Coursework Essay Paper on Linux Servers

Linux Servers

Project 2 Task 1

First World Bank Savings should consider using a static programming language for its web applications and deactivate non-essential services from the server. The static programming will prevent the possibility of customers being able to manipulate data from their end while allowing for access of pdf files upon request. Telnet should also be deactivated as it sends unencrypted information which can easily be intercepted by unauthorized parties.

Linux contains IP chains which perform the functions or firewalls and can be used to prevent specific or all traffic from accessing the server and thus prevents hacking. By creation of rules, IP chains can allow only specific IP addresses to access the server which is necessary for administration of the local area network. By installation of a file hierarchy system, the organization can also decide who can access the information which can limit the information that clients can access and by giving each client their own address the data can safely be sent to their account only.

Project 2 Task 2

First World Banking services should ensure that the web applications are limited only to their essential services especially during the testing period or developing new applications. The web server provides information relating to the website while a database server stores the information. Clients therefore access their information on the web server which in turn uses the HTTP protocol to access information on the database sever. They should ensure that the web server and the database server are in separate locations so that even if the Web server’s security is compromised, the database remains secure and inaccessible.

 It is a common occurrence that when applications are in their development and testing stages they will not have the proper user verification processes in place and also do not handle exceptions set by the administrator well. The possibility of users to access the database server if it is in the same environment as the web server is therefore very high.If they cannot be on different servers then the drive used should be partitioned to have the logs and operating system separate from the web server.Remote access is often discouraged as it increases the probability of unauthorized parties gaining access however through the use of secure shell network (SSH) the administrators can access the servers remotely.

Project 2 task 3

By having a separate network/demilitarized zone from the internal network the organization can have a separate firewall installed that only protects the public side of the web servers.SSL will provide a secure connection with minimal administratoror end user interactions, and through the use of SSH the servers can then be accessed remotely by the bank.

SSH requires the user to first specify whether they are near or far. This is used for the server to determine settings based on whether the administrator is working at the server or a separate location.  The network will also request to add the host to a list of known hosts if it is not yet identified and a key will be generated for it and a passphrase will be required.TCP wrappers aid in server security by filtering those who have access to network protocols. A TCP wrapper uses an allow and deny file to determine whether access should be granted to the requesting host and it does not cache the rules of the files. A TCP wrapper has an all option to match all files from the daemon list and client list and a local option that only matches hosts that do not have a period. It also has a known option that matches any host where hostname and username are known, an unknown option that only matches when the username or the hostname is unknown and a paranoid option which matches the host when the host name does not match the user address.

It would not be recommended for the organization to deactivate SELinux as is commonly practiced when installing features as it detects rogue programs and prevents their activation. If it is deactivated then a system reboot will have to be performed and the network policy modified as SELinux determines which applications can be accessed and which users can access them.