Date of Publication

12-2022

Document Type

Master's Thesis

Degree Name

Master in Information Security

Subject Categories

Information Security

College

College of Computer Studies

Department/Unit

Computer Technology

Thesis Advisor

Fritz Kevin S. Flores

Defense Panel Chair

Marnel S. Peradilla

Defense Panel Member

Arlyn Verina L. Ong

Abstract/Summary

The College of Computer Studies Technical Support Group (CCS-TSG) currently manages cloud-based computing cluster services, used for administrative, academic, and research. Due to the ongoing pandemic, there has been an increase in the number of requests as well as concerns being raised by the users of the computing cluster services, with various degrees of priority levels as well as request types. Because of this, DLSU CCS-TSG is having difficulties in managing and addressing user requests and concerns due to multiple reasons: decentralized ways of raising requests and concerns, lack of prioritization and escalation, difficulty in tracking and accounting, lack of documentation, logging, triaging, and handling security incidents, among others. To help address these issues, a service desk with change management system (with workflow capabilities) was recommended to be implemented.

A service desk can be defined as the single point of contact of a company to help manage customer issues and requests. A service desk can help increase team efficiency, align business processes, improve operational efficiency, and help prioritize important issues. It can also handle incidents and service requests, user communication, prioritize incident handling with proper SLA (Service Level Agreement), and a system to provide timely and organized responses to customer concerns. A service ticket can be opened by the service desk team to address the concern with a configuration change, but for one to be certain that any changes to be applied is uniform throughout their system, it is recommended that a change management system be also implemented. The change management process is responsible for managing all changes to the production environments from inception to completion. It follows a careful and structured approach to make sure that changes are implemented without issues, ensures standard procedure to handle all changes, controls the impact upon the everyday activities of an organization, proper logging of changes made into a centralized repository, accountability, and non-repudiation.

For the said implementation, Request Tracker 5.0.1 was installed on an Ubuntu Desktop 20.04 with 8GB RAM and 64GB Storage. After the installation and configuration of Request Tracker, a non-authenticated and authenticated scan was done via OWASP ZAP. During the scan in OWASP ZAP, 6 alerts were found in which four are tagged as low, and two are tagged as informational. Aside from scanning using OWASP ZAP, vulnerabilities that were listed in the CVE and NIST Website that affected Request Tracker, especially the vulnerabilities that have a critical or high score under the CVSS 3.0 Scale were also patched. Implementation of SSH, Firewall Rules and Fail2ban were also done to help secure the environment infrastructure further to help prevent unauthorized access which can help secure the system further. For the configuration of the firewall rules, UFW (Uncomplicated Firewall) was used. Commands such as netstat -tulpn were executed to know which TCP, UDP ports are listening. The ports that are outputted by netstat -tulpn are the ones only allowed for the firewall rules which can help block public access and prevent attackers from exploiting weaknesses.

Abstract Format

html

Language

English

Format

Electronic

Physical Description

153 leaves

Keywords

Customer services--Computer networks; Cloud computing; Web services

Upload Full Text

wf_yes

Embargo Period

12-12-2022

Download

Share

COinS