As the editor of this newsletter, I (Kent Holland) hesitated to include this material as an article since many will conclude  that is sounds like it promotes Constructware, Inc.’s particular system.  This is because it was written by one of their software engineer responsible for security and was intended for use as a client briefing paper.  Since it is written by Constructware as a briefing to its own customers, and it is naturally focused on the benefits that Constructware believes are offered to its customers by virtue of its protocols and procedures.  The issues raised and the methods Constructware states that it uses to provide security contain provide food for thought. I have heard so many questions and complaints lately about web-based systems creating potential breaches of security for the architects, contractors, project owners and others that use them, that it seemed appropriate to include the article in this newsletter and invite questions and comments by our readers to be submitted into our discussion board. We have created a special new section dedicated to Web-based project management systems to encourage such a discussion. Try it out at http://discussion.constructionrisk.com/discussionboard/.

By Ryan Watts, Software Engineer
Constructware, Inc.  (See Editor’s Note at Conclusion of Article)

As more and more computer viruses plague the Internet, questions continue to come up regarding the safety of the ASP security model. Specifically, people worry that there may be an increased risk of contracting a virus or losing data to a virus when utilizing an ASP (e.g. Constructware). It is prudent to be concerned about this; after all viruses are becoming more sophisticated in the way they propagate and more aggressive in the damage that is delivered. However, if you examine the weaknesses that are typically exploited by viruses, the ASP model will actually prove beneficial by reducing your virus risk.

It should be understood that no computer system is 100 percent removed from the threat of computer viruses. Everything is at risk from standalone workstations to complex wide-area networks. The risk level is what can and should be controlled. Risk must be minimized to the lowest level possible, while maintaining desired functionality. This balance becomes your acceptable risk factor, which may fluctuate slightly over time.

Vulnerability to viruses varies from a number of different factors. It all depends on the type and complexity of any specific network, however the following items generally contribute the most to a specific risk factor:

· Internet connectivity
· Firewall type, configuration, policies, etc.
· Network design
· E-Mail platform and configuration
· User education
· Antivirus software used (if any)
· Network OS Type, set-up, complexity, etc.
· Services available (both internal and external)

Most corporate networks include all of the items listed above in some form or another. Depending on how these items are implemented or configured, the risk factor will vary from network to network. Constructware reduces risk by eliminating many of the common methods exploited by viruses. Constructware also limits exposure by maintaining a very small “footprint” on the Internet.

Consider the most common form of propagation or method of attack used by viruses:

· Active program execution – When a user consciously executes a program executable that has been infected by a virus.

· Passive program execution – The user automatically executes Code on a computer without direct intervention. This is typically invoked through another event like opening an e-mail message.

· Network shares or file mappings – When a virus is executed, it may try to copy itself or infect other files on network drives that are mapped to the user’s workstation. Viruses may also attempt to produce copies, and infect or delete existing files on available network shares/volumes that are unmapped.

· E-Mail – Many viruses, upon execution, will generate numerous e-mail messages with the virus as an attachment.

· Network protocol – Viruses attempt to propagate by scanning a network (i.e. the Internet) for vulnerable hosts. Effects can range from logical damage to the host or actual propagation of the virus.

Constructware provides a high level of security against these threats through the following design benefits:

· Uploaded files are never executed on any of the production Constructware servers. This completely eliminates the threat of an infected file being executed and invoking another form of propagation (e.g. infecting other files, producing additional copies, generating e-mail messages, etc.).

· Users are never attached directly to Constructware in a manner where an infected user can compromise the security of files stored on a Constructware server (i.e. users do not map to Constructware drives). All uploads and downloads from the Constructware server must be done through the browser.

· Files located on a Constructware server are safe from any infected users of the system. Since users can’t directly modify files located on a Constructware server, uploaded files are more secure.

· The Constructware internal messaging does not have the functionality of invoking program execution automatically. Nor does any client e-mail program have the ability to invoke any files that have been uploaded to Constructware. This eliminates the risks associated with passive program execution.

· It is not possible for viruses to use the Constructware messaging system for mass distribution of e-mail messages with infected files attached. Constructware messaging doesn’t support the MAPI functionality exploited on other commercially available messaging systems.

· Constructware is able to maintain an extremely small footprint on the Internet. Ports and server services that are required to support the product (i.e. exposed to the Internet) are very minimal. This provides less of a target for a virus to leverage an attack.

Additionally, Constructware’s standard operating practices enhance the overall design and protection for our clients:

· All files uploaded to the servers are scanned in real-time as well as at scheduled intervals. As a result, infected files are either repaired or quarantined.
· Antivirus updates are implemented as they are introduced.
· Servers are kept up to date with manufacturer recommended patches.
· Constructware operations continuously monitor industry news and events for quick access to any new threats.

So, what are the next generation viruses going to be like? How are they going to propagate and what type of damage will they inflict? No one knows the answer to these questions, which has many people concerned. How can you protect a computer system against an unknown threat that can surface at any time? This is where the ASP model proves beneficial.
__________
About the Author: Ryan Watts is a software engineer and Security Officer for Constructware, Inc. For more information on the content of this article,
mailto:ryan.watts@constructware.com

ConstructionRisk.com Report, Vol. 4, No. 2 (Feb 2002).