When
correcting security issues in regards to a web server,
there are many parts to take into consideration. For example, access control methods, physical
access controls, risk assessment and even environmental controls, all of which I
will cover during this recommendation to assist resolving the security issues we have seen
recently.
First
off, we will discuss how to strengthen the current web access control method in
place. Each person who currently has
full admin access rights will be given two accounts, one of which for daily
work that does not require admin access and another specifically for tasks that
do require full admin access.
Secondly,
we need to take into consideration that physical access can be a problem, so we
will need to secure our physical access controls to the server itself. A web server hosted on a basic computer for
anyone to access is definitely no way to host a server. A dedicated web server which is stored in a
server room protected by a key card access panel would be efficiently secured
from possible physical access intrusions.
Thirdly,
risk assessment is far too real to ignore in today's world, so we will need to
consider the possibilities if something more were to happen. Create a plan to have a backup system in place,
evaluate our risks if the system were to go down, and how long it would take to
bring it back online.
Last
but not least, environmental controls may seem irrelevant but they are far from
that. If the server room is not properly
cooled it could quickly overheat and become damaged. Though we may have a proper system in place
we need to consider securing our HVAC and cooling system. Purchasing a large UPS system to keep the
server room cool in case of emergencies is the best option to protect the HVAC
system.
References
Dulaney, E., & Easttom, C. (2014). CompTIA
Security+ Study Guide, Sixth Edition. Indianapolis: John Wiley & Sons,.
Retail Pro.
(n.d.). Retrieved from http://www.retailpro.com/
Sales Force.
(2016). Retrieved from Salesforce.com
TripWire.
(2016). Retrieved from TripWire:
http://www.tripwire.com/it-security-software/scm/file-integrity-monitoring/
Wireless attacks and its types. (n.d.). Retrieved December 11, 2016, from Exam
Collection: http://www.examcollection.com/certification-training/security-plus-wireless-attacks-and-their-types.html
No comments:
Post a Comment