for a proper RM strategy to be in place.

Our rule of thumb is that you want to hang onto records long enough to where they are still seen as an asset, but not too long to where they are a liability.

For example, in California after an employee is let go, the employer is responsible to hang on to their respective application and related files for 7 years. Once this retention period is up and the document has met the end of its life cycle, it could technically be purged or destroyed.

In the physical realm, this is generally managed by boxes labeled by year and stored away in your warehouse or perhaps filing room. Unless an organization has a dedicated records manager, they simply follow a process of moving the records offsite for destruction at the beginning of the calendar year when those documents are now eligible for disposition. This is an ideal scenario, while many organizations keep records for much longer than they need to. Some take the approach of storing them forever or in perpetuity while this might not be required.

With PDFs, there really is no good way to handle this outside of doing something similar electronically. In other words, you could create a folder structure in Windows based on year or retention type, although staff won’t see this as helpful and it’ll be tough to access specific records. Those in HR don’t necessarily care about record types and retention, and would prefer to navigate to an employee’s folder and see all of their records in one location, more of an employee-centric view.

With a document/records management software solution, this is now much easier to manage. As records are brought into the solution, their retention schedules can automatically be assigned with staff spending very little time on this step. So the employee files may have a 7 year retention schedule assigned as an example. After that period of time, the solution won’t ever automatically purge or delete them as this would be a risk, and it wouldn’t be helpful. Instead, a records manager or staff member can run a report or search in this system and return all the records that ARE eligible for disposition. Say this report or search brings back 2,000 results, it’s very likely then that these results have reached the end of their life cycle and can be destroyed properly.

As a side note, the highest level of records management certification a software solution today can receive is DoD 5015.2. DoD 5015.2 is the de-facto software standard which provides implementation and procedural guidance on the management of records in the DoD. It establishes requirements for managing classified records, and includes requirements to support the Freedom of Information Act, Privacy Act, and interoperability.

So not only can we track or audit more activity with a document/records management solution compared to just scanning to PDF alone, but we also have more control over how our records are dealt with and can remain in compliance easier.


http://www.applebyco.com/blog/2012/06/26/but-im-scanning-to-pdf-now-7-reasons-why-this-isnt-enough/