SECURITY OPERATIONS AND ADMINISTRATION

SEC935 - ZAA

PROJECT

DELIVERABLE 1

Garima Arora (135458214)

Jasmeen Kaur (135464212)

Sneha Sarangal (135421212)

8th July 2023

Submitted To: Prof. Roy Feng

1
Table of Content

OS Selection………………………………………………………………………………3

Web-Server Software Selection…………………………………………..…….6

Host-based Security Software Selection…………………………………….9

Content Management System Selection……………………………………12

2
OS Selection

Introduction:

The choice of an operating system (OS) for our server build is an important choice that will

have a significant impact on the system's overall performance, security, and compatibility. In

this section, three different operating systems—Windows Server, Linux (particularly Ubuntu

Server), and FreeBSD—will be thoroughly compared and evaluated, with an emphasis on

their security features. We will choose the OS that is best suited for our server development

after giving it serious thought and discussing reasons in detail.

Windows Server:

Windows Server is a widely used operating system in enterprise environments due to its

user-friendly interface, extensive software compatibility, and robust security features. It

offers a range of security measures, including robust user access controls, secure remote

administration, and built-in firewalls. Microsoft is known for regularly releasing security

patches and updates, ensuring the system's resilience against emerging threats. Additionally,

Windows Server supports various security frameworks and protocols, such as Active

Directory and Secure Socket Layer (SSL), which significantly enhance the overall security

posture.

However, it is crucial to acknowledge some potential drawbacks of Windows Server in terms

of security. Firstly, being a proprietary system, its source code is not open to public scrutiny,

potentially limiting the ability to identify and address vulnerabilities. This closed nature of

the OS may present challenges in terms of transparency and community-driven security

audits. Moreover, due to its popularity and widespread usage, Windows Server becomes an

3
attractive target for cyberattacks, necessitating diligent monitoring and proactive security

measures.

Linux (Ubuntu Server):

Linux, particularly Ubuntu Server, is an open-source operating system renowned for its

stability, flexibility, and robust security features. As an open-source system, it benefits from a

large and active community of developers who continuously review the code and promptly

address security vulnerabilities. Ubuntu Server provides robust access controls, strong file

permissions, and extensive encryption options. Additionally, its modular architecture allows

for a streamlined and customized installation, significantly reducing the potential attack

surface.

One of the significant advantages of Ubuntu Server lies in its vast repository of security tools

and packages, such as AppArmor and Fail2Ban, which further enhance the overall security

posture. Furthermore, regular updates and patches are readily available, ensuring a timely

response to emerging threats. The open nature of the OS allows security experts and system

administrators to thoroughly inspect the code, thereby minimizing the risks associated with

undiscovered vulnerabilities.

FreeBSD:

FreeBSD is a Unix-like open-source operating system that emphasizes stability, performance,

and security. It offers built-in security features, including mandatory access controls (MAC),

secure memory management, and granular file permissions. FreeBSD has a commendable

track record of rapidly addressing vulnerabilities and providing proactive security updates.

4
The system's security-centric design and focus make it particularly suitable for server

deployments that require a high level of protection.

However, it is essential to consider that FreeBSD may present a steeper learning curve for

administrators who are not familiar with Unix-like systems. Additionally, the availability of

specific software and commercial support options may be more limited compared to

Windows Server and popular Linux distributions.

Justification and Selection:

After conducting a thorough evaluation, we have decided to select Linux, specifically Ubuntu

Server, as the operating system for our server build. Ubuntu Server offers a compelling

combination of security, stability, and customization options. Its open-source nature ensures

continuous improvement, with a vast community actively involved in the development and

security aspects. The extensive repository of security tools and packages provides us with

the necessary flexibility to enhance the server's security posture according to our specific

needs. Furthermore, Ubuntu Server's compatibility with various web server software and

content management systems aligns well with our project requirements, ensuring smooth

integration and optimal performance.

By selecting Ubuntu Server, we aim to leverage its robust security features, active

community support, and regular updates to create a secure and reliable server environment

for our project. The open-source nature of the OS, coupled with its extensive security tools

and packages, will allow us to implement stringent security measures, protect against

emerging threats, and effectively address vulnerabilities. Additionally, Ubuntu Server's

flexibility and compatibility will provide us with a solid foundation for the subsequent stages

of our project.

5
Web-Server Software Selection

Introduction:

The selection of the web-server software for our server build is a crucial step that will

significantly impact the performance, security, and scalability of our system. In this section,

we will compare and evaluate three different types of web-server software: Apache HTTP

Server, Nginx, and Microsoft Internet Information Services (IIS). Our evaluation will focus

primarily on their security aspects. Subsequently, we will select the most suitable web-

server software for our server build and provide a comprehensive justification for our

choice.

Apache HTTP Server:

Apache HTTP Server, commonly known as Apache, is one of the most widely used and highly

regarded web-server software. It is renowned for its stability, reliability, and extensive

feature set. Apache has a long history of being a secure web server, with a robust security

track record. It offers various security modules, such as mod_ssl for encrypted connections

and mod_security for web application firewall capabilities.

Apache's security strengths lie in its flexibility and configurability. It provides a wealth of

options to customize security settings, including access controls, authentication methods,

and secure communication protocols. Apache's large user community contributes to regular

security updates and prompt vulnerability resolutions. Additionally, its extensive

documentation and community support make it easier to implement and maintain secure

configurations.

6
However, Apache's configurability can be overwhelming for less experienced administrators,

potentially leading to misconfigurations and security vulnerabilities. The complex nature of

the server's configuration files and directives may require a deeper understanding of web-

server security practices to ensure a secure setup.

Nginx:

Nginx is a high-performance, open-source web-server software that has gained popularity in

recent years. It is designed to handle a large number of concurrent connections efficiently

and is known for its low memory footprint. Nginx has a strong focus on performance and

security, making it a suitable choice for websites and applications with high traffic loads.

In terms of security, Nginx provides several features to protect against common threats. It

supports secure communication protocols, such as SSL/TLS, and offers configuration options

for secure cipher suites. Nginx's modular architecture allows for the integration of security

modules, such as ModSecurity, to provide web application firewall capabilities. Its ability to

handle Denial-of-Service (DoS) attacks and mitigate the impact of malicious requests is

another strength of Nginx.

However, it's important to note that Nginx's extensive configuration options may require a

steep learning curve for administrators who are not familiar with the software. While Nginx

has a growing community and available documentation, it may not have the same level of

community support and resources as Apache.

Microsoft Internet Information Services (IIS):

Microsoft Internet Information Services (IIS) is a web-server software developed by

Microsoft, primarily for Windows-based systems. It is known for its seamless integration

7
with the Windows Server operating system and the Microsoft technology stack. IIS offers a

user-friendly interface, extensive administrative tools, and integration with other Microsoft

products, such as Active Directory and Windows Authentication.

In terms of security, IIS has made significant strides over the years and now includes robust

security features. It supports SSL/TLS encryption, provides granular access controls, and

offers URL rewriting capabilities for enhanced security. Microsoft regularly releases security

patches and updates for IIS, ensuring timely vulnerability resolutions. Additionally, IIS

benefits from the extensive security expertise and resources of Microsoft.

However, one potential limitation of IIS is its dependency on the Windows Server operating

system. This may restrict its deployment options for organizations using different operating

systems or seeking a more platform-agnostic solution. Additionally, while IIS has improved

its security over time, it may still be a target for attacks due to its widespread usage.

Justification and Selection:

After careful evaluation, we have decided to select Nginx as the web-server software for our

server build. Nginx offers an optimal balance between performance, scalability, and security.

Its efficient handling of concurrent connections and low memory footprint makes it suitable

for our project's requirements. Nginx provides essential security features, such as SSL/TLS

support and configuration options for secure cipher suites, allowing us to establish secure

communication channels with clients.

The modular architecture of Nginx enables the integration of additional security modules,

such as ModSecurity, to enhance the web application firewall capabilities. Nginx's ability to

8
handle DoS attacks and mitigate the impact of malicious requests aligns with our objective

to ensure the availability and integrity of our server.

While Apache and IIS are also strong contenders, Nginx's lightweight nature, performance

optimizations, and growing popularity in the industry make it the most suitable choice for

our project. Furthermore, Nginx's active community support and availability of resources

ensure that we can leverage expert knowledge and promptly address any security concerns

that may arise.

Host-based Security Software Selection

Introduction:

The selection of host-based (or endpoint) security software is crucial to protect the integrity,

availability, and security of our Linux server. In this section, we will compare and evaluate

three types of modern host-based security software designed for Linux servers: OSSEC,

rkhunter, and Fail2ban. Our evaluation will focus on their security features, ease of use,

community support, and compatibility with Ubuntu Server. Subsequently, we will select the

most suitable host-based security software for our Ubuntu Server build and provide a

comprehensive justification for our choice.

OSSEC:

OSSEC (Open Source Host-based Intrusion Detection System) is a widely adopted and open-

source host-based security software specifically designed for servers. It provides real-time

log analysis, file integrity checking, rootkit detection, and active response capabilities. OSSEC

is known for its strong intrusion detection and prevention features, enabling administrators

to proactively identify and respond to security incidents.

9
One of the notable strengths of OSSEC is its centralized management console, which allows

for efficient monitoring and alerting across multiple Linux servers. It provides comprehensive

log analysis, allowing administrators to detect and respond to potential security threats

effectively. OSSEC's extensive rule set and active response capabilities enable the

implementation of automated actions upon detection of security incidents.

OSSEC's open-source nature ensures frequent updates, community support, and

customization options. It integrates well with other security tools and can be tailored to fit

specific server environments and requirements. However, the initial setup and configuration

of OSSEC may require more technical expertise, and ongoing maintenance and fine-tuning

are necessary to ensure optimal performance and accuracy.

rkhunter:

rkhunter (Rootkit Hunter) is an open-source, command-line-based host-based security

software designed to detect and remove rootkits, backdoors, and local exploits on Linux

servers. It performs a comprehensive system scan to identify known signatures and

suspicious system modifications. rkhunter focuses primarily on detecting unauthorized

changes to critical system files and configurations.

One of the significant advantages of rkhunter is its simplicity and ease of use. It provides

straightforward command-line options to initiate scans and generate reports, making it

accessible for administrators with varying levels of technical expertise. rkhunter's regular

updates and community support ensure timely response to emerging threats and

continuous improvement.

10
However, it's important to note that rkhunter primarily focuses on rootkit detection and

system integrity checks. It may not provide advanced intrusion detection or comprehensive

threat prevention capabilities. Administrators should consider complementing rkhunter with

additional security solutions to address other aspects of host-based security.

Fail2ban:

Fail2ban is an open-source, log-parsing-based host-based security software designed to

protect Linux servers from brute-force attacks, password-guessing attempts, and other

malicious activities. It scans log files, detects suspicious patterns, and automatically blocks

the offending IP addresses by modifying firewall rules. Fail2ban is particularly effective in

mitigating common attacks targeting SSH, web applications, and other services.

One of the strengths of Fail2ban is its ability to dynamically respond to detected threats,

reducing the risk of successful attacks. It provides flexibility in configuring various

parameters, such as the number of failed login attempts before blocking an IP address and

the duration of the ban. Fail2ban's straightforward configuration and active community

support make it accessible and easy to integrate into Linux server environments.

However, it's important to consider that Fail2ban primarily focuses on preventing and

mitigating brute-force attacks and may not provide advanced threat detection or rootkit

detection capabilities. Administrators should evaluate their specific security requirements

and consider complementary security software to provide comprehensive protection.

Justification and Selection:

11
After careful evaluation, we have decided to select Fail2ban as the host-based security

software for our Ubuntu Server build. Fail2ban's ability to dynamically respond to detected

threats, its focus on preventing brute-force attacks, and its ease of use make it the most

suitable choice for our project.

By integrating Fail2ban, we can effectively mitigate the risk of unauthorized access and

brute-force attacks on our Ubuntu Server. Fail2ban's log-parsing capabilities and active

response mechanism allow us to automatically block offending IP addresses, reducing the

likelihood of successful attacks. Its flexibility in configuration parameters provides the

necessary control to adapt to our specific server environment.

Fail2ban's straightforward configuration and active community support contribute to a

smooth implementation and ongoing maintenance. The availability of extensive

documentation and community resources ensures accessibility for administrators with

varying levels of technical expertise. Fail2ban's compatibility with Ubuntu Server further

simplifies its integration into our server environment.

Content-Management-System Selection

Introduction:

The selection of a content management system (CMS) is a critical decision that directly

impacts the security, flexibility, and ease of managing content on our server. In this section,

we will compare and evaluate three different types of CMS: WordPress, Drupal, and Joomla,

with a particular focus on their security aspects. Our evaluation will encompass factors such

as vulnerability history, security features, and community support. Subsequently, we will

12
select the most suitable CMS for our server build and provide a comprehensive justification

for our choice.

WordPress:

WordPress is a widely popular open-source CMS known for its user-friendly interface,

extensive plugin ecosystem, and ease of use. It powers a significant portion of websites

worldwide, ranging from personal blogs to enterprise-level platforms. WordPress has a large

and active community of developers, which contributes to frequent updates and security

patches.

In terms of security, WordPress has made significant strides in recent years to address

vulnerabilities and enhance its security features. It provides various security plugins, such as

Wordfence and Sucuri, which offer features like malware scanning, firewall protection, and

login security. Additionally, WordPress follows best practices for secure coding and offers

guidance for securing the CMS and its plugins.

However, the popularity of WordPress makes it an attractive target for cyberattacks. The

extensive use of plugins, themes, and customizations can introduce potential vulnerabilities

if not managed properly. It is essential to maintain the CMS and its components up to date

and follow security best practices to ensure a secure WordPress installation.

Drupal:

Drupal is another open-source CMS known for its robustness, scalability, and security

features. It is widely adopted by organizations that require advanced customization and

complex website architectures. Drupal has a dedicated security team that actively monitors

13
vulnerabilities, releases timely security updates, and collaborates with the community to

address security concerns.

Drupal's security strengths lie in its access control mechanisms, granular user permissions,

and secure coding practices. It provides features such as two-factor authentication,

password policy enforcement, and built-in protection against common vulnerabilities.

Additionally, Drupal follows a structured release cycle, ensuring regular updates and security

patches.

However, Drupal's complexity and steeper learning curve may require more technical

expertise to implement and maintain compared to other CMS options. While Drupal has a

passionate community and extensive documentation, organizations should consider the

resources available to support Drupal deployments.

Joomla:

Joomla is an open-source CMS known for its ease of use, flexibility, and extensibility. It offers

a middle ground between WordPress and Drupal in terms of complexity and features.

Joomla has an active community that contributes to the development, security, and

maintenance of the CMS.

Joomla incorporates security features such as two-factor authentication, access controls,

and granular user permissions. It follows secure coding practices and regularly releases

updates and security patches to address vulnerabilities promptly. Joomla also offers

extensions and plugins that enhance the CMS's security, such as Akeeba Backup and Admin

Tools.

14
However, Joomla's extension ecosystem is not as extensive as WordPress's, which may limit

the availability of specific security-focused plugins or customization options. Organizations

should evaluate their specific requirements and ensure that Joomla's available features align

with their needs.

Justification and Selection:

After careful evaluation, we have decided to select Drupal as the content management

system for our server build. Drupal's robustness, extensive security features, and dedicated

security team make it the most suitable choice for our project.

Drupal's emphasis on security, demonstrated by its proactive vulnerability management and

structured release cycle, aligns well with our goal of creating a secure server environment.

Its access control mechanisms and granular user permissions enable us to define fine-

grained security policies and manage content effectively. Additionally, Drupal's secure coding

practices and the availability of security-focused extensions contribute to a solid security

foundation.

While WordPress and Joomla are popular CMS options with their strengths, Drupal's

superior security features, strong community support, and dedicated security team give us

confidence in its ability to provide a secure and scalable CMS for our server build. By

selecting Drupal, we can leverage its security-oriented architecture, continuous vulnerability

monitoring, and regular updates to ensure the integrity and confidentiality of our content

and user data.

15