Changes between Version 1 and Version 2 of UhlLinuxServer N3 Risk Assessment


Ignore:
Timestamp:
08/26/16 14:27:58 (8 years ago)
Author:
Richard Bramley
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UhlLinuxServer N3 Risk Assessment

    v1 v2  
    1 = UhlLinuxServer Risk Assessment
     1= UhlLinuxServer N3 Risk Assessment
    22
    33Tags: [[UhlLinuxServer]] [[Information_Governance_Category]]
     
    1313=== 1.2 Likelihood
    1414
    15 - 1.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
     15- 1.2.1 The servers are available on the NHS N3 Network and so an attack is unlikely
    1616
    1717=== 1.3 Mitigation
     
    2020- 1.3.2 VMs are backed up daily to allow a restore if a corruption occurs
    2121- 1.3.3 Software is available online or from source repositories (SVN or Git)
     22- 1.3.4 The firewall only allows access to specific IP addresses
    2223
    2324=== 1.4 Improvements
     
    3637=== 2.2 Likelihood
    3738
    38 - 2.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
     39- 2.2.1 The servers are available on the NHS N3 and so an attack is unlikely
    3940
    4041=== 2.3 Mitigation
     
    4344- 2.3.2 Databases are backed up daily with a history of 3 months to allow for recovery
    4445- 2.3.3 Database server can only write data to the temp and database directories
     46- 2.3.4 The firewall only allows access to specific IP addresses
    4547
    4648=== 2.4 Improvements
     
    7880=== 4.2 Likelihood
    7981
    80 - 4.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
     82- 4.2.1 The servers are available on the NHS N3 and so an attack is unlikely
    8183
    8284=== 4.3 Mitigation
     
    8486- 4.3.1 Enforce a strong password policy
    8587- 4.3.2 Use LDAP authentication where possible
     88- 4.3.4 The firewall only allows access to specific IP addresses
    8689
    8790=== 4.4 Improvements
     
    9598=== 5.2 Likelihood
    9699
    97 - 5.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
     100- 5.2.1 The servers are available on the NHS N3 Network and so an attack is unlikely
    98101
    99102=== 5.3 Mitigation
     
    120123- 6.3.1 Software is kept up to date
    121124- 6.3.2 Applications are run as a restricted user account that does not have permission to make configuration changes
     125- 6.3.3 The firewall only allows access to specific IP addresses
    122126
    123127=== 6.4 Improvements