Course Project: Security Assessment Recommendations
Vincent Hill
DeVry University Keller Graduate School
Principles of Information Security and Privacy
SE571
Professor Krell
April 15, 2012

Course Project: Security Assessment Recommendations

INTRODUCTION

An organization that specializes in making web site and providing web business solutions is known as Quality web design is. The company’s goal is to help its customers increase consumer generated revenue to Quality Web Design customer web sites. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. Quality Web Design should be made aware of various security issues, even those that are not common. Identified are two of the potential security weaknesses that require improvement, and the possible remedies for each threat.
The company Quality Web Design provides business solutions to the customers... The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, up gradation whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and the network design they provide the support to the companies by providing web solutions so that they can spread their business through internet. The company processes also include accounting, payroll marketing. The paper will contain the solution to all the mentioned problems that may occur due to the weaknesses.

The business solutions provided by quality web design helps their customers to generate increase revenue. The company also have accounting, payroll marketing, also parts of the business process and for which it assets are employed. For providing the business solution and to support the business process on going in the company, the company has employed many hardware and software and assets. Since the main part of business process include web development and for which the company have a database of over 250,000 images and graphical designs which have to be maintained and secured so for this need the company uses the Microsoft Visual Studio Team Foundation Service (TFS) server that comes with 1 web server, 1 application server and 1 database code repository. The first problem that is accompanied in using the Microsoft Visual Studio Team Foundation Service (TFS) is that there is not the facility to check the time that is spent on a project. Even the company is using the best assets, hardware, and software for the business process but even though there exists various security, hardware, and software weaknesses. These weaknesses are discussed in this write up and also discussed are the solutions that are recommended.

SOFTWARE WEAKNESSES AND RECOMENDATIONS
WEAKNESS:
The Email system used by the company is Microsoft Exchange 2007 email servers that include hub transport servers, 1 mailbox servers and 2 client accesses. The current email system is very strong; however there are some weaknesses that are associated with it. The first deficiency is the system is not able to support virtualization, secondly only a 64 bit windows platform is supported and upgrading is not an option.

SOLUTION: In order to resolve these problems I will suggest IBM mail servers which have all of these features. The company can face huge complications if a new version is released. The upgrade of the software will increase the company’s expenditures. The average size of your mail file impacts how many resources your DPARs need to support your user population. The larger the average mail size, the more resources it takes your DPARs to process tasks. The Router task uses more resources to deliver these messages to other servers, and the Server/HTTP tasks use more resources to deliver these messages to your clients. A user population that sends large mail messages or messages with large attachments is more costly to support than the same population sending smaller messages. Obviously, the more messages that a user community sends the more resources that are needed to support it (IBM)
When you use your email program to check for received mail it will log on to the received mail server usually using the POP3 protocol. The POP server will have an address which can be the same as the domain of the email address such as IBM.net or may be different such as pop.IBM.net. This POP server address must be specified when the mail program is configured. The POP server also requires a password which you can permanently set into your email program or require that you enter the password every time you check mail if others have access to your computer. Some email programs can be configured to automatically check mail every so many minutes and beep if you have new mail. The POP server will return mail to sender if there is no such person (Joe6712 doesn't exist at foo.com). A more modern server protocol known as IMAP is beginning to be used by some ISPs. The standard POP3 system transmits passwords as plain text allowing the possibility that account information could be stolen. Azinet.com states that many systems are now using encrypted communications between user and incoming (POP3) email server to avoid this. Setting up the encryption is an extra step at the user's client software. You can configure your email program to leave mail on the server even after your email program has downloaded it to your computer or to delete mail that has been downloaded. This is handy if you are checking mail from home but want to keep copies of all received mail on your office computer (azinet.com) WEAKNESS: The company uses Microsoft share point as a web server for department document and web sites. The disadvantage in using the Microsoft share point is that it does not provide the document level options like redaction and the document mark ups. SharePoint does not provide this functionality as it relies on its Microsoft Office suite for document manipulation. The other drawback is the lack in providing customization

SOLUTION:
This problem can be solved with implementing various DMS/CMS servers with that of Share

Point. A Content Management System is software that keeps track of every piece of content on your Web site from text, to images, music, video and documents. A major advantage of using a CMS is that it requires minimal technical skill to manage. Users can login and collaboratively create, edit, review, index, search, publish and archive various kinds of media and documents. MLD uses 'Joomla' CMS templates for developing corporate websites, portals, e-commerce sites, not profit and small business websites. A document management system (DMS) is a computer systems used to track and store electronic documents and/or images of paper documents. It is usually also capable of keeping track of the different versions modified by different users. The recommendation for the lack of customization, I suggest usingWSS and MOSS architecture.
With MOSS, it is mandatory to have a Shared Service Provider. This is a collection of application servers that provide shared services out to any portals or sites that need them. These services include:
• Search
• Index
• Audience compilation
• User profiles database
• My Sites
• Business Data Catalogue
• Excel Services Microsoft Office SharePoint Server 2007 can, working with other components of the Microsoft Office 2007 suite of applications, provide the functionality and benefits described previously. However, the amount of functionality derived from an MOSS installation depends on the features implemented and activated, as well as whether or not the MOSS environment is used to extend other building blocks, such as WSS and SQL Server. Figure 1 illustrates the structure of a complete MOSS environment. MOSS provides much of the functionality, but that functionality can be enhanced by the inclusion of other extended capability systems (SUDEV)
MOSS 2007 supports other server-based applications and services with a set of common administrative services, as shown in Figure 2. The primary elements in the common group of services are (as shown in Figure 2, left to right):

References

Andy Nolet, B. F. (2006, June 27). Sizing your IBM Lotus Domino mail servers. Retrieved from www.IBM.Com: http://www.ibm.com/developerworks/lotus/library/domino-mail-sizing/
Ghandi, S. (2008, October 16). THE MOSS ARCHITECTURE . Retrieved from www.Sudev.Info: http://blog.sudev.info/2008/10/mossarchitecture.html
Kearn, M. (2006, June 6). MOSS Architecture and Shared Services. Retrieved from msdn.com: http://blogs.msdn.com/b/martinkearn/archive/2006/06/06/619251.aspx
Unknown. (1998). How To Set Up Email. Retrieved from Azinet.Com: http://www.azinet.com/azinet/mailinfo.htm