| 1 | = UoL Lamp Server Risk Assessment |
| 2 | |
| 3 | Tags: [[UoL LAMP Server]] [[Information_Governance_Category]] |
| 4 | |
| 5 | == 1 Illicit Access to Server |
| 6 | |
| 7 | === 1.1 Impact |
| 8 | |
| 9 | - 1.1.1 Attacker could have access to data stored on the server |
| 10 | - 1,1.2 Attacker could corrupt data stored on the server |
| 11 | - 1.1.3 Attacker could change or corrupt the software running on the machine |
| 12 | |
| 13 | === 1.2 Likelihood |
| 14 | |
| 15 | - 1.2.1 The servers are available on the Internet and so open to attack |
| 16 | |
| 17 | === 1.3 Mitigation |
| 18 | |
| 19 | - 1.3.1 Access via ssh is only allowed from within the University of Leicester |
| 20 | - 1.3.2 Servers are behind a proxy server, which attackers would have to compromise before accessing the server itself. |
| 21 | - 1.3.3 Only ports 80 and 443 communication is allowed through the proxy server |
| 22 | - 1.3.4 VMs are backed up daily to allow a restore if a corruption occurs |
| 23 | - 1.3.5 Software is available online or from source repositories (SVN or Git) |
| 24 | |
| 25 | === 1.4 Improvements |
| 26 | |
| 27 | - 1.4.1 Access could be restricted to users with an SSH key. [[#756]] |
| 28 | - 1.4.2 Disaster Recovery Testing [[#360]] |
| 29 | |
| 30 | == 2 Illicit Access to Data |
| 31 | |
| 32 | === 2.1 Impact |
| 33 | |
| 34 | - 2.1.1 Attacker could have access to data stored on the server |
| 35 | - 2.1.2 Attacker could corrupt data stored on the server |
| 36 | - 2.1.3 Attacker could use access to the database to access the machine |
| 37 | |
| 38 | === 2.2 Likelihood |
| 39 | |
| 40 | - 2.2.1 The servers are available on the internet and so open to attack |
| 41 | |
| 42 | === 2.3 Mitigation |
| 43 | |
| 44 | - 2.3.1 Database users are only allowed to connect from the local host. |
| 45 | - 2.3.2 Database port are only available from the local host. |
| 46 | - 2.3.3 VMs are backed up daily to allow a restore if a corruption occurs |
| 47 | - 2.3.4 Databases are backed up daily with a history of 3 months to allow for recovery |
| 48 | - 2.3.5 Database server can only write data to the temp and database directories |
| 49 | |
| 50 | === 2.4 Improvements |
| 51 | |
| 52 | - 2.4.1 Access could be restricted to users with an SSH key. [[#757]] |
| 53 | - 2.4.2 Disaster Recovery Testing [[#360]] |
| 54 | |
| 55 | == 3 Illicit Use or Corruption of Data or Software by Employees |
| 56 | |
| 57 | === 3.1 Impact |
| 58 | |
| 59 | - 3.1.1 Data could be released to the public |
| 60 | - 3.1.2 Data could be lost or corrupted (see 7 below) |
| 61 | - 3.1.3 Software could lost or corrupted (see 8 below) |
| 62 | |
| 63 | === 3.2 Likelihood |
| 64 | |
| 65 | - 3.2.1 It is unlikely, but these things happen |
| 66 | |
| 67 | === 3.3 Mitigation |
| 68 | |
| 69 | - 3.3.1 Use LDAP to connect to servers to disallow sharing of passwords |
| 70 | - 3.3.2 Remove user accounts as soon as employees leave. |
| 71 | - 3.3.3 Backups of VMs are kept securely off site. |
| 72 | - 3.3.4 Software is kept in source repositories, which track changes and can be restored back to any point. |
| 73 | |
| 74 | === 3.4 Improvements |
| 75 | |
| 76 | == 4 Illicit Access to Software |
| 77 | |
| 78 | === 4.1 Impact |
| 79 | |
| 80 | - 4.1.1 Attacker could have access to data stored in the application |
| 81 | - 4.1.2 Attacker could corrupt data stored in the application |
| 82 | |
| 83 | === 4.2 Likelihood |
| 84 | |
| 85 | - 4.1.3 Applications are visible on the internet so attacks will occur |
| 86 | |
| 87 | === 4.3 Mitigation |
| 88 | |
| 89 | - 4.3.1 Use Apache config to restrict access to University of Leicester Network were appropriate |
| 90 | - 4.3.2 Enforce a strong password policy |
| 91 | - 4.3.3 Use LDAP authentication where possible |
| 92 | |
| 93 | === 4.4 Improvements |
| 94 | |
| 95 | - 4.4.1 Investigate what measures are installed on the proxy to mitigate against attack [[#578]] |
| 96 | |
| 97 | == 5 Communication Interception |
| 98 | |
| 99 | === 5.1 Impact |
| 100 | |
| 101 | - 5.1.1 Application data could become exposed |
| 102 | |
| 103 | === 5.2 Likelihood |
| 104 | |
| 105 | - 5.2.1 Applications are visible on the internet so attacks will occur |
| 106 | |
| 107 | === 5.3 Mitigation |
| 108 | |
| 109 | - 5.3.1 All communications use SSL |
| 110 | |
| 111 | === 5.4 Improvements |
| 112 | |
| 113 | == 6 Software Security Vulnerability |
| 114 | |
| 115 | === 6.1 Impact |
| 116 | |
| 117 | - 6.1.1 Software systems could become insecure |
| 118 | - 6.1.2 Data could be lost or corrupted (see 7 below) |
| 119 | - 6.1.3 Software could lost or corrupted (see 8 below) |
| 120 | - 6.1.4 Data could be exposed |
| 121 | |
| 122 | === 6.2 Likelihood |
| 123 | |
| 124 | - 6.2.1 Vulnerabilities in software are constantly coming to light and internet available sights are always at risk. |
| 125 | |
| 126 | === 6.3 Mitigation |
| 127 | |
| 128 | - 6.3.1 Software is kept up to date |
| 129 | - 6.3.2 Exploits often involve opening SSH ports, that are restricted through the proxy |
| 130 | - 6.3.3 Applications are run as a restricted user account that does not have permission to make configuration changes |
| 131 | |
| 132 | === 6.4 Improvements |
| 133 | |
| 134 | == 7 Data Loss or Corruption |
| 135 | |
| 136 | === 7.1 Impact |
| 137 | |
| 138 | - 7.1.1 Jeopardize feasibility of studies where data is lost |
| 139 | |
| 140 | === 7.2 Likelihood |
| 141 | |
| 142 | - 7.2.1 A major loss would require a catastrophic failure |
| 143 | - 7.2.2 A smaller loss or corruption of data is much more common |
| 144 | |
| 145 | === 7.3 Mitigation |
| 146 | |
| 147 | - 7.3.1 Data is backed up daily and kept for 3 months |
| 148 | - 7.3.2 The VMs are also backed up daily and stored securely off site |
| 149 | |
| 150 | === 7.4 Improvements |
| 151 | |
| 152 | == 8 Software Loss or Corruption |
| 153 | |
| 154 | === 8.1 Impact |
| 155 | |
| 156 | - 8.1.1 Interrupt progress of studies until systems can be restored |
| 157 | |
| 158 | === 8.2 Likelihood |
| 159 | |
| 160 | - 8.2.1 A major loss is unlikely, but minor problems can easily occur when software is being upgraded |
| 161 | |
| 162 | === 8.3 Mitigation |
| 163 | |
| 164 | - 8.3.1 VMs are backed up daily and stored securely off site |
| 165 | - 8.3.2 Software is stored in source code repositories that are backed up and any version can be retrieved |
| 166 | - 8.3.3 Processes to install software are documented within TRAC and automation is employed to simplify the process |
| 167 | |
| 168 | === 8.4 Improvements |
| 169 | |
| 170 | - 8.4.1 Move automation should be introduced |
| 171 | |
| 172 | [[BackLinks]] |