Tuesday, December 18, 2018
'Is3440 Project Part 1 Essay\r'
'First World nest egg and give is a financial institution that processes citation card legal proceeding and loan applications online. We atomic number 18 shortly considering implementing an well-defined reference infrastructure. This could potentially save us over $4,000,000 per year in licensing fees for the softw argon we be currently development. How incessantly, due to our business motivations; we essential placid comply with the Sarbanes-Oxley spot (SOX), Payment post-horse Industry â⬠selective information Security banal (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA). We essentialiness comply with SOX, beca persona we are a publicly-traded financial institution; PCI-DSS, because we process online credit card transactions; and GLBA, because we are a financial institution. All of the regulations of these tether compliancy laws must(prenominal)iness be met, while comfort substantiateing the Confidentiality, Integrity, and aditibility (CIA) triad.\r\nA ll security measure requirements for SOX, PCI-DSS, and GLBA bunghole be achieved development Linux and light extraction infrastructure. Some ex font Ales of informal source bundle that we might use are: Web Server â⬠Apache Web Filtering â⬠DansGuardian net profit Firewall â⬠turn turtle Firewall VPN â⬠Endian Firewall Community IDS/IPS â⬠Suricata entropybase â⬠MySQL File Server â⬠trip the light fantastic toe SMTP Server â⬠hMailServer I would recomm stop over that we use a ââ¬Å"Defense in Depthââ¬Â strategy, having quaternary layers of entry protection. We postulate to sport an IDS/IPS on both sides of our progress firewall. The inside IDS/IPS pass on be used as excess protection for our entanglement and the outside IDS/IPS forget serve as an early warning remains from attacks. We volition also use the outside IDS/IPS for additional protection and to monitor what types of attacks are occurring. Our entanglement master of ceremo nies and mail emcee should be completely degage from the remainder of our network in a de-militarized zona (DMZ). We need to go through a network firewall amongst our DMZ and our internal network, between the outside valet de chambre and our internal network, and between our DMZ and the outside knowledge base. there should also be a local firewall enabled on each local machine. Also, since our physical servers leave be hosted at a third party location, we must have VPN approach to these servers to bang them. All insular selective information will need to be encrypted, as well as all info transitions. To go a coarse with the previously menti unrivaledd physical and parcel ground security measures, we will also apply multiple policies to maintain this security.\r\nAcceptable Use Policy â⬠This form _or_ placement of government will describe how the companies IT assets should and can be used. As well as what is non acceptable to do on comp either assets. Password Pol icy â⬠This polity will explain what parameters a word of honor must dally to be accepted. For example; a tidings must be at least 15 characters long have at least on capital letter, have at least champion start case letter, have at least one(a)ness number, and have at least on symbol. Privacy Policy â⬠This policy describes what information must remain confidential. Training employees on the proper musical mode to use (and how NOT to use) political party assets is a major(ip) key to ensuring the CIA triad remains intact and our network secure. In this part of the executive summary, I am going to be explaining, and making recommendations on what the lift out options are for the open source packet that is essential for the instruction of the First World Savings and Loan financial instituteââ¬â¢s various vane and application servers. For each of the servers, I recommend using the Red Hat Enterprise Linux operational system for a number of reasons.\r\nThe mai n ones being that it is one of the most secure, Itââ¬â¢s backed by years of technical rear, Itââ¬â¢s supported by a vast number of varied hardware, and It is one of the most, if not the most, favourite and used server OSs that one can get today. I would rather go with software that has been vigorously tested to its chip ining point and still remains at the top tier of server software options thatââ¬â¢s removeily unattached today, than one that has just come out with all of the bells and whistles. So on that note, letââ¬â¢s get started on what I recommend to be the violate of the outgo in terms of ad hoc software and divine service needs. There are numerous enormous open source software solutions for informationbase servers, comparable, H2, HyperSQL, MySQL, mysql, Oracle, and PostgreSQL, just to name a few. They all offer top toss functionality, performance, scalability, and security. As cold as which one is the trump, I recommend PostgreSQL. PostgreSQL i s an object-relational selective informationbase software solution that offers whatever(prenominal) of the most feature well-to-do options as compared to the bigger commercial manufacturers like Oracle, IBM, Sybase and Informix, and the best part of it, itââ¬â¢s free. Itââ¬â¢s also one of the first database software that was released, and it has a turn up quest after record with over 23 years of active development. It was created back in 1989.\r\nThe whole other DB software that came out before it is Oracle, which was created back in 1979. Now PostgreSQL might not be the fastest, alone It some(prenominal) than makes up for it with its functionality. It allows the use of two different types of interfaces, a graphical substance abuser interface (for those who like the point-click style) and a SQL. It workings on most OSs like windows, Linux, Mac, Unix, and so on It has a vast array of services and tools that is included to streamline the administration of the Databa se. here(predicate) are just some examples; Full hot (Atomicity, Consistency, Isolation, & Durability) compliancy, commercial & noncommercial support, triggers support, user defined data type support, stored procedure support, online reinforcement, multiple index type stimulant support, embedded access controls, encryption, etc. here is a comparison of the top DB software available I got from the unbiased, data-driven comparison website; www.findthebest.com/database-management-sytems: ââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\nSpecifications\r\nProduct | MySQL | Oracle | PostgreSQL |\r\n architecture | Relational baffle | Relational Model | Object-relational Model | Software License | * GPL * PostgreSQL * branded | * GPL * PostgreSQL * Proprietary | * GPL * PostgreSQL * Proprietary | Operating System | * Windows * Mac OS X * Linux * UNIX * z/OS * BSD * Symbian * AmigaOS | * Windows * Mac OS X * Linux * UNIX * z/OS * BSD * Symb ian * AmigaOS | * Windows * Mac OS X * Linux * UNIX * z/OS * BSD * Symbian * AmigaOS | Demo? | | â⬠| |\r\nInterface | * GUI * SQL | * GUI * SQL | * GUI * SQL |\r\nWebsite | MySQL (mysql.com) | Oracle (oracle.com) | PostgreSQL (postgresql.org) | First universe unleash Year | 1995 | 1979 | 1989 |\r\nLastest Stable Version | 5.5.19 | 11g disengage 2 | 9.1.3 |\r\nââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\n-Price\r\nPrice | $0 | $180 | $0 |\r\nPurchase Page | MySQL (https) | Oracle (https) | â⬠|\r\nââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\n-General Features\r\nFeatures | * ACID * reenforcement * Custom Functions * Database mos * Export Data * Extensibility * tall Availability * Highly Scalable * Import Data *\r\n chocolate Support * Multi-Core Support * suck in muchââ¬Âº | * ACID * Backup * Custom Functions * Database Imports * Export Data * Extensibility * High Availability * Highly Sc alable * Import Data * Java Support * Multi-Core Support * See moreââ¬Âº | * ACID * Backup * Custom Functions * Database Imports * Export Data * Extensibility * High Availability * Highly Scalable * Import Data * Java Support * Multi-Core Support * See moreââ¬Âº | Indexes | * electronic image * Expression * Full-text * GIN * totality * chop * uncomplete * R-/R+ Tree * regression | * Bitmap * Expression * Full-text * GIN * GiST * Hash * Partial * R-/R+ Tree * Reverse | * Bitmap * Expression * Full-text * GIN * GiST * Hash * Partial * R-/R+ Tree * Reverse | Database Capabilities | * Blobs and Clobs * green accede Expressions * Except * informal Joins * Inner Selects * meet * go Joins * Outer Joins * Parallel motion * partnership * Windowing Functions | * Blobs and Clobs * Common Table Expressions * Except * Inner Joins * Inner Selects * Intersect * Merge Joins * Outer Joins * Parallel Query * Union * Windowing Functions | * Blobs and Clobs * Common Table Expressions * Except * Inner Joins * Inner Selects * Intersect * Merge Joins * Outer Joins * Parallel Query * Union * Windowing Functions | Partitioning | * confused ( lean + Hash) * Hash * call * domestic Replication API * Range * Shadow | * Composite (Range + Hash) * Hash * disputation * Native Replication API * Range * Shadow | * Composite (Range + Hash) * Hash * List * Native Replication API * Range * Shadow | entrance fee come across | * Audit * Brute-force Protection * Enterprise Directory Compatibility * Native profit Encryption * Password Complexity Rules * Patch gravel * Resource Limit * Run Unprivileged * Security documentation | * Audit * Brute-force Protection * Enterprise Directory Compatibility * Native net profit Encryption * Password Complexity Rules * Patch assenting * Resource Limit * Run Unprivileged * Security testimony | * Audit * Brute-force Protection * Enterprise Directory Compatibility * Native Network Encryption * Password Complexity Rules * Patch Access * R esource Limit * Run Unprivileged * Security support | Tables and Views | * Materialized Views * fly-by-night Table | * Materialized Views * Temporary Table | * Materialized Views * Temporary Table | Other Objects | * Cursor * Data expanse * External flake * Function * role * move | * Cursor * Data Domain * External Routine * Function * Procedure * Trigger | * Cursor * Data Domain * External Routine * Function * Procedure * Trigger | Support Features | * Email * FAQ * Forums * Live call on the carpet * posting\r\nList * On-site * visit * Tips and hints * egg white paper | * Email * FAQ * Forums * Live chat * Mailing List * On-site * Phone * Tips and hints * White papers | * Email * FAQ * Forums * Live chat * Mailing List * On-site * Phone * Tips and hints * White papers | ââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\n-Product translation\r\nProduct Description | MySQL is a relational database management system (RDBMS) that bunks as a server providing multi-user access to a number of databases. MySQL is officially pronounced /maêÃÅ'ÃâºskjuÃÂÃËÃâºl/ (ââ¬Å"My S-Q-Lââ¬Â), but is often also pronounced /maêÃËsiÃÂkwÃâ¢l/ (ââ¬Å"My lengthinessââ¬Â). It is named for original developer Michael Wideniusââ¬â¢s daughter My. | Oracle Database 11g Release 2 provides the engraftation for IT to success intacty deliver more information with higher quality of service, reduce the take chances of change within IT, and make more efficacious use of their IT budgets. By deploying Oracle Database 11g Release 2 as their data management foundation, organizations can hold the full power of the worldââ¬â¢s spark advance database to:ïâ· Reduce server costs by a work out of 5ïâ· Reduce storage requirements by a factor of 12ïâ· Improve legation critical systems performance by a factor of 10ïâ· Increase DBA productivity by a factor of 2ïâ· Eliminate idle circumlocution in the dat a center, andïâ· Simplify their overall IT software portfolio. | PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a buckram spirit for reliability, data integrity, and crystalizeness. It runs on all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS X, Solaris, Tru64), and Windows. It is fully ACID compliant, has full support for foreign keys, joins, views, triggers, and stored procedures (in multiple languages). It includes most SQL:2008 data types, including INTEGER, NUMERIC, BOOLEAN, cleaning woman, VARCHAR, date stamp, INTERVAL, and TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video. It has native programming interfaces for C/C++, Java, .Net, Perl, Python, Ruby, Tcl, ODBC, among others, and extraordinary documentation. | ââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢ â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\n-Contact Information\r\nContact Link | MySQL (mysql.com) | Oracle (oracle.com) | PostgreSQL (postgresql.org) | Phone | 1 (866) 221-0634 | 1 (800) 392-2999 | â⬠|\r\nââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\n-Limits\r\n goop Blob/Clob size | 4 GB | Unlimited | 1 GB (text, bytea) â⬠stored inline or 2 GB (stored in pg_largeobject) | guck CHAR surface | 64 KB (text) | 4000 B | 1 GB |\r\n muck Column adduce Size | 64 | 30 | 63 |\r\n guck Columns per course of action | 4096 | 1000 | 250-1600 depending on type | Max day of the month Value | 9999 | 9999 | 5874897 |\r\nMax DB Size | Unlimited | Unlimited | Unlimited |\r\nMax public figure Size | 64 bits | 126 bits | Unlimited |\r\nMax Row Size | 64 KB | 8KB | 1.6 TB |\r\nMax Table Size | MyISAM storage limits: 256TB; Innodb storage limits: 64TB | 4 GB | 32 TB | Min DATE Value | 1000 | -4712 | -4713 |\r\nââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬ ââ¬Ã¢â¬Ã¢â¬Ã¢â¬Ã¢â¬-\r\n-Data Types\r\nType System | * dynamical * tranquil | * Dynamic * Static | * Dynamic * Static | Integer | * BIGINT (64-bit) * INTEGER (32-bit) * MEDIUMINT (24-bit) * keep down * SMALLINT * SMALLINT (16-bit) * TINYINT (8-bit) | * BIGINT (64-bit) * INTEGER (32-bit) * MEDIUMINT (24-bit) * NUMBER * SMALLINT * SMALLINT (16-bit) * TINYINT (8-bit) | * BIGINT (64-bit) * INTEGER (32-bit) * MEDIUMINT (24-bit) * NUMBER * SMALLINT * SMALLINT (16-bit) * TINYINT (8-bit) | Floating Point | * binary_ recapitulate * binary_FLOAT * replicate (64-bit) * fork-like PRECISION * FLOAT * REAL | * binary star_DOUBLE * BINARY_FLOAT * DOUBLE (64-bit) * DOUBLE PRECISION * FLOAT * REAL | * BINARY_DOUBLE * BINARY_FLOAT * DOUBLE (64-bit) * DOUBLE PRECISION * FLOAT * REAL | decimal fraction | * denary * NUMERIC | * DECIMAL * NUMERIC | * DECIMAL * NUMERIC | String | * CHAR * NCHAR * NVARCHAR * TEXT * VARCHAR | * CHAR * NCHAR * NVARCHAR * TEXT * VARCHAR | * CHAR * NCHAR * NVARC HAR * TEXT * VARCHAR | Binary | * BFILE * BINARY * BINARY LARGE OBJECT * BYTEA * LONGBLOB * LONGRAW * MEDIUMBLOB * RAW * TINYBLOB * VARBINARY | * BFILE * BINARY * BINARY LARGE OBJECT * BYTEA * LONGBLOB * LONGRAW * MEDIUMBLOB * RAW * TINYBLOB * VARBINARY | * BFILE * BINARY * BINARY LARGE OBJECT * BYTEA * LONGBLOB * LONGRAW * MEDIUMBLOB * RAW\r\n* TINYBLOB * VARBINARY | check/Time | * DATE * DATETIME * TIME * TIMESTAMP * family | * DATE * DATETIME * TIME * TIMESTAMP * YEAR | * DATE * DATETIME * TIME * TIMESTAMP * YEAR | Boolean | * BOOLEAN * mystic | * BOOLEAN * Unknown | * BOOLEAN * Unknown | Other | * ARRAYS * AUDIO * function * CIDR * tidy sum * DICOM * ENUM * GIS data types * depiction * INET * MACCADDR * See moreââ¬Âº | * ARRAYS * AUDIO * BIT * CIDR * CIRCLE * DICOM * ENUM * GIS data types * IMAGE * INET * MACCADDR * See moreââ¬Âº | * ARRAYS * AUDIO * BIT * CIDR * CIRCLE * DICOM * ENUM * GIS data types * IMAGE * INET * MACCADDR * See moreââ¬Âº |\r\nI think itââ¬â¢s comely obvious that the data speaks for itself. You canââ¬â¢t get whatever better option unless you want to pay big currency for these specific services. When it comes to deciding on which open source web server software to utilize, there are a rotary of different options, such as, Apache, LightTPD, NGiNX, Boa, Cherokee, etc. The one that stands out the most is Apache. Apache is the most popular web server to date. It is the leading web server that is used most over all others including open source and non-open source options, such as, Microsoftââ¬â¢s IIS, Googleââ¬â¢s proprietary custom servers, NGiNX, AOL, IBM, etc. according to the website www.makeuseof.com. Here is a graph table I found (itââ¬â¢s a little dated) to give you an nous:\r\nApache is the leader because of its functionality, performance, price (itââ¬â¢s free), stability, and security. It has top notch cross-plat forming capabilities so it can be used on numerous operating systems like, Microsoftâ â¬â¢s Windows platform, Linux and UNIX base platforms, mack platforms, BSD platforms, IBM platforms, HP platforms, etc. It can basically run on just about all OS platforms. This is ideal in todayââ¬â¢s ever evolving business needs and requirements. Some of the best features that an Apache web server offers are as follows: Basic access authentication & digest access authentication, SSL/TLS HTTPS, practical(prenominal) hosting, CGI, FCGI, SCGI, Java, SSI, ISAPI, runs in user space versus kernel space, government activity console, and IPv4 & IPv6 addressing.\r\nNow these are just some of the feature sets that Apache uses. It divine services that most, if not all, of these features are security based; which is most all-important(a) when dealing with IT in any aspect of todayââ¬â¢s business world and society itself. There are a lot of different options when it comes to send servers. Some examples are, FileZilla, Samba, HFS, TurnKey, Cerberus, VSFTPD, etc. As far as whatââ¬â¢s the best file server software options it boils down to the companyââ¬â¢s needs. I recommend using Samba or FileZilla for a number of reasons. Samba has over 20 years of development and FileZilla has over 10 years of development, They both offer amazing cross-plat forming capabilities on several(prenominal) different operating systems, They are both pretty easy to setup and administer, they both offer great security, and best of all they are free. This is extremely important for a modern business. Also the fact that they are free helps in cutting down company costs and drives up financial gains throughout the intact company.\r\nPlus, Samba speaks natively with Microsoft Windows machines and these are typically what most end users use for their operating systems. Now for the open source SMTP server software I recommend using iRedMail. iRedMail offers two different options, iRedMail (which is free) & iRedMailPro (which is a gainful version for $299 per server p er year) with amazing fully rear features. The feature include: blazing fast deployment (less than 1 minute), easy to use, security and stability, mind-blowing productivity (uses a very little resources to run), top notch support, autocratic control over data (all personal data is stored on companyââ¬â¢s hard magnetic disk versus some third party storage medium), supports virtualization and non-virtualization software (VMware, Xen, VirtualBox, KVM, OpenVZ, etc. with i386 and x86/x64/ amd64 compatibility), low maintenance, unlimited accounts, stores mail in openLDAP, MySQL, and PostgreSQL, Service and access restrictions, throttling, Anti-Spam & Anti-Virus by default, Webmail, backup support, and security (forced discussion change policy for each(prenominal) 90 days, uses SSL/TLS connections for sending and receiving mail, etc.). The support offered for iRedMail is among the best and in the business world, this is a must. The LDAP server I recommend is Red Hat Directory Server because it offers some of the best features to date. Itââ¬â¢s also has some of the best support in the business. It has an amazing reputation as well. Here is a list of the features that it offers: cost-savings, tremendous scalability (Allows 4-way multimaster replication of data across the entire enterprise while providing centralized, reproducible data, and allows extranet applications), enhanced security (provides centralized, fine-grained access controls, and utilizes strong certificate-based authentication & encryption.), and amazing productivity (centralizes user identity and applications for ease of access for administration), you canââ¬â¢t go wrong with using software from a nationally known and reputable company like Red Hat Linux.\r\nEach user will be put into groups; this will be make to control access to the file system. Each user on the network will have to meet the standards below. Having each user in groups will help manage them, and what they have access and are allowed to do on the server. Each user will have their own partitioned /home directory to reduce impact of the file system. No user should be without a group, any users without groups will save have access to only their home directory. The following is the password policy they will be using: User account\r\nStandard users:\r\n secure reuse of passwords to once per 18 months\r\n frame min day for password expire\r\n nock max day for password expire every 30 days\r\nSet password complexity to require 1 capital letter, 1 lower case letter, 1 number, 1 symbol and must be at least 15 characters long do password policies\r\nEnsure all users do not have access to sudo, or su rights create groups for all users, and give them allow sups or admins to maintain rights to those groups, and allow them specific path use on sudo (only if needed). This will allow users to access the data they need to complete their jobs. Also with this password system in place, it will ensure they do not use simple passwords or recycle passwords too often. crack users:\r\nRights to manage groups\r\nSpecific path use of sudo\r\nRestrict reuse of passwords\r\nSet min day for password expire\r\nSet max day for password expire\r\nSet password complexity\r\nEnforce password policies\r\nThese will help super users to manage groups and have access to the tools that they need. This also prevents the users from having too much access to the systems. This helps the admin manage groups by allowing them to move\r\nusers into the correct group or give them access to specific files that they may need access to. Su will only be used by top direct admins, and only if something is truly not working. Lower train admins will have sudo access to files they need to have access to. Users will only have read/write access to the files they need access to; the rest will be read only access. total will be locked down and will need admin permission to access. Passwd file will not be accessible by anyone other than top take admins Firewall and iptables will only be accessible by top level admins and super users. Configuring our network in this manner and applying these user access control permissions will cost less money and add a greater level of security. Using this ââ¬Å"Defense in Depthââ¬Â strategy, we will have multiple layers of security that an attacker will have to penetrate to break the CIA triad.\r\n'
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment