Enterprise Server Security Proposal

Document Type:Thesis

Subject Area:Computer Security

Document 1

p. From history, we get to see that mainframe computers have been used as enterprise servers though it is in the recent that they have been referred to as enterprise servers. In their usage, an enterprise server is usually both its main software, computer hardware and the operating system at the same time. Enterprise servers that are currently in use are Wintel and UNIX- based servers. They are characterized to be faster and have wide enterprise management capabilities. Other examples include: systems of IBM’s iSeries, Upper end Windows 2000 systems, HP systems, Linux systems and UNIX based Solaris. Other companies define the term enterprise server as a super program which operates by the operating systems that is installed in the computer and services for the administrator of the system and for the application of business program and a server which is specialized more to run within the computer environment. Before realizing their usage, some of these servers were just known to operate within the computer’s operating system or sometimes they were thought to be part of the software packages that came. Originally, the common computers used to run normal programs or specialized applications. On the other hand, IBM remained to be the only server that was provided by the enterprise server. As time went by, the small “servers” became popular and their usage increased considerably. More businesses adopted them and the services which needed to be managed also increased simultaneously and came to be known as “the enterprise server”. Other servers which are specialized more are the database server, firewall server and the web server.

Sign up to view the full document!

Cyber security which is also known as computer security is the measures taken to protect computer systems from damage and theft to their software and hardware or information as well as misdirection or disruption towards the services provided by them. Cyber security is a complex entity which includes physical access control as well as protection from any harm that could be administered through code injection or network access. Also, there are various methods through which could be used to deviate from the normal security features and initiate a security breach whether intentionally or unintentionally. With the increase and growing reliance on computer systems, the threat to security of the data stored in the systems have to be addressed even more. Enterprise servers are important and are crucial for the operations of such companies.

Sign up to view the full document!

Therefore, their security has to be addressed in order to ensure that the vision of their service is achieved. Scenario It was at the end of the month when all the employees in Paysava company were supposed to receive their salaries. Immediately, the company turned into a confusion zone. All the managers together with the secretary wondered how they were going to pay all the one thousand five hundred stakeholders without any record of their commissions and sales. All the financial record had been erased. Someone had executed a successful attack on the enterprise. The CEO of the company who was away on a vacation had to be called and was informed about the shocking news. After recovering the first half of the data, the team also probed into the second operation but unfortunately, after several attempts, they were unable to recover even a single information.

Sign up to view the full document!

Up to date, the attack remained to be a mystery despite the company’s efforts to recover from the loss. Analysis of the client’s situation and choices Enterprise server being a collective entity that runs many programs and operations in the company, it is faced with several challenges. There are more privileges with regard to internal data. Those who are charged with the role of a system administrator have complete rights to access the servers. However, such organizations claim that they acquire much of their success from targeting lose companies and not because of any technical reasons. While it is not easy for one to have control as to whether the attacker is going to strike or not, it is always proper to ensure that enterprises make the work of the hackers more difficult by enforcing tighter security measures.

Sign up to view the full document!

Another crucial threat is social engineering. Malicious people may use manipulate, deception and lies to acquire sufficient knowledge that they need in order to dupe a company that is less prepared for such a threat. Such threats are not just limited to phone usage. Audience analysis of client There are three different category of audience whom this research proposal and recommendations would target. These include: tertiary audience, primary audience and secondary audience. Primary audience The primary audience for this proposal and presentation would be the system administrator, managers and the secretary of Paysava company. They are charged with the responsibility of ensuring that all the technical aspects of the company are run and managed in the most proper way possible. Secondary audience This category belongs to the programmers who were tasked with the responsibility of ensuring that the enterprise server is up and running.

Sign up to view the full document!

Based on the end product that is produced, this sector can be categorized into five segments that is: consumer products, pharmaceuticals, agricultural chemicals, specialty chemicals and basic chemicals. Industrial control systems relate to the chemical sector since it has to ensure security of its chemicals that can be hazardous. Commercial facilities sector This includes a wide range of sites which draw many people together. These can include: lodging, entertainment, business and shopping malls. These facilities are operated under the policy of public access meaning that people move in and out of these infrastructures without the availability of physical security barriers. These waters include: water for recreation, industrial waste management, river navigation, flood and sediment control, agricultural irrigation, industrial and municipal water supplies as well as hydroelectric power generation. The Dams sector is important as it supports a critical infrastructure and therefore it is inevitable to employ a working Industrial control system in this sector to ensure its smooth running since a small shortage in the water supply can have very adverse effects to the general public.

Sign up to view the full document!

Defense industrial base sector This is an industrial base that covers the whole world. It enables development and research as well as maintenance, delivery, design and production of military weapons systems so as to meet the military requirements of the United States. This is a very critical infrastructure and needs to be secured by the ICS. It is composed of many farms, restaurants, registered food processing and manufacturing and storage facilities. This sector has critical dependencies such as the transport systems for movement of farm products. It is therefore important to employ industrial control systems so as to maintain farms by use of temperature controllers and also humidity controllers in the green houses. Government facilities sector This crucial infrastructure includes all things such as public offices that are accessible to the public.

Sign up to view the full document!

They are vital as they offer many services to the people and therefore it is important to secure them. This sector is interdependent with other crucial infrastructure such as the transport sector. Nuclear power plants are very risky and need ICSs in order to stabilize its activities so that the particles do not escape to the atmosphere as they may result into destruction of life. Sector specific agencies This infrastructure oversees all the other important infrastructures and should therefore be controlled well. Their destruction or incapacitation would have adverse effects on national economic security, health, security or the combination of either. There are policies that strive to strengthen, secure and maintain the sixteen critical infrastructures. Proposed task The following are some of the tasks that would be performed so as to ensure that the proposal and coming up with recommendations becomes a success.

Sign up to view the full document!

The tasks include: I. Research about enterprise server security. II. Analysis of problems associated with enterprise servers. Revision of the report on recommendations. Submission of the report on recommendation to the managers and developers at Paysava. Date Table 1: Proposed schedule. Budget The cost for this project should be roughly between 0 to 20,000 dollars. The amount will be used to buy SDLC and DCS systems and install them. However, these dispersed panels needed a large manpower to attend to them and the whole process had no overall view. All the plant measurements were then transmitted to a room which was manned permanently as a central room for control measures. This development marked a significant logical development. With all these local panels centralized, it was now easy to view the process and have a low manning level.

Sign up to view the full document!

Often at times, the control room panels had controllers behind them and all the manual and automatic outputs were transmitted individually back to the plant in form of electrical or pneumatic signals (Cater et. al, p. In as much as the distributed control system was created to meet the needs f industrial processes which are large and continuous, in firms where sequential and combinatory logic was primarily used, the programmable logic controller evolved due to the urge of replacing the racks of timers and relays used for control that is driven by event. The ordinary controllers were difficult to diagnose faults and re configure and the PLC enabled the signals to be networked in the central control room with graphic displays. The automotive industry was the first one to develop networking control that was PLC enabled.

Sign up to view the full document!

It is the same industry where the sequential logic was going complex time after time. Currently, many DCDS have current processors hence they have a full line of subsystems that look like PLC (Fukuda et. al, p. Distributed control system (DCS) Distributed control system (DCS) refers to a control system of a plant or process that is computerized and the elements of control are distributed all over the system. This is the opposite of non-distributed control systems which use controllers that are discrete. Local on-plant monitoring and the centralized control rooms are allowed in a DCS since the communication networks control the hierarchy of controllers (Vyatkin et. The field outputs and inputs can be continuously changing or can be two state signals that switch either off or on such as semiconductor switch or relay contacts (Vyatkin et.

Sign up to view the full document!

al, p. Under normal conditions, Distribution control systems also support Modbus, HART, PC Link and profibus, foundation fieldbus that not only carry output and input signals but also advanced messages like status signals and error diagnostics. Supervisory control and data acquisition (SCADA) systems Supervisory control and data acquisition system is a system whose control architecture uses graphical user interfaces, computers and networked data communications to supervising process management in a high-level manner. It also uses peripheral devices such as the discrete PID controllers and logic controllers that are programmable to interface machinery process plant. More so, it is responsible for controlling the flow of cooling water. A direct control of the feedback control loop is done by the PLC OR RTU but the overall performance of the loop is done by the SCADA software (Katebi et.

Sign up to view the full document!

al, p. Programmable Logic Controllers (PLC) Programmable logic controllers can be a range of devices from the small devices with tens of input and output in a housing integral with the processor to large modular devices that are rack-mounted in thousands of input and output and are usually in a network with other SCADA and PLC systems. They can be designed for many purposes of analog and digital inputs and outputs, resistance to electrical noise, extended range of temperature and resistance to impact and vibration. Importance of industrial control systems in cyber security As discussed earlier, cyber security is the practices, processes or a body of technology that has been designed to protect programs, data, computers and networks from damage, attack or unauthorized access. Policy of responsible risk management mandates that threats towards industrial control systems should be monitored and measured so as to protect the interests of the employees, customers, shareholders, the public, vendors, the nation and society.

Sign up to view the full document!

Risk analysis enables benefits and costs to be compared so that informative decisions can be reached on the actions of protection to be taken. Apart from risk reduction, ICS also helps organizations in the following ways: Improving the safety of control systems and making them reliable and available, improving the retention, morale and loyalty of employees, reduction of community concerns, reduction of liabilities, improving banking and investor relations, helping insurance cost and coverage and meeting frequent regulation requirements (Stouffer et. al, p. V. As soon as the master secret is generated by the master server, it should be backed up. This ensures the possibility of recovering data from the credential database when there is a failure in the master server. References Abrams, M. Weiss, J. Crater, K. C. Goldman, C. E.

Sign up to view the full document!

 U. T. Programmable Logic Controllers. Fukuda, T. Shibata, T. Theory and applications of neural networks for industrial control systems. Springer London. McLellan, Hugh J.  Elements of Physical Oceanography: Pergamon International Library of Science, Technology, Engineering and Social Studies. Elsevier, 2016. Miller78, David.  U. S. Patent No. Washington, DC: U. S.

Sign up to view the full document!

From $10 to earn access

Only on Studyloop

Original template

Downloadable