Changes between Version 6 and Version 7 of UhlLinuxServer Risk Assessment


Ignore:
Timestamp:
08/26/16 14:15:38 (8 years ago)
Author:
Richard Bramley
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UhlLinuxServer Risk Assessment

    v6 v7  
    1313=== 1.2 Likelihood
    1414
    15 - 1.2.1 The servers are available on the Internet and so open to attack
     15- 1.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
    1616
    1717=== 1.3 Mitigation
    1818
    19 - 1.3.1 Access via ssh is only allowed from within the University of Leicester
    20 - 1.3.2 Servers are behind a proxy server, which attackers would have to compromise before accessing the server itself.
    21 - 1.3.3 Only ports 80 and 443 communication is allowed through the proxy server
    22 - 1.3.4 VMs are backed up daily to allow a restore if a corruption occurs
    23 - 1.3.5 Software is available online or from source repositories (SVN or Git)
     19- 1.3.1 Access via ssh is only allowed from within UHL
     20- 1.3.2 VMs are backed up daily to allow a restore if a corruption occurs
     21- 1.3.3 Software is available online or from source repositories (SVN or Git)
    2422
    2523=== 1.4 Improvements
     
    3836=== 2.2 Likelihood
    3937
    40 - 2.2.1 The servers are available on the internet and so open to attack
     38- 2.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
    4139
    4240=== 2.3 Mitigation
    4341
    44 - 2.3.1 Database users are only allowed to connect from the local host.
    45 - 2.3.2 Database port are only available from the local host.
    46 - 2.3.3 VMs are backed up daily to allow a restore if a corruption occurs
    47 - 2.3.4 Databases are backed up daily with a history of 3 months to allow for recovery
    48 - 2.3.5 Database server can only write data to the temp and database directories
     42- 2.3.1 VMs are backed up daily to allow a restore if a corruption occurs
     43- 2.3.2 Databases are backed up daily with a history of 3 months to allow for recovery
     44- 2.3.3 Database server can only write data to the temp and database directories
    4945
    5046=== 2.4 Improvements
     
    6763=== 3.3 Mitigation
    6864
    69 - 3.3.1 Use LDAP to connect to servers to disallow sharing of passwords
    70 - 3.3.2 Remove user accounts as soon as employees leave.
    71 - 3.3.3 Backups of VMs are kept securely off site.
    72 - 3.3.4 Software is kept in source repositories, which track changes and can be restored back to any point.
     65- 3.3.1 Remove user accounts as soon as employees leave.
     66- 3.3.2 Backups of VMs are kept securely off site.
     67- 3.3.3 Software is kept in source repositories, which track changes and can be restored back to any point.
    7368
    7469=== 3.4 Improvements
     
    8378=== 4.2 Likelihood
    8479
    85 - 4.1.3 Applications are visible on the internet so attacks will occur
     80- 4.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
    8681
    8782=== 4.3 Mitigation
    8883
    89 - 4.3.1 Use Apache config to restrict access to University of Leicester Network were appropriate
    90 - 4.3.2 Enforce a strong password policy
    91 - 4.3.3 Use LDAP authentication where possible
     84- 4.3.1 Enforce a strong password policy
     85- 4.3.2 Use LDAP authentication where possible
    9286
    9387=== 4.4 Improvements
    94 
    95 - 4.4.1 Investigate what measures are installed on the proxy to mitigate against attack [[#578]]
    9688
    9789== 5 Communication Interception
     
    10395=== 5.2 Likelihood
    10496
    105 - 5.2.1 Applications are visible on the internet so attacks will occur
     97- 5.2.1 The servers are available on the UHL Intranet and so an attack is unlikely
    10698
    10799=== 5.3 Mitigation
     
    122114=== 6.2 Likelihood
    123115
    124 - 6.2.1 Vulnerabilities in software are constantly coming to light and internet available sights are always at risk.
     116- 6.2.1 Vulnerabilities in software are constantly coming to light, but sites are only visible within the UHL network.
    125117
    126118=== 6.3 Mitigation
    127119
    128120- 6.3.1 Software is kept up to date
    129 - 6.3.2 Exploits often involve opening SSH ports, that are restricted through the proxy
    130 - 6.3.3 Applications are run as a restricted user account that does not have permission to make configuration changes
     121- 6.3.2 Applications are run as a restricted user account that does not have permission to make configuration changes
    131122
    132123=== 6.4 Improvements