A consideration of software security
Some people argue that programmers have enough experience to test software for bugs and vulnerabilities during the development of a product. Others claim that many software projects seek security as an add-on after the functional requirements of the software have been completed, which increases the flaws and vulnerabilities.
To complete this Discussion:
Post: Evaluate the extent to which programmers have the requisite experience to test the security of software within the development of a product. If not, explain what process you would use test the software security. Justify your explanation. As part of your post, you may need to define what does and does not constitute software security.
Project
A network topology design for ABC, part 1
This is a 2-Week Group Project that contains two parts. Part 1 should be finished during this Week (Week 7). Part 2 should be finished during Week 8. Both are combined and submitted at the end of Week 8.
For this project, you will design the layout of users, domains, trusted domains, anonymous users etc. for a start-up open-source software company, ABC. The company should have an internal CVS server (only internal developers can access it), an anonymous CVS server for outsiders to download source code, a WWW server (one for internal and one for external) and an internal mail server. It is crucial that outsiders should not be able to access either internal CVS or internal WWW servers.
You may need to choose a project leader for your group to facilitate the project. This is optional, however.
At the end of this Week, you should agree on an initial draft and upload that draft to the Group Project forum. The format of the submission is flexible, but everyone should have some reasonable contribution to this draft.
At the end of Week 8, each member of the group will submit the same copy of your final project design document to the Week 8 Turnitin link. The final submission needs to be a professional document that has the same look and feel across all sections. It should be no more than ten pages. You need to make sure that you use a title page, including a table at the preamble to state which group members did which work. Use the same font, colour, size, etc. Your project grading will be offered according to your contribution to the project.
Part 1: For Week 7, you should finish the following:
- The topology diagram for the different servers and locations and trust domains (e.g., where the firewalls are and where the users are located in the topology). This diagram can be revised in Week 8 according to your new research findings.
- The assumptions that you make for your design and the security policy to achieve this assumption.
Part 2: Your final document for Week 8 should include the following:
- Network topology diagram and the domains of trust.
- Security-related assumptions in your design and security policy to make this assumption valid.
- Trust assumptions about users (e.g., who could be root and what a root could do). You do not need to create specific users, but you need to give a classification about users according to their trust domain (e.g. developers, system administrators, software testers etc.). In particular, you need to define the capabilities for each class of users. If possible, embed this into your firewall management. You do not need to address the password management policies.
- Authorisation mechanism used and where it is used.
- Potential security issues for each server and how to manage them and who can configure them and manage them.