With the given situation that has been presented in this week’s discussion, the first thing you will want to look at is the placement of the initial server(s). If the server is going to be placed within the bank itself, as the LAN is presently, what kind of physical security will be used? Limiting unauthorized access to this data and information stored on these servers is very important as the risk of PII and Bank proprietary information being used is protected constantly. How will the server be accessed and who will be monitoring the access to the designated server. The next thing to take a look at will be what kind of operating system will be run on the server and what levels of security are available in the server OS to ensure security of the designated servers for the application.
Next item that needs to be addressed is the understanding of the network topology, since we are going to be working with an application that gives access to information that is not for general viewing. Placement of the servers and minimizing the Public side of the application network (the internet) is another security concern, this means not placing the complete database outside of the intranet and in direct contact with the internet. Placement of servers in a DMZ that limits information that is available to the public side will greatly improve the protection of PII and keeping the security of PII, Proprietary information, and other sensitive information secure. Finally, hacking is also another high risk concern that this assessment needs to be taken into consideration before implementing this network installation. There are various attacks that can be performed on these servers and the application itself. For example, the SMTP server could be vulnerable to injection attacks. I would recommend hiring a group of white hat hacking to perform a series of penetration testing to