IS 3440 – Linux Security task 1
First World Savings and Loan is a financial institution that has card transactions and loan applications online. They are currently implementing an open source for infrastructure. That could save the company over $ 4,000,000 per year in fees due to licensing for software that is currently used. They will still comply with the SOX, PCI-DSS, and GLBA acts. They are processing an online credit card transactions and all regulations must be met by compliancy laws. All requirements that deal with security for SOX, PCI-DSS and GLBA can be used through Linux for the infrasture. Some source of software that will be used are the following: Web Server- Apache web filtering , Firewall , VPN, Samba SMTP, and mail server.
I would say that the company would be safe by using a “ defense in Depth” approach for the company. Multiple layers of access protection is needed due to credit card processes. There has to be an IDS/IPS for the firewall on the network. There will be a network firewall between the DMZ and the internal network for the company. The physical servers will be hosted at a third party location. They must have VPN access to these servers to manage them on a daily basis. To go along with the previously mentioned physical and software based security measures, we will also apply multiple policies to maintain this security. The acceptable use policy - This policy will describe how the companies IT assets should and