Announcement

Collapse
No announcement yet.

CommitCRM Security - Everything

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    CommitCRM Security - Everything

    Alright, I think we need a thread to talk about how everyone is hardening and security CommitCRM. Here's a list of concerns out of the gate that our team is aware of and working to mitigate (some we have solutions for, others we do not).

    Hopefully some of you have already come up with solutions to these that we can share and talk about openly:

    -------------------------------------
    Securing database and raw files - BIGGEST RISK
    -------------------------------------

    Anyone with access to CommitCRM inherently has access to all account information, emails, documents, and database files which are unencrypted. So the moment I give my low-level office staff access to CommitCRM they have access to everything. If their account is compromised, a bad actor has everything within minutes.

    Before a user can even login to CommitCRM they have access to everything by virtue of access to the SMB share.

    We've done what we can here but if there's something specific that can be done to fully mitigate this we would love to hear it. Perhaps CommitCRM could release a CommitCRM Hardening Best Practices Wiki that outlined all of this.

    -------------------------------------
    Web Hardening
    -------------------------------------

    The new changes to account lockout is a start, we monitor the event logs for failed logins BUT we need alerts on failed logins across the entire ecosystem and we need 2FA even on the Desktop app side of things.

    Also, account login auditing is huge and would be amazing to have right inside CommitCRM so we could track when users login, what IP they are logging in from, etc.

    -------------------------------------
    2FA/MFA
    -------------------------------------

    The 2FA system only allows codes to be sent to the email address of the account. We need additional, more secure options, like App/Yubikey/SMS.

    -------------------------------------
    Account Restrictions
    -------------------------------------

    We need the ability to filter access to data once a user gets into CommitCRM. For example if we have a team member only working on one region we need the ability to limit their access to certain types of data (Structured Notes, Tickets, etc.) to only that region or group of clients. For example keeping residential/SOHO techs out of sensitive Managed Client account information.

    -------------------------------------
    Management Level Statuses
    -------------------------------------

    This goes along with the silly notion that we cannot have more/less Primary Statuses, but if we could, it would be really useful to be able to have certain Status/Categories for tickets that limited access only to certain people. So a certain team could have a Status of tickets that no one else in the company had access to for example.

    -------------------------------------
    Auditing & Logging
    -------------------------------------

    We need better account action auditing/logging in general. I would like to know every time a user logs in, what IP they logged in from, etc. from right inside CommitCRM.

    -------------------------------------
    Data In Motion Encryption
    -------------------------------------

    No real documentation on this, but we don't believe that all data in motion is encrypted between the CommitCRM Client and the Desktop application.

    -------------------------------------
    Forced Password Changes, Complexity Requirements & Rotations
    -------------------------------------

    Not huge on password rotations with 2FA but we don't have that on the Desktop client so it would make sense to have some ability to force password complexity (length mainly), previous password use prevention and the ability to reset a password and force a new one on next login.

    -------------------------------------
    WHAT ARE WE MISSING?
    -------------------------------------

    It's important to all providers here that we are doing the very best we can to protect our organizations as well as our clients' data with everything we do. CommitCRM is an important tool so securing it to the best of our ability is our duty.

    Help share information with vulnerabilities you see and how you're mitigating them.

    Re: CommitCRM Security - Everything

    Commit team...

    Any chance we could lock down permission access to parts of the CommitCRM shared folder when running the SQL database server? I.E. block the ability for any user of CommitCRM to be able to grab the entire dataset?

    Comment


      Re: CommitCRM Security - Everything

      Update: successfully was able to turn off end-user permissions to the "/db" folder and functionality appears to be 100%. Lots more testing and work to do but it's a start.

      Comment


        Re: CommitCRM Security - Everything

        Update: the "/WebInterface" has now also been denied access to our end users with no obvious impact to the function of the portal

        Comment


          Re: CommitCRM Security - Everything

          Glad to see this topic is getting the attention is deserves.....(sarcasm)

          Comment


            Re: CommitCRM Security - Everything

            Thanks for poking this, we really hope this does get some energy behind it by the Commit community and developers. Fun fact... the Advantage Database supports client encryption, but Commit does not appear to either a) support it or b) recommend configuring it

            Comment


              Re: CommitCRM Security - Everything

              -------------------------------------
              Data In Motion Encryption
              -------------------------------------
              Non SQL Server version.....
              For the CommitCRM Client and the data residing in the file share that the CommitCRM database is sitting in, data in motion encryption....depends on the SMB config of the file share (and device providing the file share). No idea about the CommitCRM Webpage/server.

              Using this as a reference
              https://docs.microsoft.com/en-us/win...r/smb-security

              So first off...disable SMB v1.
              Second...if a NAS is providing the SMB file share does the NAS config support turning on the Samba SMB Encryption features?
              If a Win PC / server is providing the SMB share, then checking to see if SMB v2 or SMB v3 is configured for encryption is advisable.

              Comment


                Re: CommitCRM Security - Everything

                Anyone else have experience with other items here? We’re very interested in the AsvantageSQL encryption.

                Comment


                  Re: CommitCRM Security - Everything

                  we support your request for securities and find it frustrating that we are unable to restrict employees to certain accounts only (in the client). if it can be done in the web interface - why not the client?

                  Comment


                    Re: CommitCRM Security - Everything

                    We agree,

                    2fa with Yubikey. can we have an authorized lan where it would only ask for 2fa every 2 weeks?

                    for the web interface we can define how long before the 2fa is requested and if a new public ip is seen it asks first time.

                    Paul

                    Comment


                      Re: RangerMSP Security - Everything

                      Thank you for posting your feedback and suggestions.

                      All will be reviewed and considered.

                      Comment

                      Working...
                      X