Changes between Initial Version and Version 1 of UoL LAMP Server Risk Assessment


Ignore:
Timestamp:
08/26/16 13:22:12 (8 years ago)
Author:
Richard Bramley
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UoL LAMP Server Risk Assessment

    v1 v1  
     1= UoL Lamp Server Risk Assessment
     2
     3Tags: [[UoL LAMP Server]] [[Information_Governance_Category]]
     4
     5== 1 Illicit Access to Server
     6
     7=== 1.1 Impact
     8
     9- 1.1.1 Attacker could have access to data stored on the server
     10- 1,1.2 Attacker could corrupt data stored on the server
     11- 1.1.3 Attacker could change or corrupt the software running on the machine
     12
     13=== 1.2 Likelihood
     14
     15- 1.2.1 The servers are available on the Internet and so open to attack
     16
     17=== 1.3 Mitigation
     18
     19- 1.3.1 Access via ssh is only allowed from within the University of Leicester
     20- 1.3.2 Servers are behind a proxy server, which attackers would have to compromise before accessing the server itself.
     21- 1.3.3 Only ports 80 and 443 communication is allowed through the proxy server
     22- 1.3.4 VMs are backed up daily to allow a restore if a corruption occurs
     23- 1.3.5 Software is available online or from source repositories (SVN or Git)
     24
     25=== 1.4 Improvements
     26
     27- 1.4.1 Access could be restricted to users with an SSH key. [[#756]]
     28- 1.4.2 Disaster Recovery Testing [[#360]]
     29
     30== 2 Illicit Access to Data
     31
     32=== 2.1 Impact
     33
     34- 2.1.1 Attacker could have access to data stored on the server
     35- 2.1.2 Attacker could corrupt data stored on the server
     36- 2.1.3 Attacker could use access to the database to access the machine
     37
     38=== 2.2 Likelihood
     39
     40- 2.2.1 The servers are available on the internet and so open to attack
     41
     42=== 2.3 Mitigation
     43
     44- 2.3.1 Database users are only allowed to connect from the local host.
     45- 2.3.2 Database port are only available from the local host.
     46- 2.3.3 VMs are backed up daily to allow a restore if a corruption occurs
     47- 2.3.4 Databases are backed up daily with a history of 3 months to allow for recovery
     48- 2.3.5 Database server can only write data to the temp and database directories
     49
     50=== 2.4 Improvements
     51
     52- 2.4.1 Access could be restricted to users with an SSH key. [[#757]]
     53- 2.4.2 Disaster Recovery Testing [[#360]]
     54
     55== 3 Illicit Use or Corruption of Data or Software by Employees
     56
     57=== 3.1 Impact
     58
     59- 3.1.1 Data could be released to the public
     60- 3.1.2 Data could be lost or corrupted (see 7 below)
     61- 3.1.3 Software could lost or corrupted (see 8 below)
     62
     63=== 3.2 Likelihood
     64
     65- 3.2.1 It is unlikely, but these things happen
     66
     67=== 3.3 Mitigation
     68
     69- 3.3.1 Use LDAP to connect to servers to disallow sharing of passwords
     70- 3.3.2 Remove user accounts as soon as employees leave.
     71- 3.3.3 Backups of VMs are kept securely off site.
     72- 3.3.4 Software is kept in source repositories, which track changes and can be restored back to any point.
     73
     74=== 3.4 Improvements
     75
     76== 4 Illicit Access to Software
     77
     78=== 4.1 Impact
     79
     80- 4.1.1 Attacker could have access to data stored in the application
     81- 4.1.2 Attacker could corrupt data stored in the application
     82
     83=== 4.2 Likelihood
     84
     85- 4.1.3 Applications are visible on the internet so attacks will occur
     86
     87=== 4.3 Mitigation
     88
     89- 4.3.1 Use Apache config to restrict access to University of Leicester Network were appropriate
     90- 4.3.2 Enforce a strong password policy
     91- 4.3.3 Use LDAP authentication where possible
     92
     93=== 4.4 Improvements
     94
     95- 4.4.1 Investigate what measures are installed on the proxy to mitigate against attack [[#578]]
     96
     97== 5 Communication Interception
     98
     99=== 5.1 Impact
     100
     101- 5.1.1 Application data could become exposed
     102
     103=== 5.2 Likelihood
     104
     105- 5.2.1 Applications are visible on the internet so attacks will occur
     106
     107=== 5.3 Mitigation
     108
     109- 5.3.1 All communications use SSL
     110
     111=== 5.4 Improvements
     112
     113== 6 Software Security Vulnerability
     114
     115=== 6.1 Impact
     116
     117- 6.1.1 Software systems could become insecure
     118- 6.1.2 Data could be lost or corrupted (see 7 below)
     119- 6.1.3 Software could lost or corrupted (see 8 below)
     120- 6.1.4 Data could be exposed
     121
     122=== 6.2 Likelihood
     123
     124- 6.2.1 Vulnerabilities in software are constantly coming to light and internet available sights are always at risk.
     125
     126=== 6.3 Mitigation
     127
     128- 6.3.1 Software is kept up to date
     129- 6.3.2 Exploits often involve opening SSH ports, that are restricted through the proxy
     130- 6.3.3 Applications are run as a restricted user account that does not have permission to make configuration changes
     131
     132=== 6.4 Improvements
     133
     134== 7 Data Loss or Corruption
     135
     136=== 7.1 Impact
     137
     138- 7.1.1 Jeopardize feasibility of studies where data is lost
     139
     140=== 7.2 Likelihood
     141
     142- 7.2.1 A major loss would require a catastrophic failure
     143- 7.2.2 A smaller loss or corruption of data is much more common
     144
     145=== 7.3 Mitigation
     146
     147- 7.3.1 Data is backed up daily and kept for 3 months
     148- 7.3.2 The VMs are also backed up daily and stored securely off site
     149
     150=== 7.4 Improvements
     151
     152== 8 Software Loss or Corruption
     153
     154=== 8.1 Impact
     155
     156- 8.1.1 Interrupt progress of studies until systems can be restored
     157
     158=== 8.2 Likelihood
     159
     160- 8.2.1 A major loss is unlikely, but minor problems can easily occur when software is being upgraded
     161
     162=== 8.3 Mitigation
     163
     164- 8.3.1 VMs are backed up daily and stored securely off site
     165- 8.3.2 Software is stored in source code repositories that are backed up and any version can be retrieved
     166- 8.3.3 Processes to install software are documented within TRAC and automation is employed to simplify the process
     167
     168=== 8.4 Improvements
     169
     170- 8.4.1 Move automation should be introduced
     171
     172[[BackLinks]]