...Secure File Storage Server First World Bank Savings and Loan has a need to deliver highly confidential customer data in PDF format for online customers. This can be done by uploading data to a Linux file server by bank employees within the LAN. This however is inaccessible for customers. First World Bank Savings and Loan has created a plan to make a secure web server so clients can access the data. In order to do this, we will set up a separate Linux virtual machine that will be running SFTP service that only works with a SSH connection. In order to connect with a SSH connection, users have to pre-authenticate through the web server and traffic needs to be forwarded from that web server to the SFTP server. The SFTP server will then take off the SSH “shell” and be able to read the SFTP traffic. In order to do this, we will implement MySecureShell software that will be installed on an Ubuntu release server. According to http://xmodulo.com/, MySecureShell is an OpenSSH server system that: •Limit per-connection download/upload bandwidth •Limit the number of concurrent connections per account •Hide file and directory owner/group/rights •Hide files and directories which user has no access to •Limit the life time of a connection •Chroot SFTP user into his/her home directory Secure Web and Database Servers Based on what is being asked I am recommending a database and Web server architecture along with this there will be explanations as to how they are secure and...
Words: 1306 - Pages: 6
...a failover in case the main site goes down. Therefore, the site will be redesigned so that customers will be able to place orders through the website and have them delivered as before. The design of the new system will be able to provide more data storage, faster retrieval, better security features and recovery solutions in the event that the website has any problems. With the operational reliability of the existing system, this will make it easier to improve the new system. The first part of the project goal is to discuss what it will take to build the web architecture, then what will have to be done to move the existing Website with minimal downtime, and then provide a disaster recovery plan in the event that the website should crash or stop working. In order to build the architecture, migrate the existing website along with adding the ability for the customers to place orders online and providing for redundancy of the site the system development life cycle (SDLC) will be used. The SDLC consists of five phases that will be utilized in this project and the five phases are systems planning, systems analysis, systems design, systems implementation, and systems support and security. When building a web architecture the first and possibly most important step in the process is the systems planning phase. The reason this is possibly the most important step in the process is that this is the time when you will gather all of the information required in order to build an architecture that...
Words: 2274 - Pages: 10
...Web Server Application Attacks Christopher Jones Theories of Security Management Dr. Alaba Oluyomi Most web attacks are executed by several different methods to interrupt the functions of web servers. Web applications incorporate several applications to make it work properly. The web administrator must monitor the databases, extended markup languages, and script interpreters to stay ahead of hackers. All website that are running on a web server are prone to compromise, even though they are coded. Attackers take advantage of vulnerabilities of the web server. Attacker takes advantage of vulnerabilities within the implementation of TCP/IP protocol suites. With the slow reactions to correct these deficiencies, attackers are shifting to the application layers and mainly the web. This is in part caused by most companies open their firewall systems to web traffic. Most of the attacks are broad, and comes in many versions that fall into similar categories. Companies are making their web servers more secure, so attacks are moving to the vulnerability of web application flaws. Below are types of attacks on a web server 1 Web application vulnerabilities can be categorized as follows; Web server vulnerabilities, Manipulation of URLs, Exploitation of weaknesses in session identifiers and authentication systems, HTML code Injection and Cross-Site Scripting, and SQL Injection. SQL injection is a technique often used to attack data driven applications. This is done...
Words: 1565 - Pages: 7
...different views on security related to a Linux system. * You will be able to identify risks related to the implementation of a Web application in a Linux environment. Assignment Requirements A small community bank is studying the prospect of maintaining its own in-house Linux Web server for a Web application. The Web application will allow the bank’s customers to login, view their loan details, and check and save account balances. The company sends you a request for your services as a Linux and open source consultant. You grab the opportunity because you are dissatisfied with your current job. It is your first day in the community bank, and you are told that your role as a consultant will be to analyze all probable risks related to the prospective Web application. Your manager introduces you to the other employees, including Bob, who is an intern working on the development of the Web application. Bob is also the system administrator as he currently supports the local area network (LAN) environment. You discuss the Web application and its functioning in detail with Bob. Bob tells you that the server will be hosted at the bank’s location since the other servers are presently supporting their Microsoft Windows-based LAN. The Web application will run on any of the popular open source servers. Knowing your background, Bob is very excited to learn Linux and use this learning to make the Web application more effective and less vulnerable. Bob shares the following server requirements...
Words: 967 - Pages: 4
...it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no attackers can penetrate your web application before the Web App goes live. It is critical to perform a penetration test on a Web application because the Web application is running on an Application Server or a Web Server, if an attacker is able to access the application code for how the database is called, it may be able to retrieve information about the database (name, attributes, IP address, etc.) and or access the Web Server and attempt a DoS attack. If a Web form cannot handle the unexpected data and fails to return the expected outcome. You have uncovered a vulnerability in this form; penetration testing in this area help IT security identify the vulnerabilities a Web Application may have. 2. What is a cross-site scripting attack? The goal of an XSS attack is see if the Web Application allows the attacker to have administrative read/write access to the functionality of the Web Application. This attack is a type of computer security vulnerability typically found inweb applications that enables attacks to inject client-side script into web pages viewed and accessed by other users. 3. What is a reflective cross-site scripting attack? If the attacker can type a script in a text field and the script alters or creates a pop-up display, the attacker can use these windows to navigate users off the Web Application pages and to constructed pages with...
Words: 849 - Pages: 4
...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN Contents Course........................................................................................................ Error! Bookmark not defined. Introduction ............................................................................................................................................ 3 Abstract .................................................................................................................................................. 4 Company Background.............................................................................................................................. 4 Software Weaknesses and Recommendations......................................................................................... 5 Hardware Weaknesses and Recommendations........................................................................................ 6 Network Security flaws and Recommendations ....................................................................................... 7 REFERENCES:........................................................................................................................................... 7 Introduction A company that deals with making web site and web business solutions is known as Quality web design. The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting...
Words: 1406 - Pages: 6
...APPROVED FOR THE UNIVERSITY Associate Dean Office of Graduate Studies and Research Date iii ABSTRACT INTRUSION DETECTION AND PREVENTION SYSTEM: CGI ATTACKS by Tejinder Aulakh Over the past decade, the popularity of the Internet has been on the rise. The Internet is being used by its clients to access both static and dynamic data residing on remote servers. In the client-server interaction, the client asks the server to provide information, and, in addition, the server may also request that clients provide information such as in “web forms.” Therefore, the Internet is being used for many different purposes which also include the web servers collecting the information from the clients. Consequently, attacks on the web servers have been increasing over the years. Due to the fact that web servers are now able to produce dynamic web pages based on the received requests, the web servers are now more vulnerable to attack than ever before. One of the ways to produce the dynamic web page is Common Gateway Interface (CGI) technology. Attackers take the advantage of CGI scripts to perform an attack by sending illegitimate inputs to the web server. This report includes the findings and the results of...
Words: 7097 - Pages: 29
...EC-Council Press | The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certified information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certification and education. EC-Council certifications are viewed as the essential certifications needed where standard configuration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification...
Words: 61838 - Pages: 248
...Section A User Credentials are commonly used to authenticate and identify users when logging onto an application. When user credentials are obtained by unauthorised users, it ultimately results in user information being intercepted. Protecting user credentials from unauthorised users is an imperative task. This response (to EY Certificate 6 Assignment – Section A) will discuss how to protect passwords/user credentials. Protecting user credentials as well as user information brings into play all relevant security models. I have created my security model into the following: Process Physical Network Application Database Process The process layer defines the overall setup of the security architecture. It indicates how the security structure should be laid out. For...
Words: 2321 - Pages: 10
...Lab #8 – Assessment Worksheet Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using...
Words: 442 - Pages: 2
...extensive experience working with PeopleSoft (PIA) Administration for over the last 7 years. Demonstrated strong Technical and Problem Management skills. PeopleSoft Administrator, Oracle Database, LINUX, UNIX skills have enabled me to perform multiple installations, upgrades, performance tuning, and troubleshooting the infrastructure components required to establish and maintain the PeopleSoft PIA Architecture. PeopleSoft Server Administration – Installed and configured PeopleTools, File Server, Application Server, Process Scheduler Server, Tuxedo, WebLogic Web Server, PeopleSoft Internet Architecture (PIA) and Report Distribution, Load Balancing, Failover, Integration Broker, Single Signon, LDAP, Environment Management Framework, PeopleSoft Application Security Administration, Disaster Recovery, Business Continuity Planning for various PeopleSoft Oracle Database Instances. Expertise in performing routine maintenance activities - Environment Refreshes, PS Project Migration, File Object Migration, Performance Tuning of Web Server, Application Server, Tuxedo, Process Scheduler Server and Database, PeopleSoft Application Security. Successfully applied PeopleTools Product Patches, Application Patches, Bundles, Maintenance Packs, and PeopleTools Upgrades. Trouble shoot problems related to Server Components and Failed Process or Jobs, Performance Tuning, Turning on Traces, Working closely with Developers, QA Team and End users. Worked on distributed, large-scale and high availability...
Words: 1065 - Pages: 5
...SECURITY WEAKNESSES FOR QUALITY WEB DESIGN INTRODUCTION 3 ABSTRACT 3 COMPANY BACKGROUND 3 SOFTWARE WEAKNESSES 4 EMAIL SERVER WEAKNESSES 4 SOLUTION 4 DATABASE WEAKNESS 5 SOLUTION 5 HARDWARE RELATED WEAKNESSES 6 HARDWARE WEAKNESSES 6 SOLUTION 6 HARDWARE POLICY WEAKNESSES 6 SOLUTION 7 REFERENCES: 8 INTRODUCTION A company that deals with making web site and web business solutions is known as Quality Web Design (QWD). The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. ABSTRACT QWD provides business solutions via Internet to its customers. The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, upgrade whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and the network design. They provide the support to the companies by providing web solutions so that they can spread their business through internet. The company processes also include...
Words: 1442 - Pages: 6
...CSS330-1502A-01 Database Security Individual Project Key Assignment Chris Pangburn 27 April, 2015 Table of Contents Week 1: Database Security Architecture 4 Differentiate between a Database Management System and a database 4 Network Infrastructure for the best security posture 4 Additional Security mechanisms to protect the Database Server 6 Week 2: User Account Security 7 Creating Schemas 7 Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists 7 Creating Views 10 Week 3: Database Vulnerabilities 11 Description of tools used to perform scans 11 Scan Information 11 False Positive Information 12 Discuss SQL injection attack 12 Week 4: Auditing Techniques 14 Security hardened network design 14 Research of auditing features 14 Description of a trigger 14 Implementation of auditing 14 Week 5: Auditing Policies 15 Write SQL 15 Report based on access 15 Report based on system privileged 15 Audit report showing connection details 15 Report showing object access 15 References 16 Week 1: Database Security Architecture Differentiate between a Database Management System and a database Databases at their essence are nothing more than a collection of organized information (Mullins, 2013). A database can contain stored procedures, tables, fields, indexes, functions, views, security, and many other objects. Relationships between the data can be created which brings more meaning to how the data can be...
Words: 1807 - Pages: 8
...The World Wide Web provides a new paradigm in computer networking for human communication, which had an impact on the delivery of information and continues to stand in rapid developments. The word Web Technology represents a discontinuity in the way applications are connected. Using the Web Technology as the basis for an application brings substantial advantages to the adopter. This report focuses on 2-tier architecture and mainly on the 3-tier architecture, which is the present web technology. This report will also review the client-side scripting and the server-side scripting. TABLE OF CONTENTS EXECUTIVE SUMMARY 2 1. Introduction 3 2. Need for technology 4 3. Terminology 5 4. 2-Tier Architecture 5 5. 3-Tier Architecture 7 6. Client Server Architecture 10 7. Conclusion 12 REFERENCES 13 1. INTRODUCTION Web sites have quickly evolved from simple, static pages to complex Web applications performing critical operations for many businesses. These applications involve dynamic data from multiple sources; ever changing and various features for e-commerce, personalization and many more. At the same time, customers and internal users have understandably come to expect and demand more and more sophistication in the Web-based applications they use every day. The result? Web application solution providers — and their client companies — face several new challenges. They must meet or exceed...
Words: 2397 - Pages: 10
...requirements for writing SQL server audits to Windows Security Log x American Military University ISSC 431 Professor Christopher Weppler 20 April 2016 Security audits are is a report that identifies and brings about weaknesses of an organization. Security audits allow companied to focus on items that they have to improve on. There are multiple types of security audits: informal audits, formal audits, internal audits, external audits and automated audits (Basta, 2011). Therefore the goal of an audit is to provide accurate view of the organizations internal security controls in order to improve the organization’s security plan. When an audit is first being conducted it needs to be first planned out and everyone needs to prepare for it. In the planning phase, the audit scope is determined. The systems, departments and items that are being audited are determined (Basta, 2011). Some examples of items that get audited are the web server management, e-mail server management, file server administration, web applications, server security, databases and many other components. Some vendors contain their own unique automatic tools in order to help the auditing go a little smoother, such as logging user and database activity. In Microsoft SQL server allows the function to track the logging activities throughout all levels of the database. In order to create audits in Microsoft SQL server the administrator must...
Words: 356 - Pages: 2
