Quality Web Design Security Case Study
Table of Contents
Executive Summary
Company Overview
Security Vulnerabilities
Web Application Exploits
Router vulnerability
Recommended Solutions
Microsoft TFS Server Protection
Threat Management Security
Budget
Summary
References
The purpose of this report is to identify security vulnerabilities in computer infrastructure, and offer controls to minimize these vulnerabilities. Quality Web Design (QWD) provides web site and web content design for many types of businesses. Due to the type of business model used, it is critical that operations are not interrupted or compromised. Two vulnerabilities that have been identified are in the design code for the web server, and in the routers communication between two or more networks. The proposed solutions to counter these vulnerabilities are to use Microsoft’s Team Foundation Server (TFS) software, configure the Juniper ISG 2000 router device, and put in place the Juniper Security Threat Response Manager device.
QWD provides over 250,000 proprietary images and designs that appeal to a broad range of customers through targeted demographic information. They have implemented key mission critical processes needed for its success. The first is a repository used to store templates and scripts used in its web design process. Each project is maintained by using Microsoft’s Visual Studio Team Foundation Service (TFS) server, which monitors the projects development lifecycle from inception to launch. QWD also has critical business processes for accounting, payroll and marketing operations. Each department is supported through the IT department where controls are used for accessing technology based data.
The TFS software server was designed using a three-tier architecture consisting of a client tier, application tier and a data tier (Wikimedia Foundation, Inc, 2010). The application tier works with the data tier to provide a repository for critical data needed for the design and functionality of QWDs clients. The application tier uses a web service which, like other web servers on the market contains software security vulnerabilities. These vulnerabilities can be found in the design, code, and documentation of the application, which allows for exploits in the web application (Microsoft, 2010). The threats involved on a web server are numerous and can be