| | 1 | = UhlLinuxServer Risk Assessment |
| | 2 | |
| | 3 | Tags: [[UhlLinuxServer]] [[Information_Governance_Category]] |
| | 4 | |
| | 5 | == 1 Illicit Access to Server |
| | 6 | |
| | 7 | === 1.1 Impact |
| | 8 | |
| | 9 | - 1.1.1 Attacker could have access to data stored on the server |
| | 10 | - 1,1.2 Attacker could corrupt data stored on the server |
| | 11 | - 1.1.3 Attacker could change or corrupt the software running on the machine |
| | 12 | |
| | 13 | === 1.2 Likelihood |
| | 14 | |
| | 15 | - 1.2.1 The servers are available on the UHL Intranet and so an attack is unlikely |
| | 16 | |
| | 17 | === 1.3 Mitigation |
| | 18 | |
| | 19 | - 1.3.1 Access via ssh is only allowed from within UHL |
| | 20 | - 1.3.2 VMs are backed up daily to allow a restore if a corruption occurs |
| | 21 | - 1.3.3 Software is available online or from source repositories (SVN or Git) |
| | 22 | |
| | 23 | === 1.4 Improvements |
| | 24 | |
| | 25 | - 1.4.1 Access could be restricted to users with an SSH key. [[#756]] |
| | 26 | - 1.4.2 Disaster Recovery Testing [[#360]] |
| | 27 | |
| | 28 | == 2 Illicit Access to Data |
| | 29 | |
| | 30 | === 2.1 Impact |
| | 31 | |
| | 32 | - 2.1.1 Attacker could have access to data stored on the server |
| | 33 | - 2.1.2 Attacker could corrupt data stored on the server |
| | 34 | - 2.1.3 Attacker could use access to the database to access the machine |
| | 35 | |
| | 36 | === 2.2 Likelihood |
| | 37 | |
| | 38 | - 2.2.1 The servers are available on the UHL Intranet and so an attack is unlikely |
| | 39 | |
| | 40 | === 2.3 Mitigation |
| | 41 | |
| | 42 | - 2.3.1 VMs are backed up daily to allow a restore if a corruption occurs |
| | 43 | - 2.3.2 Databases are backed up daily with a history of 3 months to allow for recovery |
| | 44 | - 2.3.3 Database server can only write data to the temp and database directories |
| | 45 | |
| | 46 | === 2.4 Improvements |
| | 47 | |
| | 48 | - 2.4.1 Access could be restricted to users with an SSH key. [[#757]] |
| | 49 | - 2.4.2 Disaster Recovery Testing [[#360]] |
| | 50 | |
| | 51 | == 3 Illicit Use or Corruption of Data or Software by Employees |
| | 52 | |
| | 53 | === 3.1 Impact |
| | 54 | |
| | 55 | - 3.1.1 Data could be released to the public |
| | 56 | - 3.1.2 Data could be lost or corrupted (see 7 below) |
| | 57 | - 3.1.3 Software could lost or corrupted (see 8 below) |
| | 58 | |
| | 59 | === 3.2 Likelihood |
| | 60 | |
| | 61 | - 3.2.1 It is unlikely, but these things happen |
| | 62 | |
| | 63 | === 3.3 Mitigation |
| | 64 | |
| | 65 | - 3.3.1 Remove user accounts as soon as employees leave. |
| | 66 | - 3.3.2 Backups of VMs are kept securely off site. |
| | 67 | - 3.3.3 Software is kept in source repositories, which track changes and can be restored back to any point. |
| | 68 | |
| | 69 | === 3.4 Improvements |
| | 70 | |
| | 71 | == 4 Illicit Access to Software |
| | 72 | |
| | 73 | === 4.1 Impact |
| | 74 | |
| | 75 | - 4.1.1 Attacker could have access to data stored in the application |
| | 76 | - 4.1.2 Attacker could corrupt data stored in the application |
| | 77 | |
| | 78 | === 4.2 Likelihood |
| | 79 | |
| | 80 | - 4.2.1 The servers are available on the UHL Intranet and so an attack is unlikely |
| | 81 | |
| | 82 | === 4.3 Mitigation |
| | 83 | |
| | 84 | - 4.3.1 Enforce a strong password policy |
| | 85 | - 4.3.2 Use LDAP authentication where possible |
| | 86 | |
| | 87 | === 4.4 Improvements |
| | 88 | |
| | 89 | == 5 Communication Interception |
| | 90 | |
| | 91 | === 5.1 Impact |
| | 92 | |
| | 93 | - 5.1.1 Application data could become exposed |
| | 94 | |
| | 95 | === 5.2 Likelihood |
| | 96 | |
| | 97 | - 5.2.1 The servers are available on the UHL Intranet and so an attack is unlikely |
| | 98 | |
| | 99 | === 5.3 Mitigation |
| | 100 | |
| | 101 | - 5.3.1 All communications use SSL |
| | 102 | |
| | 103 | === 5.4 Improvements |
| | 104 | |
| | 105 | == 6 Software Security Vulnerability |
| | 106 | |
| | 107 | === 6.1 Impact |
| | 108 | |
| | 109 | - 6.1.1 Software systems could become insecure |
| | 110 | - 6.1.2 Data could be lost or corrupted (see 7 below) |
| | 111 | - 6.1.3 Software could lost or corrupted (see 8 below) |
| | 112 | - 6.1.4 Data could be exposed |
| | 113 | |
| | 114 | === 6.2 Likelihood |
| | 115 | |
| | 116 | - 6.2.1 Vulnerabilities in software are constantly coming to light, but sites are only visible within the UHL network. |
| | 117 | |
| | 118 | === 6.3 Mitigation |
| | 119 | |
| | 120 | - 6.3.1 Software is kept up to date |
| | 121 | - 6.3.2 Applications are run as a restricted user account that does not have permission to make configuration changes |
| | 122 | |
| | 123 | === 6.4 Improvements |
| | 124 | |
| | 125 | == 7 Data Loss or Corruption |
| | 126 | |
| | 127 | === 7.1 Impact |
| | 128 | |
| | 129 | - 7.1.1 Jeopardize feasibility of studies where data is lost |
| | 130 | |
| | 131 | === 7.2 Likelihood |
| | 132 | |
| | 133 | - 7.2.1 A major loss would require a catastrophic failure |
| | 134 | - 7.2.2 A smaller loss or corruption of data is much more common |
| | 135 | |
| | 136 | === 7.3 Mitigation |
| | 137 | |
| | 138 | - 7.3.1 Data is backed up daily and kept for 3 months |
| | 139 | - 7.3.2 The VMs are also backed up daily and stored securely off site |
| | 140 | |
| | 141 | === 7.4 Improvements |
| | 142 | |
| | 143 | == 8 Software Loss or Corruption |
| | 144 | |
| | 145 | === 8.1 Impact |
| | 146 | |
| | 147 | - 8.1.1 Interrupt progress of studies until systems can be restored |
| | 148 | |
| | 149 | === 8.2 Likelihood |
| | 150 | |
| | 151 | - 8.2.1 A major loss is unlikely, but minor problems can easily occur when software is being upgraded |
| | 152 | |
| | 153 | === 8.3 Mitigation |
| | 154 | |
| | 155 | - 8.3.1 VMs are backed up daily and stored securely off site |
| | 156 | - 8.3.2 Software is stored in source code repositories that are backed up and any version can be retrieved |
| | 157 | - 8.3.3 Processes to install software are documented within TRAC and automation is employed to simplify the process |
| | 158 | |
| | 159 | === 8.4 Improvements |
| | 160 | |
| | 161 | - 8.4.1 Move automation should be introduced |
| | 162 | |
| | 163 | [[BackLinks]] |
