Protecting Your Collaboration Environment Zimbra Security and Privacy White Paper Table of Contents

The Zimbra Approach to Security and Data Privacy

Open Source Commitment

Adherence to Open Standards

Flexible, Open Architecture

Tour of the Security Life Cycle

Identity and Access Management

Information Security and Privacy

Administration

Zimbra Partner Ecosystem

MTA-Level Integration

Zimlets

Conclusion

Acronyms Protecting Your Zimbra Collaboration Environment

The Zimbra Approach to Security and Data Privacy

for improvements to security is no longer an option. Normal modes of businessWith the risecommunication of mobile and have cloud shifted computing, from personal sacrificing computers user experience to mobile devices. With this shift, organizations must update legacy messaging and collaboration systems to better address the changing threat and technology landscape.

As a messaging and collaboration platform, Zimbra Collaboration is at the core of business communication, a mission-critical component of the organization’s information infrastructure. Since no two organizations are of any information security and technology program. the same, the need for flexible, extensible software is critical to the success What is open source software? Software licensed with a copyright Collaboration. As organizations look to create comprehensive compliance license compliant with the andThis governance paper explores practices, the native and proactivelysecurity and mitigate privacy maliciousfeatures of activity, Zimbra Zimbra’s approach to security and privacy will help guide evaluations of SoftwareOpen is distributed Source Definition. with its source Zimbra Collaboration as a cornerstone of your information infrastructure. code in a human readable format. Software is developed in an open and Open Source Commitment collaborative way by groups of developers. As a commercial open source vendor, Zimbra offers customers and partners accountability as well as transparency. The open source Source: community reinforces visibility into the software code, while Zimbra Open Software Initiative ensures that the software meets ongoing requirements for deployments within enterprise and service provider infrastructure environments. This security and data privacy. combination results in joint innovation that benefits user experience, Zimbra Collaboration is built on established and trusted open source components, including the Linux file system (message store), Jetty (Web others.server and Each Java draws servlet from container), its own open MariaDB source (database), community, Postfix which (mail further improvestransfer agent), software OpenLDAP quality and (configuration thus software data security. and user directory) and

Copyright © 2015 Synacor. All rights reserved. 1 Protecting Your Zimbra Collaboration Environment

As an active participant in the open source community, Zimbra contributes code to open source projects. Not only does this give back to the community that provides so much value—it helps Zimbra Collaboration by validating, enhancing and streamlining the architecture through community input. Commitment to open source provides business continuity, which protects your messaging and collaboration technology investment by ensuring that the core product has a strong, diverse and developer-led open source community.

Adherence to Open Standards Zimbra Collaboration uses widely adopted industry standards: An open standard is a standard that is • publicly available and has various rights to use associated with it, and may also have • Lightweight Directory Access Protocol (LDAP) various properties of how it was

• Secure Sockets Layer/Transport Layer Security (SSL/TLS) designed (e.g. open process) interpretations vary with usage. • Simple Mail Transfer Protocol (SMTP) There is no single definition and • Secure/Multipurpose Internet Mail Extensions (S/MIME) Source: Wikipedia CommitmentSecurity toAssertion standards Markup improves Language interoperability (SAML) 2.0 across mobile, desktop and cloud environments, as well as ensures partners are making users can create their own security and privacy tools or layer in a third- partycalls into solution. a consistent set of APIs. By using open standards, sophisticated

Copyright © 2015 Synacor. All rights reserved. 2 Protecting Your Zimbra Collaboration Environment

Flexible, Open Architecture

Web Client Protocols theirZimbra unique Collaboration information uses infrastructure. a modular architecture Additionally, that the supports use of a flexible, modular HTTPS secure deployments and helps organizations easily fit the software into infrastructure, limiting the need to rip and replace. platform allows organizations to use existing components of their IMAPS/IMAP+STARTTLS POP3S/POP3+STARTTLS Non-Web Client Protocols

Non-W eb SMTP Clients Clients LMTP+STARTTLS

DNS MTA Components AS/AV MTA Proxy DKIM Proxy DMARC

ZCS Components Zimbra ActiveSync

External Collaboration Databases LDAP Message Store Server OpenLDAP (ZCS) Zimbra Web Clients (ZWC) APIs Admin UI REST/SOAP/DAV ExtensionsZimlets

Copyright © 2015 Synacor. All rights reserved. 3 Protecting Your Zimbra Collaboration Environment

Tour of the Security Life Cycle increase the security of the system as a whole, is still considered one of the Defense in depth, the coordinated use of multiple security measures to richbest interfacesapproaches to to administrators, securing your organizationsinformation infrastructure. can dramatically Identity improve and theirinformation security security posture. are central to Zimbra Collaboration, and by exposing

Identity and Access Management

Identity Lifecycle Management The Lightweight Directory Access Protocol users and their rights and privileges. Zimbra Collaboration leverages a for accessing distributed directory (LDAP) is an Internet protocol nativeThe first step to ensuring organizational security is understanding your data and service models. Lightweight Directory Access Protocol (LDAP) Directory for all services that act in accordance with X.500 Create, Read, Update and Delete (CRUD) functionality related to user Source: administration specific to Zimbra Collaboration. The use of an external LDAP Directory is optional; however, all attributes specific to Zimbra IETF Collaboration are stored and managed through the native LDAP Directory. First-factor Authentication

The primary authentication method into mail clients (Zimbra appropriateCollaboration login or third-party) credentials. is When username the native and password. directory isThe leveraged, user all authenticationstore, whether Zimbratakes place Collaboration within Zimbra or external, Collaboration, is used whichto store ships the withZimbra OpenLDAP. Collaboration automatically stores a salted hash of the password. The hash is used for comparison against the entered password’s salted hash, which is then rejected or accepted for login.

If an external directory (LDAP or Active Directory) is preferred, the appropriate login credentials can be stored within this external LDAP directory, or similar. Additional attributes, specific to Zimbra Collaboration, are maintained within the native OpenLDAP Directory. Zimbra Collaboration AdministratorFor setting up externalGuide. user stores or customer external authentication, refer to Section 5 (Zimbra LDAP Service) of the

Copyright © 2015 Synacor. All rights reserved. 4 Protecting Your Zimbra Collaboration Environment

Mobile Device Authentication For certain mobile devices, Zimbra Collaboration can ensure that the device complies with ActiveSync mobile security policies before allowing access. These policies might include timeouts, personal identification entered,numbers the (PINs) device and performs local device a local wipe. wipe. For example, the user must enter a PIN to unlock the device; if a preconfigured number of incorrect PINs are

Identity Federation and Single Sign-On (SSO) To help organizations reduce user identity proliferation, Zimbra Federated identity management enables identity information to be Collaboration can be set up as a Relying Party (RP) in a federated identity developed and shared among several ecosystem, as well as streamline the user login process through SSO. entities and across trust domains. Tools and standards permit identity As an RP, Zimbra Collaboration can consume identity assertions from SAML attributes to be transferred from one (including Shibboleth), OAuth and Connect ID Identity Providers (IDP). trusted identifying and authenticating entity to another for authentication, throughThe IDP andto Zimbra Zimbra Collaboration, Collaboration which mutually will authenticate.allow or reject Once access. a secure, trusted connection is established, the IDP will pass an identity assertion authorization and other purposes, thus To reduce friction for users, Zimbra Collaboration can pass through providing “single sign-on” convenience authenticated credentials to connected services that rely on the same identity providers and relying parties. and efficiencies to identified individuals, credentials. To achieve SSO, Zimbra Collaboration uses Kerberos (and an Source: associated Kerberos5 service) or an LDAP pre-authentication key. Zimbra Gartner, Inc. CollaborationFor setting up Administratora Kerberos service Guide or. becoming an RP (custom authentication), refer to Section 5 (Zimbra LDAP Service) of the

Two-factor Authentication For organizations looking to augment their security, an additional layer of identity security can be overlaid onto Zimbra Collaboration via custom

“something you know” with the second factor performing the function of aauthentication. “something you In have,”this scheme, which isthe the username traditional and approach password in acta as the two-factor scheme.

Authorized Access After users connect to Zimbra Collaboration, authorization processes control what data they can see and which functions they can perform. For may be able to check someone else’s calendar. example, most users can use their own and calendars, while some

Copyright © 2015 Synacor. All rights reserved. 5 Protecting Your Zimbra Collaboration Environment

Zimbra Collaboration supports highly granular authorization frameworks. accounts, domains, mail folder, contacts, calendar, tasks and briefcase Attributes, permissions and policies drive everything in Zimbra (including folder). Administrators can easily create groups and assign access permissions to support specific business objectives. Permissions contacts, calendars, tasks lists and briefcase folders. You can grant internal usersZimbra or Collaboration groups permission offers toflexible view, permissionsedit or share for folders. shared You mail can folders, also Cryptography acceptgrant external or delete users meetings read-only for your or password-based calendar but not access to share to sharedyour calendar Cryptography is the practice and study of techniques for secure communication in withobjects. other For users. example, you might give a colleague the permission to create, the presence of third parties

Delegated, Role-Based Administration Zimbra Collaboration lets you delegate administrative tasks with highly (called adversaries). Public Key Cryptography configurable permissions. An administrator’s role can be as simple as Public key cryptography, also known as group of users. You can create roles from a plethora of attributes and for a asymmetric cryptography, is a class of managing a distribution list or resetting forgotten passwords for a specific cryptographic algorithms, which for domain administrators and distribution-list managers. requires two separate keys, one of which number of tasks in Zimbra Collaboration. It also provides predefined roles is public. Although different, the two is secret (or private) and one of which Information Security and Privacy parts of this key pair are mathematically linked. The public key is used to information generated by users remains secure and private. Zimbra has The next layer to our defense-in-depth approach is to ensure that the signature, whereas the private key is taken several steps to ensure the privacy and security of user information, encrypt plaintext or to verify a digital including shipping the product with security and privacy-enhancing digital signature. mechanisms and protocols enabled as the default. used to decrypt ciphertext or to create a

Source: Wikipedia Message Security, Integrity and Privacy cryptography, users can ensure message security, integrity and privacy, asBy wellusing as cryptographic sender authentication. services, specificallyTo perform publicthese functions,key or asymmetric Zimbra

Collaboration supports the use of S/MIME certificates, which can be provided by a publicly trusted Certification Authority (CA). Alternatively, an internal PKI may be used if public trust is not required.

Copyright © 2015 Synacor. All rights reserved. 6 Protecting Your Zimbra Collaboration Environment

and non repudiation through a digital signature, as well as message An S/MIME certificate can provide message authentication, integrity signature laws, which equate a digital signature to a physical signature andconfidentiality provide non-repudiation through encryption. for digitally In addition, signed many , nations transactions have digital or documents.

Additional message authenticity methods available in Zimbra Collaboration:

• headers to verify the sender’s domain. DomainKeys Identified Mail (DKIM) signatures can be added to email •

Domain-based Message Authentication, Reporting and Conformance S/MIME (Secure/Multipurpose (DMARC) expands on DKIM capabilities to provide message Internet Mail Extensions) provides authentication and includes explicit guidance on message handling if a consistent way to send and receive Amavisd-newDKIM signatures leverages aren’t the integration present. with the Zimbra Collaboration

secure MIME data. Based on the popular provides the following cryptographic Internet MIME standard, S/MIME OpenLDAP directory for domain attribute validation, including DKIM keys. security services for electronic Amavisd-new is housed in the Mail Transfer Agent (MTA) and manages messaging applications: authentication, the incoming and outgoing DMARC policies. message integrity and non-repudiation In-Transit Encryption Zimbra recommends the use of, and defaults to, secure alternatives of all mail protocols and communications channels between Zimbra of origin (using digital signatures), and data confidentiality (using encryption). provides for message compression. As a supplementary service, S/MIME and privacy, Zimbra provides the option to use opportunistic TLS or to requireCollaboration encrypted services communications. and endpoints. For In supported fact, to further versions improve of Zimbra security Source: IETF product. Collaboration, OpenSSL’s cryptographic library is embedded into the

Secure connections between endpoints/services use TLS; additional security• is protocol specific:

• SMTP

• LMTP+STARTTLSHTTPS

• IMAPS/IMAP+STARTTLS

POP3S/POP3+STARTTLS

Copyright © 2015 Synacor. All rights reserved. 7 Protecting Your Zimbra Collaboration Environment

At-Rest Encryption

Zimbra Collaboration message store is encrypted until decryption takes placeWhen with S/MIME the appropriate is used for end-to-end private key. encryption, the data stored in the

Antivirus and Antispam Email-based malware remains a prominent threat for businesses, and while usually not as insidious, spam clogs email systems and increases user frustration. Zimbra addresses malware and spam through both native functionality and third-party plugins.

According to the AV-TEST Institute, ClamAV and SpamAssassin. are registered by their systems daily. Amavisd-new is the interface for information exchange between MTA, over 390,000 new malicious programs ClamAV is open source antivirus software with traditional signature-based By the end of 2014, there were over 300 matching and heuristics. The rules and signatures are updated daily. million malicious programs (total), with

SpamAssassin is open source antispam software that supports ongoing 140 million of those being new

malware as of 2014. Source: spam-filter training (i.e., teaching the filter what is spam and what AV-TEST Institute ofisn’t), their enabling junk folders. organizations to optimize performance in their own environments. Users can train spam filters by moving messages in and out

Disaster Recovery and High Availability Though disaster recovery is not often considered a security feature, the your user base grows, the need to ensure uptime and the timely delivery ofassurance data will that increasingly your data put is intact demands is beneficial on the infrastructure. for organizations. Zimbra Also, is as developing an active-active architecture to help ensure your information is delivered on time, every time.

Copyright © 2015 Synacor. All rights reserved. 8 Protecting Your Zimbra Collaboration Environment

Administration While the user is busy sending and receiving email, scheduling appointments and collaborating with others, Zimbra Collaboration is different levels of logging. logging activity. Based on your audit and compliance needs, you can set Zimbra Collaboration logs a wide range of activities:

• User and administrator activity

• Login failures

• Slow queries

• Mailbox activity

• Mobile synchronization activity logging package, as the log manager Zimbra Collaboration uses log4j, a Java ZimbraDatabase Collaboration errors supports the syslog format and Simple Network for mailboxd. By default, the Zimbra forwarded to log-management and event correlation systems to create Collaboration server has log4j configured Management Protocol (SNMP). Log events, alerts and traps can be to log to the local file system, but log4j variety of other locations. For more, can be configured to direct output to a compliance requirements. visit the Zimbra Wiki. centralized policies and notifications based on your security and

Visit the Zimbra Wiki incident response. These logs can support forensic analysis, which is useful for our next step:

Incident Response

Even with the layers of security we’ve defined so far, you may need to take action• A touser’s respond account to a credentialsproblem or havemitigate been risk. stolen. For example:

• AnLog executive analysis revealsleft his problematicor her smartphone activity in on a taxicab.an administrator account.

Zimbra supports incident response in several ways.

Copyright © 2015 Synacor. All rights reserved. 9 Protecting Your Zimbra Collaboration Environment

Remote Device Wiping stolen, the administrator can wipe the data from the device remotely. ThisIf a tablet mitigates or smartphone the risk of someonethat uses accessingZimbra Collaboration the Zimbra Collaborationis lost or compromised. data remotely. It also reduces the risk of the data on the device being Account Lockout

immediatelyYou can configure disable a policy any account that automatically at any time. locks an account after a specific number of failed login attempts. The administrator can also An administrator with appropriate access privileges can also view the email messages of the suspect account to help determine if the account has been compromised.

Zimbra partners with hosting providers disableIf you are access using from a federated the central identity directory management or identity solution store to or prevent an to provide in-region hosting of Zimbra authenticationinternal directory to the with Zimbra Zimbra Collaboration Collaboration account. to implement SSO, you can hosting, customers and end users are Collaboration. By relying on in-region ensured their data is under the auspices Archiving and Discovery of only the most directly applicable regulations, legislations Collaboration. With this integrated solution, you can select which users’ and jurisdictions. emailZimbra messages Archiving to and archive Discovery and set is retention an optional policies feature for of both Zimbra archived and

partylive mailboxes. archiving Zimbra solutions Archiving with Zimbra and Discovery Collaboration. offers powerful search indexing in a simple, cost-effective platform. You can also integrate third- Zimbra Partner Ecosystem

As part of a broader information and identity security infrastructure, Zimbra Collaboration can integrate with additional security and privacy solutions. Zimbra’s reliance on open-based standards helps make integrations and inter-application communications easy.

Zimbra Collaboration supports two types of third-party integrations:

• MTA-levelZimlets integration

Copyright © 2015 Synacor. All rights reserved. 10 Protecting Your Zimbra Collaboration Environment

MTA-Level Integration gateway-level integration with a wide range of third-party solutions. For Through its support for SMTP protocols, Zimbra Collaboration offers example, Zimbra Collaboration can be configured to send all messages to an SMTP-enabled gateway, which can then provide email archiving, content filtering, data-loss prevention, etc. Zimlets suit your needs, allowing you to add new features to suit your particular Zimlets makes it easy to customize and extend Zimbra Collaboration to the functionality of Zimbra Collaboration. Zimlets enable the “mash-up” requirements. Zimlets are a mechanism for integrating with and extending

on the Zimbra Security Vulnerability of web-based technologies with enterprise messaging (e.g. email, IM, If you are interested in more information collaboration objects can be made live by dynamically linking to web voice) and collaboration systems. With Zimlets, message content and content and third-party services. visit the below links. Disclosure and Response Program,

Visit Zimbra.com to view the Zimbra Gallery of community-contributed Security Center as many Zimbra partners create and deploy their own. Zimlets. Please note that this is not an exhaustive list of available Zimlets,

Security Response Policy

Conclusion Vulnerability Rating Classification and should be put through the same risk assessments and considerations Responsible Disclosure Policy asMessaging other critical and collaboration applications. solutionsThe best defenseare business-critical remains defense applications in depth, which has multiple layers of security. This approach should properly Reporting Vulnerabilities to Zimbra balance the needs for administrative control, information and identity security,As security privacy paradigms and the shift user and experience. the threat landscape evolves, leveraging

Community-driven innovation will ensure that Zimbra Collaboration open source and open standards will define best-in-class software. building around an open source core, Zimbra Collaboration provides a robustmeets the platform constantly for organizations changing business to offer needs secure, of organizations.private messaging By and collaboration, whether mobile, desktop or in the cloud.

Copyright © 2015 Synacor. All rights reserved. 11 Protecting Your Zimbra Collaboration Environment

Acronyms

AS AV DKIM

Antispam Antivirus

Domain Keys Identified Mail

DMARC IDP LDAP

Access Protocol Domain-basedand Conformance Message Identity Provider Lightweight Directory Authentication, Reporting

MTA RP SAML

Security Assertion

Message Transfer Agent Relying Party Markup Language

S/MIME SMTP SSL

Secure Socket Layer Protocol Secure Multipurpose Simple Mail Transfer Internet Mail Extensions

SSO TLS

Transport Layer Security

Single Sign-On

12

Copyright © 2015 Zimbra. All rights reserved. Protecting Your Zimbra Collaboration Environment

Zimbra 3000 Internet Blvd., Suite 200 Frisco, Texas 75034 Tel +1 (972) 407-0688 www.zimbra.com copyright and intellectual property laws. Zimbra is a registered trademark or trademark of Synacor inCopyright the United © 2015 States Synacor. and/or Allother rights jurisdictions. reserved. ThisAll other product marks is protected and names by mentioned U.S. and international herein may be trademarks of their respective companies.