0 оценок0% нашли этот документ полезным (0 голосов)
29 просмотров5 страниц
First World Bank Savings and Loan will need a file storage server that is both secure and accessible by the Web server. The server also needs to be capable of being uploaded to by the bank employees to keep customer information up to date. By implementing a virtualized file server, first world bank can implement a file server solution that is secure, accessible, scalable, and cost effective.
First World Bank Savings and Loan will need a file storage server that is both secure and accessible by the Web server. The server also needs to be capable of being uploaded to by the bank employees to keep customer information up to date. By implementing a virtualized file server, first world bank can implement a file server solution that is secure, accessible, scalable, and cost effective.
First World Bank Savings and Loan will need a file storage server that is both secure and accessible by the Web server. The server also needs to be capable of being uploaded to by the bank employees to keep customer information up to date. By implementing a virtualized file server, first world bank can implement a file server solution that is secure, accessible, scalable, and cost effective.
First World Bank Savings and Loan will need a file storage server that is both secure and accessible by the Web server in the course of transactions to be conducted by the Web application. The server also needs to be capable of being uploaded to by the bank employees to keep customer information up to date. The proper way to do so would be to place the file storage server behind the DMZ on the local LAN, with a proxy connection to the Web server using a separate Network Interface Card from the one used by the Web server to enable access from the Internet. Proper utilization of user and group account controls allows bank employees to upload newer versions of the statement .PDF files to the server and restricting customer access to read-only. File Storage Server Selection: The type of file storage server that I would recommend for First World Bank Savings and Loan to use would be an On-Premise Architecture implementation of Red Hat Storage Server, which can be run as a virtualized server on the primary server in the LAN and uses logical volumes to access a scalable storage array that can grow as the financial institutions needs grow as well. Red Hat Storage Server uses a variation of the open source file system glusterFS and is highly compatible with the Fedoral RHEL install that will be running as the primary servers OS as well. By implementing a virtualized file server, First World Bank Savings and Loan can implement a file server solution that is secure, accessible, scalable, and cost effective.
Project Part 2 Task 2: Secure Web and Database Servers Web and Database Server Security: First World Bank Savings and Loan will be deploying Apache for its Web server and utilizing MySQL for its database server on the back end. In order to properly utilize these resources they must be configured securely, or else vulnerabilities could be exploited to allow access to confidential financial information. The Apache server should have all unnecessary modules disabled after install, provide Apache its own non-privileged account to run as, restrict access to root directory using the httpd.conf, use group controls to restrict access to Apaches /bin and /conf directories, disable directory browsing, and disable the server from supplying the Apache version number. Given the number of SQL injection attacks available on the Internet, it is only prudent that every step be taken to secure the MySQL database server right from installation. Changing the root password, using the MySQL secure installation script, setting the bind-address to the local loopback to prevent network connections to the MySQL database, ensuring all users have passwords set, and changing the name of the root account are just the tip of the security iceberg. Secure Remote Administrative Access: As mentioned above, disabling network access of the MySQL server is a best practice in hardening the MySQL server, yet system administrators may need remote access to modify settings on the server. To facilitate this system administrators should use Secure Shell (SSH) to remote in to the server itself, and from there use the required sudo privileges for the Apache Web server and the MySQL server to make changes. This protects the Web and database servers from direct network connections making unauthorized changes while still allowing administrators remote access privileges.
Project Part 2 Task 3: Provide Layered Security Secure Remote Web Server Access As mentioned previously when discussing remote access for administrators concerning the MySQL server, administrators may need remote access to the Apache Web server from the internet when attempting to troubleshoot issues from home. In order to facilitate this without creating a security issue, telnet and ftp should be disabled and the use of SSH be the only method of remote server access. TCP Wrappers and SELinux The use of TCP Wrappers in the hosts.allow and the hosts.deny files are easy and secure ways to help guarantee that unwanted access does not occur while still allowing those that need access the ability to do so. By setting up which ports can be accessed on the web server in the hosts.allow file, the system administrator can make force customers to access web pages securely through the use of https by allowing port 443 but not including port 80. This also is how secure remote access is enabled for administrators, allowing traffic on port 22 for SSH but not including ports 21 and 23 for unsecured telnet and ftp connections. Once all allowed ports have been configured, simply setting the deny all entry in the hosts.deny file takes care of shutting down traffic on all other ports. SELinux is a security tool that comes available with Linux version 2.6 and higher, and allows for mandatory access controls to be enabled or disabled easily separate from user and group security policies by controlling what installed software can and cannot do, adding another layer of security to the operating system.
Works Cited "10 Tips to Secure Your Apache Web Server on UNIX / Linux." The Geek Stuff RSS. http://www.thegeekstuff.com/2011/03/apache-hardening/ (accessed May 25, 2014). "Before you continue...." How To Secure MySQL and MariaDB Databases in a Linux VPS. https://www.digitalocean.com/community/articles/how-to-secure-mysql- and-mariadb-databases-in-a-linux-vps (accessed May 25, 2014). "Chapter 2. Red Hat Storage Architecture." Chapter 2. Red Hat Storage Architecture. https://access.redhat.com/site/documentation/en- US/Red_Hat_Storage/2.0/html/Administration_Guide/chap- Administration_Guide-intro_arch.html (accessed May 25, 2014). Jang, Michael H.. Security strategies in Linux platforms and applications. Sudbury, MA: Jones & Bartlett Learning, 2011.