Need network architect to design a simple basic SaaS environment for a new start up. design must include the following elements (or explain why not recommended).
❏ Admin, application, and security event logs are installed.
❑ A centralized logging system and alerting system is used
❏ Log Management Process and Access to Logs. A log management process has been formalized to make sure that access to change the log configuration and access to modify logs is restricted.
❑ Recommend system monitoring tools. Example: alerts, notification parameters, alert recipient settings, software versions, etc.
❑ Provide details of monitoring system configuration (i.e. what is the system set to monitor?) Note: include the name of the monitoring software and current version in place
❑ Production systems are monitored by intrusion detection software
❑ Current intrusion detection rules sets that demonstrate that the system is in place and configured to detect malicious traffic
❑ Production networks and hosts are protected by firewalls
❑ Networks are segmented in order to prevent data leakage
❑ System configurations, settings, and defaults are backed up
❑ System capacity is monitored on a continuous basis (CPU, memory, storage, and bandwidth)
❏ The availability of the production website and web app is monitored 24/7/365
❑ Describe how system expansion and scaling is forecasted
❑ A patch management process exists to confirm that operating system level vulnerabilities are remediated in a timely manner. In addition, production servers are scanned to test patch compliance on a quarterly basis. Provide evidence of the patch mangement process in action.
❑ The system must generate a listing of users and administrators with access rights to the dev., testing, and production environment
❑ SSH service is accessible to only a pre-approved/whitelist IP addresses or segments
❑ All system API connections are encrypted
❑ Two Factor Authentication(2FA) is enabled on all systems that support it
❑ All browser sessions are forced to use TLS 1.2 HTTPS connections
❑ Recommend virtual and physical VPNs AND screen capture of the encryption configuration of all VPNs in use.
❑ Source code is restricted to only authorized users
"❑ File integrity policies and procedures; AND
• File integrity monitoring system configuration showing files and directories monitored; AND
• Configuration setting and evidence for alerting security personnel of unauthorized modification of software and configuration parameters; AND
• Configuration setting and evidence for weekly critical file comparison (if applicable)"
❑ Development, testing, and production environments are logically separated
❑ Maintain documentation describing backup scope and schedule. Suggest a listing of the data and critical system files that are backed up. All databases and file storage systems have backups and redundancies in place
❑ Backup Logs for critical system files, data, and or servers for the entire reporting period are saved.
❑ Screenshot showing users set up to receive backup process alerts.
❑ Backups occur in an automated fashion
❑ Backup processes are monitored for failure; failure results in an alert and an incident ticket
❑ Sample backup failure alerts or how configured to provide alerts if no failures during the Reporting Period.
❑ The data restoration process is defined in a checklist or procedure
❑ All sensitive customer data is encrypted at rest