Is3440 Project Part 1 Essay

First World savings and hold back is a financial institution that subprogrames credit card legal proceeding and loan applications online. We are onwards long considering implementing an open air reference book infrastructure. This could potenti everyy drive main office us over $4,000,000 per year in licensing fees for the software product program we are currently using. However, due to our business essentials we must(prenominal) still comply with the Sarbanes-Oxley conduct (SOX), Payment Card Industry selective information Security Standard (PCI-DSS), and the Gramm-L individuall(a)y-Bliley work egress (GLBA). We must comply with SOX, beca map we are a publicly-traded financial institution PCI-DSS, beca character we process online credit card transactions and GLBA, because we are a financial institution. whole of the regulations of these three compliancy laws must be met, while still maintaining the Confidentiality, Integrity, and approachibility (CIA) triad.All warranter requirements for SOX, PCI-DSS, and GLBA bottom of the inning be achieved using Linux and open fountain infrastructure. Some examples of open author software that we might use are Web Server Apache Web Filtering DansGuardian mesh Firewall Turtle Firewall VPN Endian Firewall Community IDS/IPS genus Suricata entropybase MySQL File Server obechi SMTP Server hMailServer I would recommend that we use a Defense in Depth strategy, having nonuple layers of main course protection. We unavoidableness to get hold of an IDS/IPS on both sides of our edge firewall. The inside IDS/IPS leave al unity be used as additional protection for our network and the outside IDS/IPS allow serve as an early warning system from attacks. We result similarly use the outside IDS/IPS for additional protection and to monitor what types of attacks are occurring. Our blade innkeeper and mail server should be neckly separated from the informality of our network in a de-militarized zon e (DMZ). We hire to have a network firewall between our DMZ and our internal network, between the outside creative activity and our internal network, and between our DMZ and the outside world. There should likewise be a local firewall enabled on each local machine. Also, since our physical servers testament be hosted at a third ships company location, we must have VPN access to these servers to manage them. All private information pull up stakes need to be encrypted, as healthy as all entropy transitions. To go along with the previously mentioned physical and software based warrantor measures, we will excessively apply eightfold policies to maintain this security.Acceptable Useinsurance This policy will describe how the companies IT assets should and can be used. As well as what is non acceptable to do on company assets. cry Policy This policy will explain what parameters a discussion must meet to be accepted. For example a password must be at to the lowest degre e 15 characters long have at least(prenominal) on capital letter, have at least one dismantle sideslip letter, have at least one enactment, and have at least on symbol. Privacy Policy This policy describes what information must remain confidential. Training employees on the proper way to use (and how not to use) company assets is a major key to ensuring the CIA triad remains built-in and our network secure. In this part of the executive summary, I am breathing out to be explaining, and making recommendations on what the vanquish options are for the open source software that is needed for the focussing of the First World Savings and Loan financial institutes various web and application servers. For each of the servers, I recommend using the Red put on endeavour Linux operate system for a number of reasons.The main ones being that it is one of the much or less secure, Its plunk fored by historic period of technical support, Its back up by a vast number of antithetica l hardware, and It is one of the roughly, if not the most, popular and used server OSs that one can get to twenty-four hour period. I would rather go with software that has been vigorously tested to its breaking express and still remains at the line of longitude tier of server software options thats readily available to twenty-four hours, than one that has right come out with all of the bells and whistles. So on that note, lets get started on what I recommend to be the best of the best in scathe of specific software and service needs. There are numerous broad open source software solutions for database servers, like, H2, HyperSQL, MySQL, mysql, Oracle, and PostgreSQL, just to name a few. They all offer top laissez passer functionality, performance, scalability, and security. As far as which one is the best, I recommend PostgreSQL. PostgreSQL is an object-relational Database software solution that offers some of the most feature prolific options as compared to the bigger comme rcial manucircumstanceurers like Oracle, IBM, Sybase and Informix, and the best part of it, its free. Its also one of the first database software that was released, and it has a turn up track record with over 23 years of active information. It was created back in 1989.The unaccompanied other DB software that came out before it is Oracle, which was created back in 1979. straight off PostgreSQL might not be the fastest, scarcely It more than makes up for it with its functionality. It allows the use of twodifferent types of interfaces, a graphical user interface (for those who like the point-click style) and a SQL. It works on most OSs like windows, Linux, Mac, Unix, etc. It has a vast array of services and tools that is included to streamline the formation of the Database. present are just some examples Full ACID (Atomicity, Consistency, Isolation, & Durability) compliancy, commercial & noncommercial support, triggers support, user defined data type support, stored procedure s upport, online backup, multiple index type input support, embedded access controls, encryption, etc. Here is a comparison of the top DB software available I got from the unbiased, data-driven comparison website www.findthebest.com/database-management-sytems -SpecificationsProduct MySQL Oracle PostgreSQL Architecture relational Model Relational Model Object-relational Model Software License * GPL * PostgreSQL * branded * GPL * PostgreSQL * Proprietary * GPL * PostgreSQL * Proprietary Operating System * Windows * Mac OS X * Linux * UNIX * z/OS * BSD * Symbian * AmigaOS * Windows * Mac OS X * Linux * UNIX * z/OS * BSD * Symbian * AmigaOS * Windows * Mac OS X * Linux * UNIX * z/OS * BSD * Symbian * AmigaOS Demo? Interface * graphical user interface * SQL * GUI * SQL * GUI * SQL Website MySQL (mysql.com) Oracle (oracle.com) PostgreSQL (postgresql.org) First Public Release Year 1995 1979 1989 Lastest persistent Version 5.5.19 11g Release 2 9.1.3 --PricePr ice $0 $180 $0 Purchase Page MySQL (https) Oracle (https) --General FeaturesFeatures * ACID * backup * Custom Functions * Database Imports * merchandise Data * Extensibility * High accessibility * Highly ascendable * Import Data *Java fight down * Multi-Core Support * See more * ACID * Backup * Custom Functions * Database Imports * Export Data * Extensibility * High Availability * Highly Scalable * Import Data * Java Support * Multi-Core Support * See more * ACID * Backup * Custom Functions * Database Imports * Export Data * Extensibility * High Availability * Highly Scalable * Import Data * Java Support * Multi-Core Support * See more Indexes * electronic image * Expression * Full-text * trap * GiST * haschisch * Partial * R-/R+ channelise * Reverse * Bitmap * Expression * Full-text * GIN * GiST * Hash * Partial * R-/R+ Tree * Reverse * Bitmap * Expression * Full-text * GIN * GiST * Hash * Partial * R-/R+ Tree * Reverse Database Capabilities * Blobs and Clob s * Common hedge Expressions * Except * national Joins * Inner Selects * thwart * Merge Joins * Outer Joins * analog Query * Union * Windowing Functions * Blobs and Clobs * Common dishearten Expressions * Except * Inner Joins * Inner Selects * Intersect * Merge Joins * Outer Joins * Parallel Query * Union * Windowing Functions * Blobs and Clobs * Common Table Expressions * Except * Inner Joins * Inner Selects * Intersect * Merge Joins * Outer Joins * Parallel Query * Union * Windowing Functions separate * Composite (Range + Hash) * Hash * contention * indwelling Replication API * Range * hindquarters * Composite (Range + Hash) * Hash * List * Native Replication API * Range * night * Composite (Range + Hash) * Hash * List * Native Replication API * Range * rear accession Control * Audit * Brute-force Protection * Enterprise Directory Compatibility * Native Network Encryption * Password Complexity Rules * Patch Access * alter subjective terminus ad quem * Run Unpr ivileged * Security Certification * Audit * Brute-force Protection * Enterprise Directory Compatibility * Native Network Encryption * Password Complexity Rules * Patch Access * Resource Limit * Run Unprivileged * Security Certification * Audit * Brute-force Protection * Enterprise Directory Compatibility * Native Network Encryption * Password Complexity Rules * Patch Access * Resource Limit * Run Unprivileged * Security Certification Tables and Views * Materialized Views * Temporary Table * Materialized Views * Temporary Table * Materialized Views * Temporary Table Other Objects * cursor * Data Domain * External Routine * Function * purpose * move * Cursor * Data Domain * External Routine * Function * Procedure * Trigger * Cursor * Data Domain * External Routine * Function * Procedure * Trigger Support Features * email * FAQ * Forums * Live chat * MailingList * On-site * Phone * Tips and hints * ashen papers * Email * FAQ * Forums * Live chat * Mailing List * On-sit e * Phone * Tips and hints * White papers * Email * FAQ * Forums * Live chat * Mailing List * On-site * Phone * Tips and hints * White papers --Product DescriptionProduct Description MySQL is a relational database management system (RDBMS) that runs as a server providing multi-user access to a number of databases. MySQL is officially pronounced /maskjul/ (My S-Q-L), but is often also pronounced /masikwl/ (My Sequel). It is named for real developer Michael Wideniuss daughter My. Oracle Database 11g Release 2 provides the foundation for IT to successfully deliver more information with higher quality of service, reduce the happen of win over within IT, and make more efficient use of their IT budgets. By deploying Oracle Database 11g Release 2 as their data management foundation, organizations can utilize the full power of the worlds lead database to wince server be by a factor of 5 subdue storage requirements by a factor of 12 Improve relegation critical systems performance by a factor of 10 plus DBA productivity by a factor of 2 Eliminate fresh redundancy in the data center, and Simplify their overall IT software portfolio. PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strengthened study for reliability, data integrity, and jellness. It runs on all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS X, Solaris, Tru64), and Windows. It is fully ACID compliant, has full support for foreign keys, joins, views, triggers, and stored procedures (in multiple languages). It includes most SQL2008 data types, including INTEGER, NUMERIC, BOOLEAN, burn, VARCHAR, era, INTERVAL, and TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video. It has native programming interfaces for C/C++, Java, .Net, Perl, Python, Ruby, Tcl, ODBC, among others, and exceptional documenta tion. --Contact InformationContact bring together MySQL (mysql.com) Oracle (oracle.com) PostgreSQL (postgresql.org) Phone 1 (866) 221-0634 1 (800) 392-2999 --LimitsMax Blob/Clob size of it 4 GB Unlimited 1 GB (text, bytea) stored inline or 2 GB (stored in pg_largeobject) Max CHAR surface 64 KB (text) 4000 B 1 GB Max Column Name surface 64 30 63 Max Columns per Row 4096 1000 250-1600 depending on type Max DATE Value 9999 9999 5874897 Max DB Size Unlimited Unlimited Unlimited Max round Size 64 bits 126 bits Unlimited Max Row Size 64 KB 8KB 1.6 TB Max Table Size MyISAM storage limits 256TB Innodb storage limits 64TB 4 GB 32 TB Min DATE Value 1000 -4712 -4713 --Data sheathsType System * Dynamic * quiet * Dynamic * Static * Dynamic * Static Integer * BIGINT (64-bit) * INTEGER (32-bit) * MEDIUMINT (24-bit) * NUMBER * SMALLINT * SMALLINT (16-bit) * TINYINT (8-bit) * BIGINT (64-bit) * INTEGER (32-bit) * MEDIUMINT (24-bit) * NUMBER * SM ALLINT * SMALLINT (16-bit) * TINYINT (8-bit) * BIGINT (64-bit) * INTEGER (32-bit) * MEDIUMINT (24-bit) * NUMBER * SMALLINT * SMALLINT (16-bit) * TINYINT (8-bit) Floating Point * BINARY_ replicate * BINARY_FLOAT * DOUBLE (64-bit) * DOUBLE PRECISION * FLOAT * material * BINARY_DOUBLE * BINARY_FLOAT * DOUBLE (64-bit) * DOUBLE PRECISION * FLOAT * REAL * BINARY_DOUBLE * BINARY_FLOAT * DOUBLE (64-bit) * DOUBLE PRECISION * FLOAT * REAL Decimal * decimal fraction * NUMERIC * DECIMAL * NUMERIC * DECIMAL * NUMERIC String * CHAR * NCHAR * NVARCHAR * TEXT * VARCHAR * CHAR * NCHAR * NVARCHAR * TEXT * VARCHAR * CHAR * NCHAR * NVARCHAR * TEXT * VARCHAR Binary * BFILE * BINARY * BINARY blown-up OBJECT * BYTEA * LONGBLOB * LONG afflictive * MEDIUMBLOB * RAW * TINYBLOB * VARBINARY * BFILE * BINARY * BINARY LARGE OBJECT * BYTEA * LONGBLOB * LONGRAW * MEDIUMBLOB * RAW * TINYBLOB * VARBINARY * BFILE * BINARY * BINARY LARGE OBJECT * BYTEA * LONGBLOB * LONGRAW * MEDIUMBLOB * RAW* TINYBL OB * VARBINARY Date/ condemnation * DATE * DATETIME * TIME * TIMESTAMP * YEAR * DATE * DATETIME * TIME * TIMESTAMP * YEAR * DATE * DATETIME * TIME * TIMESTAMP * YEAR Boolean * BOOLEAN * secret * BOOLEAN * Unknown * BOOLEAN * Unknown Other * ARRAYS * AUDIO * BIT * CIDR * CIRCLE * DICOM * ENUM * GIS data types * IMAGE * INET * MACCADDR * See more * ARRAYS * AUDIO * BIT * CIDR * CIRCLE * DICOM * ENUM * GIS data types * IMAGE * INET * MACCADDR * See more * ARRAYS * AUDIO * BIT * CIDR * CIRCLE * DICOM * ENUM * GIS data types * IMAGE * INET * MACCADDR * See more I think its beautiful obvious that the data speaks for itself. You cant get any expose option unless you want to pay big money for these specific services. When it comes to deciding on which open source web server software to utilize, on that point are a lot of different options, such as, Apache, LightTPD, NGiNX, Boa, Cherokee, etc. The one that stands out the most is Apache. Apache is the most popular web server t o date. It is the leading web server that is used most over all others including open source and non-open source options, such as, Microsofts IIS, Googles proprietary customs servers, NGiNX, AOL, IBM, etc. according to the website www.makeuseof.com. Here is a graph table I found (its a little dated) to give you an ideaApache is the attraction because of its functionality, performance, price (its free), stability, and security. It has top notch cross-plat forming capabilities so it can be used on numerous operating systems like, Microsofts Windows platform, Linux and UNIX based platforms, mackintosh platforms, BSD platforms, IBM platforms, HP platforms, etc. It can basically run on just about all OS platforms. This is ideal in todays ever evolving business needs and requirements. Some of the best features that an Apache web server offers are as follows Basic access authentication & digest access authentication, SSL/TLS HTTPS, virtual hosting, CGI, FCGI, SCGI, Java, SSI, ISAPI, runs in user space versus kernel space, Administration console, and IPv4 & IPv6 addressing.Now these are just some of the feature sets that Apache uses. It helps that most, if not all, of these features are security based which is most important when dealing with IT in any scenery of todays business world and society itself. There are a lot of different options when it comes to file servers. Some examples are, FileZilla, Samba,HFS, TurnKey, Cerberus, VSFTPD, etc. As far as whats the best file server software options it boils down to the companys needs. I recommend using Samba or FileZilla for a number of reasons. Samba has over 20 years of development and FileZilla has over 10 years of development, They both offer amazing cross-plat forming capabilities on several different operating systems, They are both delightful easy to setup and administer, they both offer great security, and best of all they are free. This is extremely important for a modern business. Also the fact that they ar e free helps in cutting down company costs and drives up financial gains throughout the entire company.Plus, Samba speaks natively with Microsoft Windows machines and these are typically what most end users use for their operating systems. Now for the open source SMTP server software I recommend using iRedMail. iRedMail offers two different options, iRedMail (which is free) & iRedMailPro (which is a paid version for $299 per server per year) with amazing fully bring up features. The feature include blazing fast deployment (less than 1 minute), easy to use, security and stability, mind-blowing productivity (uses a very little resources to run), top notch support, absolute control over data (all personal data is stored on companys hard disk versus some third party storage medium), supports virtualization and non-virtualization software (VMware, Xen, VirtualBox, KVM, OpenVZ, etc. with i386 and x86/x64/ amd64 compatibility), low maintenance, unlimited accounts, stores mail in openLDAP, MySQL, and PostgreSQL, Service and access equipoiserictions, throttling, Anti-Spam & Anti-Virus by default, Webmail, backup support, and security (forced password change policy for every 90 days, uses SSL/TLS connections for sending and receiving mail, etc.). The support offered for iRedMail is among the best and in the business world, this is a must. The LDAP server I recommend is Red eyelid Directory Server because it offers some of the best features to date. Its also has some of the best support in the business. It has an amazing reputation as well. Here is a list of the features that it offers cost-savings, tremendous scalability (Allows 4-way multimaster replication of data across the entire enterprise while providing centralized, consistent data, and allows extranet applications), enhanced security (provides centralized, fine-grained access controls, and utilizes strong certificate-based authentication & encryption.), and amazing productivity (centralizes user identity and applications for ease of access for administration), you cant go wrong with using software from a nationally known and reputable company like Red Hat Linux.Each user will be put into groups this will be done to control access to the file system. Each user on the network will have to meet the standards below. Having each user in groups will help manage them, and what they have access and are allowed to do on the server. Each user will have their own partitioned / shoes directory to reduce impact of the file system. No user should be without a group, any users without groups will only have access to only their home directory. The following is the password policy they will be using drug user accountStandard usersRestrict reuse of passwords to once per 18 months set min day for password expire batch max day for password expire every 30 daysSet password complexity to require 1 capital letter, 1 lower case letter, 1 number, 1 symbol and must be at least 15 characters long Enforce passwor d policiesEnsure all users do not have access to sudo, or su rightsCreate groups for all users, and give them allow sups or admins to maintain rights to those groups, and allow them specific path use on sudo (only if needed). This will allow users to access the data they need to complete their jobs. Also with this password system in place, it will ensure they do not use simple passwords or recycle passwords too often. topnotch usersRights to manage groupsSpecific path use of sudoRestrict reuse of passwordsSet min day for password expireSet max day for password expireSet password complexityEnforce password policiesThese will help super users to manage groups and have access to the tools that they need. This also prevents the users from having too much access to the systems. This helps the admin manage groups by allowing them to moveusers into the correct group or give them access to specific files that they may need access to. Su will only be used by top level admins, and only if s omething is truly not working. Lower level admins will have sudo access to files they need to have access to. Users will only have read/write access to the files they need access to the rest will be read only access. Kernel will be locked down and will need admin permission to access. Passwd file will not be accessible by anyone other than top level admins Firewall and iptables will only be accessible by top level admins and super users. Configuring our network in this manner and applying these user access control permissions will cost less money and add a greater level of security. Using this Defense in Depth strategy, we will have multiple layers of security that an attacker will have to penetrate to break the CIA triad.