Project Part 1: Outline Security Policy
Cody Tidwell
Project Part 1 Task 1: Outline Security Policy
IS3440
Mr. Lyles
Project Part 1 Task 1: Outline Security Policy For the recommendations on the tiered architecture I suggest three-tier architecture. This architecture is the most common. It consists of three tiers; a presentation tier, a logic tier, and a data tier The presentation tier is the top most level of the application. It is the users interface. Its main function is to translate tasks and results to something the user can understand. The logic tier coordinates the application, processes commands, makes logical decisions and evaluations, and performs calculations. It also moves and processes data between the two surrounding layers. Finally
the data tier is where information is stored and retrieved from a data base or file system. The information is then passed back to the logic tier for processing the eventually back to the user. For starters on the basics for securing Linux we will be utilizing the iptables firewall and SELinux. Su –c ‘ service iptables start ‘ is the command that will turn on the iptables firewall to verify what run levels iptables is configured to run on user the chkconfig iptables - -list command. The C-I-A Triad specifies three goals of information security; confidentiality, integrity, and availability. Confidentiality is the principle that objects are not disclosed to unauthorized subjects; Integrity is the principle that objects retain their veracity and are intentionally modified by authorized subjects only; Availability is the principle that authorized subjects are granted timely access to objects with sufficient bandwidth to perform the desired interaction.
There are government regulations that must be followed when using the internet to conduct business either with credit cards (transactions), moving money throughout various accounts, or just allowing customers to view account information. There are auditing specifications that need to be met on a routine basis, as well as possible penalties for non-compliance (ex. monetary violations or jail-time). If there are any violations found by the company, it is best to follow the actions outlined by the government, make necessary changes to insure they don’t happen again, or any other needed actions (ex. Reporting them to the proper channels).
References
Crede Andreas (1997) ‘International Banking and the Internet’, Chapter 10, pgs. 271–305, in Mary Cronin (ed.) Banking and Finance on the Internet, New York and London: Van Nostrand Reinhold.
European Commission (2001) ‘Internet Banking in Europe’, pp 53-65 in SCN Education B.V. (eds) Electronic Banking, Braunschweig/Wiesbaden: Friedr. Vieweg & Sohn Verlagsgesellschaft mbH.
Ramirez, Ariel O. Three-Tier Architecture. N.p.: Linux Journal, 2000. Accessed July 1, 2000. http://www.linuxjournal.com/article/3508?page=0,0.
Project Part 1 Task 1: Outline Security Policy
IS3440
Mr. Lyles
Project Part 1 Task 1: Outline Security Policy For the recommendations on the tiered architecture I suggest three-tier architecture. This architecture is the most common. It consists of three tiers; a presentation tier, a logic tier, and a data tier The presentation tier is the top most level of the application. It is the users interface. Its main function is to translate tasks and results to something the user can understand. The logic tier coordinates the application, processes commands, makes logical decisions and evaluations, and performs calculations. It also moves and processes data between the two surrounding layers. Finally
the data tier is where information is stored and retrieved from a data base or file system. The information is then passed back to the logic tier for processing the eventually back to the user. For starters on the basics for securing Linux we will be utilizing the iptables firewall and SELinux. Su –c ‘ service iptables start ‘ is the command that will turn on the iptables firewall to verify what run levels iptables is configured to run on user the chkconfig iptables - -list command. The C-I-A Triad specifies three goals of information security; confidentiality, integrity, and availability. Confidentiality is the principle that objects are not disclosed to unauthorized subjects; Integrity is the principle that objects retain their veracity and are intentionally modified by authorized subjects only; Availability is the principle that authorized subjects are granted timely access to objects with sufficient bandwidth to perform the desired interaction.
There are government regulations that must be followed when using the internet to conduct business either with credit cards (transactions), moving money throughout various accounts, or just allowing customers to view account information. There are auditing specifications that need to be met on a routine basis, as well as possible penalties for non-compliance (ex. monetary violations or jail-time). If there are any violations found by the company, it is best to follow the actions outlined by the government, make necessary changes to insure they don’t happen again, or any other needed actions (ex. Reporting them to the proper channels).
References
Crede Andreas (1997) ‘International Banking and the Internet’, Chapter 10, pgs. 271–305, in Mary Cronin (ed.) Banking and Finance on the Internet, New York and London: Van Nostrand Reinhold.
European Commission (2001) ‘Internet Banking in Europe’, pp 53-65 in SCN Education B.V. (eds) Electronic Banking, Braunschweig/Wiesbaden: Friedr. Vieweg & Sohn Verlagsgesellschaft mbH.
Ramirez, Ariel O. Three-Tier Architecture. N.p.: Linux Journal, 2000. Accessed July 1, 2000. http://www.linuxjournal.com/article/3508?page=0,0.