Securing a Cloud Server WAECS612

Assignment Title: Securing a Cloud Server

1. Assessment Requirements

Network security aims to ensure the confidentiality, integrity and availability of interconnected systems and information. Due to the wide-ranging environments and platforms that are in use, and the lack of security awareness by many users, network security is a complex task. This has resulted in a high level of data loss or theft amongst business users, particularly in relation to information stored on Web and cloud servers. This assignment allows you to build your knowledge and understanding of the theoretical and practical issues in Web applications security. In particular, you will demonstrate the threats to networked computers and ways in which these threats may be mitigated by the deployment of appropriate security countermeasures. To pass the coursework you must critically evaluate the security of a networked system and then make recommendations that would enable a server to be safely deployed in a DevOps environment. You will then implement the technical recommendations related to the servers operating system and demonstrate that the desired level of security has been achieved. This assignment builds on experience gained in lecture and lab sessions supported by your own research. This is an individual coursework.

Deliverables:

• A report of up to 4000 words written in a style suitable for Managers and Directors. The report will detail your work for the assignment as well as the evaluation of security, recommendations to enhance security, implementation of those recommendations, and a demonstration that the desired level of security has been achieved that would enable DevOps deployment.
  
  
  • You are required to meet the normal academic conventions of structure where necessary, i.e. appropriate use of references.
  
  
  • You are recommended to use headings and sub-headings to provide structure to your report.
  
  
  • As necessary there will be a suitable title page with your name, table of contents, introduction, key findings, as well as the main chapters.
  
  
  • The submitted file to Blackboard should follow the naming convention of WAECS Report Surname, i.e. WAECS Report Smith.docx.
  
  
  

2. Assessment Scenario

With the interconnected nature of technology today, securing our networked systems and data against attack is a major concern for organisations. Security assessments of our data, computers, applications and networks enable us to put in place technical countermeasures to mitigate attacks against those systems.

SoftCorp, a company providing management services to other companies, wishes to make use of the advantages that a move towards a DevOps environment would provide their business. SoftCorp has identified a key server that they wish to deploy to the Internet; a cloud server used for storing and accessing files by SoftCorp employees.

In preparation for this deployment, SoftCorp have tasked you with assessing the security of the server. SoftCorp are interested in knowing whether their system is open to compromise and if sensitive information can be stolen. They therefore require you to evaluate the security of this key system prior to deployment. As this is an assessment of their security, SoftCorp would like your recommendations on how security could be improved should any issues be found and in light of their desire to move to a DevOps environment. You are then tasked with implementing the technical security recommendations on the server. Finally, you will demonstrate that the desired level of security has been achieved. Due to concerns over employee privacy, OSInt is out of scope of the security assessment.

You will be provided with a cloud server virtual machine with the IP address 30.30.0.100. The network administrator account for the server has the username admin and password password123. The cloud file server administrator login is admin and password.

Your report should not exceed 4000 words. Details of all your work on the assignment should be included in the report and supported by screenshots where applicable. You are encouraged to link any references in the practical elements of the assignment to relevant academic literature and industry standards. Particular care should be made to ensure that the report contains correct references to all cited work in an appropriate style, for example, the Harvard Referencing System. You should submit your report to Turnitin and the Blackboard submission point before the assignment deadline.

3. Further Information

The coursework involves a security assessment of a SoftCorp networked system. You will need to identify and utilise various tools and techniques to provide a complete assessment and remediation of the servers security.

The recommendations should take into account both the technical issues surrounding the server that you are assessing as well as addressing the environment to which it will be deployed.

You will write a report detailing your security assessment and details of how you secured the server ready for deployment. This work should be evidenced in the report.

The report should be aimed at management and director level and should be written in a professional manner.

The aim of the assignment is to provide a complete assessment of the security of the cloud server prior to deployment in a DevOps environment. If no results are found to any tests, that is still a result and should be discussed in the report.

4. Assessment Criteria

The breakdown of the assessment criteria is as follows: