Project Part 1 Task 1: Outline Security Policy
First World Bank Savings and Loan; a financial institution that offers banking services (loans and deposits). The bank would like to provide online banking services to the customers, which includes online credit card use for loan applications. Recommendations are based on such factors as: ownership total cost, scalability, and reliability. Decisions and recommendations made need to be appropriate from the CIA triad perspective. My team’s job is to ensure that all recommendations are correct and appropriate. We need to evaluate and prototype a Linux-based infrastructure. We need to study the cost, performance, and the security of maintaining a Linux open source infrastructure. Annually …show more content…
We want our clients to know that they can count on us to keep their information safe from the outside world; other clients and hackers. Making sure that every server is secure, is one way of ensuring our client’s data will be safe. My recommendations for securing the servers are: Database Server use MySQL, Web Server use Apache, File Server use Samba, SMTP Server use hMailServer, and LDAP Server use OpenLDAP. I recommend securing the database server by using MySQL Enterprise Edition because of the advanced features and management tools it provides. It has technical support that will ensure the highest level of scalability, security, reliability, and uptime are met. The cost, risk, and complexity of managing business-critical MySQL applications are reduced. Some of the features of MySQL Enterprise Edition are: Backup; reduces the risk of data loss, and High Availability; we can make our database infrastructure highly available. Scalability, authentication, and encryption are just a few others on the list of available features in MySQL Enterprise …show more content…
Because of this, we need to specify permissions for all users and groups. Users and groups only need the necessary permissions to be able to do their work/tasks. Groups and users can be created to only have certain permissions; read, write, execute. Not every group or user is going to need all three permissions. Group management can be used to implement these permissions. Setuid can help disperse the permissions to those in the same group, but can also cause some security issues. It is best to use this as little as possible. Sticky Bit can also be used to help prevent users from deleting or renames files. Other attributes that can be enabled are set with chattr command, this prevents the user from being able to rename, move, delete, or modify a file. Using the sudo command will allow access to permissions but in a controlled and limited way. Meaning the sysadmin can set restrictions to a user that would only allow him to run specific privileged commands. Another way to control user permissions is to use Access Control Lists. ACLs can be edited by using getfacl and setfacl. ACL entry has a qualifier (type A) to set the preferred permissions for users and groups. Using pam_listfile will also restrict groups from opening files they do not need to
First World Bank Savings and Loan; a financial institution that offers banking services (loans and deposits). The bank would like to provide online banking services to the customers, which includes online credit card use for loan applications. Recommendations are based on such factors as: ownership total cost, scalability, and reliability. Decisions and recommendations made need to be appropriate from the CIA triad perspective. My team’s job is to ensure that all recommendations are correct and appropriate. We need to evaluate and prototype a Linux-based infrastructure. We need to study the cost, performance, and the security of maintaining a Linux open source infrastructure. Annually …show more content…
We want our clients to know that they can count on us to keep their information safe from the outside world; other clients and hackers. Making sure that every server is secure, is one way of ensuring our client’s data will be safe. My recommendations for securing the servers are: Database Server use MySQL, Web Server use Apache, File Server use Samba, SMTP Server use hMailServer, and LDAP Server use OpenLDAP. I recommend securing the database server by using MySQL Enterprise Edition because of the advanced features and management tools it provides. It has technical support that will ensure the highest level of scalability, security, reliability, and uptime are met. The cost, risk, and complexity of managing business-critical MySQL applications are reduced. Some of the features of MySQL Enterprise Edition are: Backup; reduces the risk of data loss, and High Availability; we can make our database infrastructure highly available. Scalability, authentication, and encryption are just a few others on the list of available features in MySQL Enterprise …show more content…
Because of this, we need to specify permissions for all users and groups. Users and groups only need the necessary permissions to be able to do their work/tasks. Groups and users can be created to only have certain permissions; read, write, execute. Not every group or user is going to need all three permissions. Group management can be used to implement these permissions. Setuid can help disperse the permissions to those in the same group, but can also cause some security issues. It is best to use this as little as possible. Sticky Bit can also be used to help prevent users from deleting or renames files. Other attributes that can be enabled are set with chattr command, this prevents the user from being able to rename, move, delete, or modify a file. Using the sudo command will allow access to permissions but in a controlled and limited way. Meaning the sysadmin can set restrictions to a user that would only allow him to run specific privileged commands. Another way to control user permissions is to use Access Control Lists. ACLs can be edited by using getfacl and setfacl. ACL entry has a qualifier (type A) to set the preferred permissions for users and groups. Using pam_listfile will also restrict groups from opening files they do not need to