Version 4 (modified by 8 years ago) ( diff ) | ,
---|
UhlLinuxServer Risk Assessment
Tags: UhlLinuxServer Information_Governance_Category
1 Illicit Access to Server
1.1 Impact
- 1.1.1 Attacker could have access to data stored on the server
- 1,1.2 Attacker could corrupt data stored on the server
- 1.1.3 Attacker could change or corrupt the software running on the machine
1.2 Likelihood
- 1.2.1 The servers are available on the Internet and so open to attack
1.3 Mitigation
- 1.3.1 Access via ssh is only allowed from within the University of Leicester
- 1.3.2 Servers are behind a proxy server, which attackers would have to compromise before accessing the server itself.
- 1.3.3 Only ports 80 and 443 communication is allowed through the proxy server
- 1.3.4 VMs are backed up daily to allow a restore if a corruption occurs
- 1.3.5 Software is available online or from source repositories (SVN or Git)
1.4 Improvements
- 1.4.1 Access could be restricted to users with an SSH key. #756
- 1.4.2 Disaster Recovery Testing #360
2 Illicit Access to Data
2.1 Impact
- 2.1.1 Attacker could have access to data stored on the server
- 2.1.2 Attacker could corrupt data stored on the server
- 2.1.3 Attacker could use access to the database to access the machine
2.2 Likelihood
- 2.2.1 The servers are available on the internet and so open to attack
2.3 Mitigation
- 2.3.1 Database users are only allowed to connect from the local host.
- 2.3.2 Database port are only available from the local host.
- 2.3.3 VMs are backed up daily to allow a restore if a corruption occurs
- 2.3.4 Databases are backed up daily with a history of 3 months to allow for recovery
- 2.3.5 Database server can only write data to the temp and database directories
2.4 Improvements
- 2.4.1 Access could be restricted to users with an SSH key. #757
- 2.4.2 Disaster Recovery Testing #360
3 Illicit Use or Corruption of Data or Software by Employees
3.1 Impact
- 3.1.1 Data could be released to the public
- 3.1.2 Data could be lost or corrupted (see 7 below)
- 3.1.3 Software could lost or corrupted (see 8 below)
3.2 Likelihood
- 3.2.1 It is unlikely, but these things happen
3.3 Mitigation
- 3.3.1 Use LDAP to connect to servers to disallow sharing of passwords
- 3.3.2 Remove user accounts as soon as employees leave.
- 3.3.3 Backups of VMs are kept securely off site.
- 3.3.4 Software is kept in source repositories, which track changes and can be restored back to any point.
3.4 Improvements
4 Illicit Access to Software
4.1 Impact
- 4.1.1 Attacker could have access to data stored in the application
- 4.1.2 Attacker could corrupt data stored in the application
4.2 Likelihood
- 4.1.3 Applications are visible on the internet so attacks will occur
4.3 Mitigation
- 4.3.1 Use Apache config to restrict access to University of Leicester Network were appropriate
- 4.3.2 Enforce a strong password policy
- 4.3.3 Use LDAP authentication where possible
4.4 Improvements
- 4.4.1 Investigate what measures are installed on the proxy to mitigate against attack #578
5 Communication Interception
5.1 Impact
- 5.1.1 Application data could become exposed
5.2 Likelihood
- 5.2.1 Applications are visible on the internet so attacks will occur
5.3 Mitigation
- 5.3.1 All communications use SSL
5.4 Improvements
6 Software Security Vulnerability
6.1 Impact
6.2 Likelihood
6.3 Mitigation
6.4 Improvements
7 Data Loss or Corruption
7.1 Impact
7.2 Likelihood
7.3 Mitigation
7.4 Improvements
8 Software Loss or Corruption
8.1 Impact
8.2 Likelihood
8.3 Mitigation
8.4 Improvements
Note:
See TracWiki
for help on using the wiki.