Changes between Version 2 and Version 3 of UhlLinuxServer Risk Assessment


Ignore:
Timestamp:
08/26/16 11:39:25 (8 years ago)
Author:
Richard Bramley
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • UhlLinuxServer Risk Assessment

    v2 v3  
    99- 1.1.1 Attacker could have access to data stored on the server
    1010- 1,1.2 Attacker could corrupt data stored on the server
    11 - 1.1.2 Attacker could change or corrupt the software running on the machine
     11- 1.1.3 Attacker could change or corrupt the software running on the machine
    1212
    1313=== 1.2 Likelihood
     
    1919- 1.3.1 Access via ssh is only allowed from within the University of Leicester
    2020- 1.3.2 Servers are behind a proxy server, which attackers would have to compromise before accessing the server itself.
    21 - 1.3.3 Only ports 80 and 443 communication is allowed through the proxy server.
     21- 1.3.3 Only ports 80 and 443 communication is allowed through the proxy server
     22- 1.3.4 VMs are backed up daily to allow a restore if a corruption occurs
     23- 1.3.5 Software is available online or from source repositories (SVN or Git)
    2224
    2325=== 1.4 Improvements
     26
     27- 1.4.1 Access could be restricted to users with an SSH key. [[#756]]
     28- 1.4.2 Disaster Recovery Testing [[#360]]
    2429
    2530== 2 Illicit Access to Data
     
    2732=== 2.1 Impact
    2833
     34- 2.1.1 Attacker could have access to data stored on the server
     35- 2.1.2 Attacker could corrupt data stored on the server
     36- 2.1.3 Attacker could use access to the database to access the machine
     37
    2938=== 2.2 Likelihood
     39
     40- 2.2.1 The servers are available on the internet and so open to attack
    3041
    3142=== 2.3 Mitigation
    3243
     44- 2.3.1 Database users are only allowed to connect from the local host.
     45- 2.3.2 Database port are only available from the local host.
     46- 2.3.3 VMs are backed up daily to allow a restore if a corruption occurs
     47- 2.3.4 Databases are backed up daily with a history of 3 months to allow for recovery
     48- 2.3.5 Database server can only write data to the temp and database directories
     49
    3350=== 2.4 Improvements
    3451
    35 == 3 Illicit Use of Data by Employees
     52- 2.4.1 Access could be restricted to users with an SSH key. [[#757]]
     53- 2.4.2 Disaster Recovery Testing [[#360]]
     54
     55== 3 Illicit Use or Corruption of Data or Software by Employees
    3656
    3757=== 3.1 Impact
    3858
     59- 3.1.1 Data could be released to the public
     60- 3.1.2 Data could be lost or corrupted (see 7 below)
     61- 3.1.3 Software could lost or corrupted (see 8 below)
     62
    3963=== 3.2 Likelihood
    4064
     65- 3.2.1 It is unlikely, but these things happen
     66
    4167=== 3.3 Mitigation
     68
     69- 3.3.1 Use LDAP to connect to servers to disallow sharing of passwords
     70- 3.3.2 Remove user accounts as soon as employees leave.
     71- 3.3.3 Backups of VMs are kept securely off site.
     72- 3.3.4 Software is kept in source repositories, which track changes and can be restored back to any point.
    4273
    4374=== 3.4 Improvements
     
    4778=== 4.1 Impact
    4879
     80- 4.1.1 Attacker could have access to data stored in the application
     81- 4.1.2 Attacker could corrupt data stored in the application
     82
    4983=== 4.2 Likelihood
     84
     85- 4.1.3 Applicatoins are visible on the internet so attacks will occur
    5086
    5187=== 4.3 Mitigation
    5288
     89- 4.3.1 Use Apache config to restrict access to University of Leicester Network were appropriate
     90- 4.3.2 Enforce a strong password policy
     91- 4.3.3 Use LDAP authentication where possible
     92
    5393=== 4.4 Improvements
     94
     95- 4.4.1 Investigate what measures are installed on the proxy to mitigate against attack [[#578]]
    5496
    5597== 5 Communication Interception