Oracle Calendar Security - Servers and Data

There are two areas of concern when considering the general question of "security" of the calendar system. The first involves the security of connections to the calendar server by the calendar client software. The second concerns the security of the calendar server machine itself.

Connections to the calendar server by the client software require a username and password. The password is expected to be known only to the account holder. The password is not stored on the calendar server in any form that can be viewed or recovered in any way. Provided a user's password is known only to him or her, the account can be considered secure from tampering.

Without encryption, your password might be eavesdropped as it travels across the Internet from desktop computer to the calendar server at Rice. To address this, Steltor has chosen the encrypt the password before it is sent at initial login. At higher security levels (as set by the server administrator), the username may also be encrypted, as may be all data between the client and server. If you are concerned about the outside possibility of direct eavesdropping of calendar data, (though observation-attacks of that type are virtually unknown,) your best option is to use the Web client. The Web server that provides access to the Web-based calendar client can provide 128-bit SSL encrypted connections of all data, including username, password, calendar events, and the like. Presently, and for the foreseeable future, 128-bit SSL (also used to secure credit card transactions on the Web) is the strongest method of data protection available.

As for the physical security of the calendar server hardware and its Web server machine, we can look at the following: physical security, security against data loss or power failure, security against local attack (by an account holder), and security against attack by someone on the Internet.

Both the calendar server and its Web server are stored in the Mudd machine room, which is locked at all times and, through the use of the Diebold card reader system, provides limited access only to trusted personnel. The machine room is on the second floor of that building (a serious concern, given recent weather events), protected from fire by a halon extinguishing system, and from power outage by both the building's uninterruptible power supply and by Rice's own co-generation facility. The calendar server is protected against data loss through the use of a redundant disk system. Calendar data is stored on a system of 11 disks in a manner that allows for the simultaneous failure of up to 3 of them without loss of data and with only minor loss in performance. Any hardware failure that may compromise the data stored in that system results in electronic mail to the systems administrators, giving them ample warning to resolve any problem. Further, regular backups to magnetic tape are performed on a nightly basis. Few other systems on the Rice campus enjoy the level of data reliability and integrity that has been provided for the calendar system.

A system's resistance to attack by an account holder is a direct function of the number of accounts. In the case of the calendar system, only 6 systems administrators have local accounts. Contrast this with the RUF, with its 4000 accounts. Resistance to attack from the Internet is directly related to the number and type of duties the system must perform. A typical mail server, that must handle POP, IMAP, and SMTP connections is, under the best of circumstances, in a highly vulnerable position. The calendar servers provide only these services: SSH (for secure, remote access by the systems administrators), Apache SSL Web server, and the calendar service itself. The limited service offerings means a greatly reduced chance that a bug or misconfiguration would allow unauthorized access. Further, Steltor has taken great pains to ensure the security of their software and there is little reason to suspect that it offers a point of weakness.

By all measures, the calendar server, and its accompanying Web server, are among the most secure managed by IT. Their greatly reduced number of accounts, limited services, effective use of cryptography to protect sensitive data, and highly redundant configuration render them resistant to network attack and data loss.