/
Security Recommendations

Security Recommendations

TODO: security goals, see threat model

Architectural Overview

See the Mifos Architecture diagrams These recommendations are based on the next generation system architecture.

Security Overview

TODO: outline security architecture fitting inside of Mifos' architecture.

Security Recommendations

TODO: the following list will be changed significantly by 27-AUG-2009.

Security Components

TODO: Here are the security components and how they work.

Roles, activities and permissions

TODO: Mifos uses a "bitmap" of roles and permissions that allows a user to perform actions that can be fine grained filtered.

Spring Security

TODO

Data Sanitization

TODO

Physical security

(Rationale: Micro-finance organizations and their branches can be very small and run out of an apartment or other available location, and operate in remote areas. It is likely that computing infrastructure has less-than-ideal location and is an easy target for theft, especially for hardware such as memory. Comment: perhaps this and other 'why' statements should move to the threat model or another location)

  1. Secure the servers and any network equipment that hosts Mifos and related software, using an enclosure (ideally, a rack) under lock-and-key.
  2. Any tapes or media used to store data backup from Mifos and related software must be stored safely and access restricted only to personnel authorized to use them.
  3. An asset register must be maintained that has information concerning hardware as well as media used to host Mifos

Password Policies

(formatting may be off for now...krishnan)

  1. Mifos default user password reset

At the moment, the default user 'mifos' (having 'Admin' privileges) is not forced to change the first-use password, whereas other users are. Include this user within all policies for other users, including forced change of first-use password.

  1. Add self-service password reset

Self-service password reset is the ability for a user to regain access to the system in the event they cannot recall their password. By setting up (a few) challenge-response questions, they can verify identity to the system which then allows them to set a new password.

(Considering that most MFIs do not have in-house e-mail, and that Mifos does not currently support e-mail communication with staff, it seems impractical for Mifos to try and e-mail users with change password links or reminders.)

  1. Add password aging

Have Mifos force users to change passwords at a particular frequency (configurable for the organization by an administrator). The chosen frequency can only vary between certain hard limits (such as a lower limit of one week and an upper limit of 90 days). Only accept new passwords that differ from the existing password by a certain number of characters.

  1. User education about password policies

Include a blurb that provides brief information about pa