Professional Documents
Culture Documents
29 March 2013
Connectivity - Alliance Web Platform
Table of Contents
Preface .................................................................................................................................................3
1 Introduction ...............................................................................................................................4
2 Overview of Security Concepts ..............................................................................................6
2.1 Alliance Web Platform .............................................................................................................6
2.2 Key Security Features .............................................................................................................7
3 Customer Security Controls....................................................................................................9
3.1 Key Security Controls..............................................................................................................9
3.2 Migrating to Alliance Web Platform .......................................................................................11
3.3 Alliance Web Platform in an un-secure environment ............................................................11
4 Addressing Vulnerabilities ....................................................................................................12
4.1 Threats & Attacks ..................................................................................................................12
4.2 Addressing Security Threats .................................................................................................14
4.3 DOs and DONTs ...................................................................................................................15
5 SWIFT Consulting Services...................................................................................................16
6 Glossary ..................................................................................................................................17
Legal Notices ....................................................................................................................................19
Intended audience
This document is intended for SWIFT infrastructure administrators, security specialists and
auditors.
The document is intended for both new customers planning to deploy Alliance interfaces with
Alliance Web Platform and to customers already using the Alliance fat client interfaces, such as
Workstation and WebStation, and planning migration to Alliance Web Platform.
Additionally, the information in this document also concerns the service providers of Browse
services on SWIFTNet.
Related documentation
Alliance 7.0 release overview
Alliance Web Platform Installation Guide
Alliance Web Platform Server-Embedded Installation Guide
Alliance Web Platform Administration Guide
Browse Implementation Guide for Service Providers
01 February 2013 3
Connectivity - Alliance Web Platform
1 Introduction
Alliance Web Platform is a Graphical User Interface (GUI) software for Alliance products. It
exposes functionality of Alliance Gateway, Access/Entry and Integrator to the end user via a
browser. Alliance Web Platform runs on an application server and as such offers a solution that
does not require additional SWIFT software to be installed on user desktops. It offers a light and
scalable solution with a low cost of ownership and a harmonised user experience across several
Alliance products.
Alliance Web Platform 7.0 delivers almost all existing server functionality, gradually replacing
Alliance Messenger, WebStation and Workstation. The Service GUI functionality of Alliance
WebStation and ADK GUI functionality of Alliance Access are the only functions that are not
available.
The different functionalities are delivered in GUI packages. Each package is associated with a
specified Alliance server product, concerns a specific type of functionality and has to be explicitly
installed on Web Platform.
SWIFTs Alliance products are built using industry-strength processes that help ensure best-in-
class quality, security and reliability: development life-cycle processes ensure that security and
availability are built in right from the start. To a large extend, these are the very same processes
used by SWIFT to deliver the FIN and SWIFTNet services on which the global financial
community relies on a daily basis. While the Alliance products are not in scope of SWIFTs SAS
70 Type 2 report, the processes referred to are the same (e.g., secure coding, change
management, problem & incident management). Therefore, Alliance product users can derive
assurance from the SAS 70 report. The development process at SWIFT requires independent
verification of quality and security. Rigorous testing ensures quality and conformance with
requirements including security requirements. In addition, with a risk-based periodicity, SWIFT
performs intrusion tests to identify potential vulnerabilities in the off the shelf technology,
customised software or in-house developed code that is used to build the Alliance products this
covers operating system, middleware, network device and application level vulnerabilities.
Finally, the Alliance products as well as all underlying processes are part of SWIFTs Internal
Audit Universe and get reviewed in depth periodically.
This paper provides:
An overview of security concepts and mechanisms of Alliance Web Platform integration with
Alliance products (section 2)
a description of the customer controls SWIFT recommends for secure deployment of
Alliance Web Platform (section 3.1)
changes in customer security controls for customers moving to Alliance Web Platform from
Workstation and WebStation fat clients (section 3.2)
recommendations for deploying of Alliance Web Platform on a non-trusted network (section
3.3)
overview of the vulnerabilities of web-based applications as well as available security
controls and additional recommendations to strengthen protection against specific threats
(section 4)
01 February 2013 5
Connectivity - Alliance Web Platform
HTTP Concentrator
Application Server
Platform DB
Platform
Browse Service
Browser JDBC
Browse
(HTTP-S)
MV-SIPN
WebPage WebServer
Administration
Application
HTTP-S InterAct SWIFTNet (SNL)
SwTL Alliance FileAct Server
Gateway Application
Browse
Java plugin
01 February 2013 7
Connectivity - Alliance Web Platform
01 February 2013 9
Connectivity - Alliance Web Platform
4. Security awareness for Alliance end users allowing to develop and maintain secure minded
behaviour in the user base and to ensure users are fully aware of threats related to
browsing (i.e. like ensuring that PC user sessions cannot be taken over).
3.1.5 Authentication
Server Side
Alliance Web Platform is authenticated using a SSL server certificate. This certificate could be
signed using a trusted third party. SWIFT recommends using a recognised Certification Authority
or a Certification Authority under the customers control.
Client Side
By default, an end user is authenticated towards the back-end Alliance servers using
UID/password. SWIFT recommends the selection of a strong password policy following industry
best practices. As already mentioned, the authentication is performed at the level of the target
hosts (e.g. Alliance Access, Alliance Gateway).
In addition, SWIFT provides for some Alliance products the option to use a One-Time-Password
(OTP) using hardware token or authentication via an LDAP server. These options should be
considered when using Alliance in a non-trusted environment.
1
CF Documentation - Configuration type 2 cluster with an HTTP server front-end.
Segregated servers
In addition to the network segregation, SWIFT recommends that the Alliance Web Platform used
by external users is not also used for internal access. This limits the potential impact of
successful attacks on the externally exposed system. For example, packages developed to
manage Alliance Gateway, Access or Integrator must not be exposed to an insecure network.
2
to be sent over SWIFTNet
01 February 2013 11
Connectivity - Alliance Web Platform
4 Addressing Vulnerabilities
When deploying any web-based application in the institutions, customers have to be aware of the
vulnerabilities of this technology and of the means to address them.
This section gives an overview of the typical threats and attacks for web-based applications and
summarises the security features and controls available to mitigate security threats and attacks
likelihood and to limit the impact of successful attacks.
SWIFT has a logical intrusion test program which is scheduled and managed by Security Risk
Management. The purpose of these logical intrusion tests is to identify potential vulnerabilities
either in off the shelf technology; customized software or homemade development used to build
SWIFT products (e.g. Alliance) or services used either by internal or external customers.
Beyond normal OS, middleware or network devices vulnerabilities, a special focus of logical
intrusion test exercises at SWIFT is on application level vulnerabilities (either design or
implementation). This includes test of OWASP top10.
All intrusion test findings are analyzed using the risk management process and the related
identified actions are tracked using the security risk registry.
For reasons of confidentiality, SWIFT does not provide further details on its security measures
and related control activities, including intrusion testing. Our controls related to intrusion testing
are documented as part of our ISAE 3402 Type 2 report, sections 1.2.1.6 and 2.2.2.9. The ISAE
3402 report contains PricewaterhouseCoopers Independent Security Auditors Report on the
Operations of SWIFT in which they attest that they have obtained reasonable assurance that
SWIFT has adequate and effective controls in place to meet the control objectives specified in
SWIFT Security Control Policy.
You can receive a personalized copy of our ISAE 3402 Type 2 report by sending a request to
ISAE_3402@swift.com and specifying the names and e-mail addresses of the recipients.
3
Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share static passwords or
credit-card numbers.
Impact
For all impersonation attacks, the highest impact is always equal to the highest user privilege. As
a consequence, the best way to limit the impact is to have application authorisations
implemented with the Need-to-know and least privilege principles in mind. In addition,
traceability of user actions plays an important role in order to limit the impact of malicious act.
For DoS attacks, unavailability impact must be evaluated by every institution.
01 February 2013 13
Connectivity - Alliance Web Platform
Controls
Typical
Threat Access/Entry
attacks Alliance Web Customer
Gateway User
Platform infrastructure
Integrator
Strong Password
Key logger Session mechanism Policy[3.1.5]
Session [2.2.1] OTP [3.1.5] Secure Browsing
Steal password practices [3.1.2] Protection of the
guessing SSL Tunnel [2.3.2] system used by
or session Account
Phishing management Alliance product
Account [3.1.1]
Management [3.1.6]
Shoulder
surfing (7.0.40) Session
Mechanism [2.2.1]
Network
Activating and Segregation [3.1.3]
using dual
Server authorisation and Patch Management
Man-in-the- Secure Browsing
Data Tampering authentication segregation of duty [3.1.1]
Middle practices [3.1.2]
[3.1.5] procedures Logical and
[3.1.6] Physical control
[3.1.1]
VPN [4.2.3]
Network
Segregation [3.1.3]
Server Segregation
Denial of Patch Management Patch Management [3.3]
Service (DoS) [3.1.1] [3.1.1] Protection of the
Reverse Proxy [3.1.4] system used by
Alliance product
[3.1.1]
VPN [3.3]
DO
Install and manage a firewall facing the Internet, not accepting any incoming connections
towards the PCs where you run the browser accessing Alliance Web Platform.
Install and manage a local firewall on each PC, as well as anti-virus/anti-malware
continuously active and kept up to date with latest threats.
Restrict outgoing traffic of the PC to business critical sites (on top of legitimate sites
required for software updates).
Ensure the PC used for accessing Alliance is physically and logically accessible only by
person entitled to access this PC.
Ensure that only authorised and necessary software is installed on the PC used to access
Alliance products.
Ensure that all of the software running on the PC is regularly updated and patched including
Windows, Internet browser, the additional features (called plug-ins) like shockwave,
QuickTime, RealPlayer, and many others. Reserve PCs to access sites of the same
criticality as Alliance and only access those sites from those PCs.
Reserve PCs to accessing internal sites of same criticality as Alliance and only access
these sites from these PCs.
Have end user management practices ensuring that only authorised end users are created
and the list of authorised end users are kept up to date as users change roles or leave the
company.
Have entitlement management practices ensuring that end users are only granted access to
Alliance functions on a need to know or need to have principle.
Always restart your browser instance before and after accessing Alliance Web Platform
application.
Be suspicious of e-mails that appear to come from SWIFT.
DONT
Browse the Internet from the PC where you access critical Alliance functionality.
Browse any other site at the time you access Alliance Web Platform application up until you
ended your session.
Write down any password.
Communicate your password to anyone, SWIFT will never ask you for such passwords.
Accept a pop up asking you to download and install executables.
Grant the administrator and message approval roles to same individuals.
Click a hyperlink contained in an email, even if that URL seems perfectly valid from a
business perspective. Instead, once you confirmed the business need to visit that site, re-
type the URL within the browser as it was visible in the mail. Such phishing attack may lead
to rogue site that could steal information or infect your PC.
01 February 2013 15
Connectivity - Alliance Web Platform
Integrity Integrity relates to information that may be relied upon to be consistent, complete,
accurate, valid, and useful. For user data, this implies that no information may be
altered by unauthorised persons.
For system data, this term implies that no unauthorised changes are made to
programs, scripts, configuration files, log files, and so on, thus ensuring the integrity of
the complete system.
Availability The term availability implies that both the information and the systems used to
process, display, print etc that information be both accessible and usable as and when
required. For user data, this means that information should be processed in a timely
manner, and stored in the correct place so as to be available to authorised users.
The availability (and integrity) of valid system and configuration data has a direct
influence on service availability. Also, all of the necessary components of a system
must be working to ensure service availability.
Auditability Every user of a system must be held accountable for his/her activities. This implies
that all actions can be audited. That means that all relevant actions can be monitored,
.
and that any one action can be uniquely attributed to a known user, at a particular
time and date.
Need-To-Know Information and resources should only be made available strictly on a need-to-know or
need-to-have basis.
System Set-up must ensure that operators only have access to the information, files
and system resources necessary for their defined tasks. Access to other system
functions must be disabled.
Least Privilege Users must only be granted the minimum level of privileges required for them to
perform their defined tasks.
Systems Set-up must ensure that operator privileges are controlled in a way which
allows all privileges to be tailored to individual needs.
01 February 2013 17
Connectivity - Alliance Web Platform
Accountability All user activity, such as access attempts and command usage, must be logged and
attributed to a known user.
Ideally, system activity such as information about processes, network events and
system errors, should also be logged.
Confidentiality
This publication contains SWIFT or third-party confidential information. Do not disclose this publication outside your
organisation without the prior written consent of SWIFT.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT, the SWIFT
logo, Sibos, SWIFTNet, SWIFTReady, and Accord. Other product, service, or company names in this publication are
trade names, trademarks, or registered trademarks of their respective owners.
01 February 2013 19