Intrusion Detection Systems

Software used on the servers can play a role in their security. Unverified and inauthentic software can be beset with loopholes that can be exploited to access the system. All software should only be gotten from official software repositories which can be verified by PGP signatures. (Peltier, 2016).

The development team should strictly use a different web server to test the phone. This is considered industry best practice that should prevent instances of attacks caused by untested code. As such, no tests or debugging should be done on a production server. The use of application scanners will ensure that all internally developed code has been validated and that it doesn’t slip into production environments. The servers and their operating systems should stay patched at all times. This will prevent attackers from using a newly discovered bug to access the system. This will require staying abreast of developments as manufacturers will usually release patches shortly after a bug has been discovered. (Peltier, 2016).

Intrusion detection systems can ensure that attacks are discovered early enough. The fast alert can help in minimizing the damage done to a system by identifying threats early enough and neutralizing them accordingly. An intrusion detection system will be configured to monitor logs, processes and any sensitive directories. They will then alert the administrator of any unusual activities going on. Services should be only from accounts with the least privileges needed for the service. This will ensure that any attacker cannot use the privileges of said account to gain further access to the server. (Peltier, 2016).

Redundancy of the servers will happen with the Cincinnati data center acting as a failover to the Atlanta data center. With backups, restorations will only happen up to the restoration point and this can mean loss of data. To prevent this, a service like the Windows Distributed File System (DFS) can be used to replicate data into replica servers. This will be from the Atlanta to the Cincinnati data center. Local replication of data within the data center is not advisable and as such the Cincinnati office will be the secondary data center. (Peltier, 2016).

Wireless Technologies. While each of the offices will have its own LAN network, the two offices in Cincinnati and Atlanta will be connected by a VPN (virtual private network). While companies previously used WAN to connect to different offices, VPN provide a better solution that can use the internet to make the site to site connection. They are also secure enough to be used by employees when they are away from the offices. With the requirements that information be move at 50 mbps at all times, the VPN will prove to be a better solution than a WAN. The VPN solution is also cheaper as it can use a single line for each office and this will mean lower broadband costs. Wi-Fi technology can also be used for the LAN in the individual offices. (Cassidy, 2016).

Solutions for High Availability

It is important that access to the systems not be disrupted. This will require the appropriate measures for high availability be implemented. With database servers at both data centers, database mirroring will be sued to ensure high availability. This solution uses software to maintain a standby database or a corresponding production database that will be the principal database. This standby database will be created by restoring backup of the principal database without recovery. Another solution for high availability is through replication. This involves a primary server that will be distributing data to other servers leading to real time availability and scalability. (Cassidy, 2016).