Goals

Authenticating and controlling connections

ALCASAR forbids access to non-authenticated users (login + password). It behaves like an access lock to all Internet services.

Control of connections permits for example to define users and/or users groups authorized to connect. For each users (or users groups) it is possible to define the validity period of connection, weekly time slot connections as well as maximum on-line time connection, speed or maximum amount of data that can be downloaded. To manage users, ALCASAR is based on an internal database which can be connected to an external directory (LDAP or Active Directory ©).

Tracing and attributing while protecting privacy

ALCASAR allows people in charge of organization to meet access and use policies of Internet consultation networks requirements. In France it allows to respect legal obligations to trace and attribute connections.

These requirements consist of authenticating users of the consultation network when they decide to connect to the Internet and to produce for each of them traces of all actions carried out (surfing downloading watching or listening of multimedia mail discussion blog secure connections etc.). ALCASAR produces these logs in files that can be easily archived on external media in order to be exploited within the context of a judicial inquiry. Within the framework of the cyber-surveillance and to meet the requirements of the CNIL (French ICO) the generation of these logs is associated with the following mechanisms in order to ensure non-repudiation and to guarantee privacy :

- User authentication flows are encrypted. Users can change their password at any time. These passwords are stored encrypted in the internal database. Log files can be encrypted. These precautions allow to prevent accusations from another user or administrator to have taken exploited or modifed these data ;
- Direct consultation of Internet nominative activities is impossible. Indeed, traces of connections are intentionally scattered in many files whose domains are split (authentications for one thing and Internet activities for another). Imputation of connections is made possible after a work of aggregate on these files (this work is reserved for judicial authorities). The graphical management interface of ALCASAR only shows connections statistics and no nominative data related to activities realized on the Internet;
- ALCASAR takes into account the protection against people who forget to log out. It automatically logs out users whose consultation equipment doesn't respond anymore (system shutdown network failure etc.). Furthermore a plug-in permits to automatically disconnect user when the Windows session closes.

Securing the consultation network

ALCASAR integrates a firewall and a web antivirus in order to protect network consultation equipment from direct external threats. Moreover a specific module has been created in order to protect authenticated users from internal pirate attempts trying to spoof their sessions.

Security updates of consultation equipment (antivirus and patches) are possible and can be automated through declared URL which can be directly reached with no prior authentication (trusted sites).

The portal

The security of the portal has been worked out like a bastion in order to resist to diferent kinds of threat :

- Using and securing of a recent and minimalist operating system (Mageia Linux) ;
- Protection of the portal against internal attacks (hardening and anti-bypass) ;
- Free softwares which constitute ALCASAR are known as hardened and secured ;
- For accesses to the graphical management console : encryption of all frames authentication and accounting separation between backup functions users management functions and administration functions (with administration profiles).

Users

To protect users ALCASAR includes two filter mechanisms :

- The first one forbids accesses to web sites that the content could be reprehensible. This mechanism is totally tunable (enable, disable, add or remove sites, etc.) ;
- The second one forbids other traffic than the WEB in order to activate only the require one (https, ftp flaw, multimedia flaw, etc.).

These two optional mechanisms have been firstly developed for organisms welcoming young people.