Assignment 5.1 Availability and Redundancy Security Reflection - Zacham17/my-tech-journal GitHub Wiki
This page identifies issues in the current environment for SEC440 and outlines potential solutions.
Issue 1: Both of the web servers being used are operating on http port 80. This is an issue because HTTP doesn’t use encryption for communication.
Solution: This issue can be resolved by switching the port used by the web servers from port 80 to port 443. This will change the protocol used from HTTP to HTTPS, which is more secure. HTTPS include encryption and verification, where HTTP does not.
Issue 2: Firewall zones and rules are not configured on the Vyos routers. Since there are no configured firewall zones or rules on the vyos servers, unwanted connections may be allowed to reach certain devices.
Solution: This issue can be resolved by creating firewall rules on the vyos routers. This will allow the vyos routers to be configured to allow and deny certain connections. This will secure the system by protecting systems from unwanted connections. Additionally, NAT rules can be used for forwarding to make sure connections are sent to the correct locations.
Issue 3: SSH Connections are allowed from the WAN network to the web servers and to the OPT network. Allowing SSH connections directly from the WAN to the Web Servers creates a security risk, granting the opportunity for users on the internet to access the web server if they manage to retrieve a username and password.
Solution: This issue can be resolved by disallowing SSH connections from the WAN to the web servers and from the WAN to the OPT network. Having SSH allowed from the WAN to the internal network can be a large security risk, especially if any of the systems are using weak credentials. This is why SSH should be disabled from the WAN to the internal network. Alternatively, if SSH access from the WAN is necessary, security measures can be put into place, such as disabling root user login over SSH, limiting login attempts, and blocking users with blank passwords.