- #1
danishjii
- 2
- 0
well guys i need ur help, my coursework is out now n i don't know wat to do ... its lil bit difficult or maybe i can't understand it... the coursework is given below
Scenario
A medium-sized manufacturer of component parts for an industry takes forward orders by means of a Web application running on a Linux server and open to the Internet. The application interacts with a MySQL database running on another Linux server. Both machines are dedicated to this specific application.
The company’s clients are large manufacturing/assembly operations, based in a variety of countries. The database holds information regarding the company’s products and the options available for each, together with stock availability or current lead times to delivery if the product must be custom made. The industry is intensely competitive on an international level so that it would severely harm the company’s reputation if information on its relationships with one customer somehow were to be made available to others. Attempts at industrial espionage are a real threat.
As well as allowing for interaction with clients – providing information on products and taking orders – the application must interact with other company information systems, such as those servicing Operations, Accounts and Sales. Typically, these are delivered to Windows workstations administered as constituents of Windows Server 2003 domains.
Detailed Specification
You are to produce a brief that details a design for configuration of the two Linux servers and the Web and database application servers that they host that would ensure the required level of security for data flows for this case study. The brief should be sufficiently detailed so that systems engineers and software contractors would be in no doubt at all as to the requirements. Amongst other things you may wish to pay particular attention to the following:
• The likely nature of the data flows from customer to application and the requirement for restricted internal access to it.
• The necessity to create and maintain users and groups on both servers that would allow sufficient flexibility for new customers and/or changes of internal personnel conveniently to be added by lesser skilled sysadmins without compromising security.
• Detailed procedures for authentication, authorisation and access control, on both Linux servers.
• The advisability of, and methodology for, encryption of data in transit and for storage.
• Practical procedures for restoration in the event of a system failure.
• Basic audit procedures to detect possible attempts at system compromise.
• The implementation of an appropriate security and maintenance management policy.
waiting for ur replies... can u tell me in detail if u understand it
Scenario
A medium-sized manufacturer of component parts for an industry takes forward orders by means of a Web application running on a Linux server and open to the Internet. The application interacts with a MySQL database running on another Linux server. Both machines are dedicated to this specific application.
The company’s clients are large manufacturing/assembly operations, based in a variety of countries. The database holds information regarding the company’s products and the options available for each, together with stock availability or current lead times to delivery if the product must be custom made. The industry is intensely competitive on an international level so that it would severely harm the company’s reputation if information on its relationships with one customer somehow were to be made available to others. Attempts at industrial espionage are a real threat.
As well as allowing for interaction with clients – providing information on products and taking orders – the application must interact with other company information systems, such as those servicing Operations, Accounts and Sales. Typically, these are delivered to Windows workstations administered as constituents of Windows Server 2003 domains.
Detailed Specification
You are to produce a brief that details a design for configuration of the two Linux servers and the Web and database application servers that they host that would ensure the required level of security for data flows for this case study. The brief should be sufficiently detailed so that systems engineers and software contractors would be in no doubt at all as to the requirements. Amongst other things you may wish to pay particular attention to the following:
• The likely nature of the data flows from customer to application and the requirement for restricted internal access to it.
• The necessity to create and maintain users and groups on both servers that would allow sufficient flexibility for new customers and/or changes of internal personnel conveniently to be added by lesser skilled sysadmins without compromising security.
• Detailed procedures for authentication, authorisation and access control, on both Linux servers.
• The advisability of, and methodology for, encryption of data in transit and for storage.
• Practical procedures for restoration in the event of a system failure.
• Basic audit procedures to detect possible attempts at system compromise.
• The implementation of an appropriate security and maintenance management policy.
waiting for ur replies... can u tell me in detail if u understand it