Do you think the statement “If we adhere to our secure design principles, we will deliver secure code” is both necessary and sufficient?
PROG8270 Winter 2019 – Assignment 3
Recall our network environment:
Domain Controllers:
Primary A/D Domain Controller: Server 2016,
Backup Domain Controller: Windows server 2012 R2
Email:
Exchange 2013 CU20 running on Windows Server 2012R2 updated April 1/2018.
Web server:
Linux Ubuntu Server 16.04 LTS updated Aug 1/2018. Apache 2.4.34 is being used
Clients:
60 auto-updated (current to 1/1/2019) Windows 10 PRO (developers),
30 Windows 7 PRO, last updated 1-Sept-2018, running a stock/common configuration.
10 sys admins run Ubuntu 18 Desktop, patched to current, but use VMware Workstation 12 for their
sysadmin tasks. The virtual machines may include Windows 7 sp1, Windows 8, Windows 8.1, Server
2012, Server 2012R2, Server 2016, and Server 2019.
Border firewall:
hardened Linux:
o outbound: all TCP/UDP ports allowed,
o inbound: TCP80 to webserver, TCP443 to Exchange OWA, TCP25 to Exchange 2013 server.
Network:
There are no network access controls – all the computers are situated on a flat, Class-C network. The
Windows clients have default security settings.
100Mbit switched ethernet
Security Services:
There is no central SPAM server nor is there a centralized Anti-Virus system in place.
User accounts and restrictions:
All users are Domain users and each domain user is a local machine administrator on their primary
machine (but on no other).
All of the sys-admins know the domain Admin password and share access as required.
A simplified network diagram is shown:
This study source was downloaded by 100000816719754 from CourseHero.com on 03-11-2022 12:05:55 GMT -06:00
https://www.coursehero.com/file/52413454/PROG8270-Assignment-3docx/
https://www.coursehero.com/file/52413454/PROG8270-Assignment-3docx/
In the time since reviewing that last vulnerability, the organization has implemented some
changes to the network with the goal being improved security. The network now looks like this:
The network architects now have all the client machines browsing the Internet through a proxy
server (red arrow #4). They have also created 2 DMZ zones. When Internet users attempt to
browse to the webserver (red arrow #1), their network traffic passes through the border firewall
(as before). Should the Internet user initiate some type of dynamic web request (list or search
catalog, purchase, check open orders, etc.), the web server accesses the application and database
servers through the firewall (red arrow #2). Internal users, including database analysts, will
access both the application and database servers through the firewall (red arrow #3).
Now the system architects would like to add a web-based application to the Linux server (still
running Linux Ubuntu Server 16.04 LTS with Apache 2.4.34). The application is based on
phpBB version 2.0.19. The company plans to add TCP443 incoming (on a different external
address) to the existing TCP80 into the Linux server, terminating at this n
Why Choose Us
- 100% non-plagiarized Papers
- 24/7 /365 Service Available
- Affordable Prices
- Any Paper, Urgency, and Subject
- Will complete your papers in 6 hours
- On-time Delivery
- Money-back and Privacy guarantees
- Unlimited Amendments upon request
- Satisfaction guarantee
How it Works
- Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
- Fill in your paper’s requirements in the "PAPER DETAILS" section.
- Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
- Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
- From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.