Question on achieving ultimate network security

5 pts.
Tags:
Firewalls
IDPS
IDS
Linux applications
MySQL Database
Network security
Hello

I would be grateful if you could advise me on a security issue I have on my network security. I have a web application on linux with my data stored on a mysql database on the same server (actually it is a sugarcrm)

The sugarcrm which contains information about my clients is used by my departments for their routine jobs such as creating email marketing campaigns or emails to clients.

As security measure for this system, the main server and departments are isolated from internet. Only specific people have access to internet for sending emails and email marketing campaigns.

The people who have access to internet also have access to sugarcrm, through an intermediary application;i.e.,  Softtalk shared server  that is on the internal network ,accessible to internal users and internet users.

The internet users have a firewall securing them from the internet.

So the only points of internet connection for my system are internet users who do the task of sending emails and email campaigns.

My goal is to make sure that there will be no successful intrusion into my system and that my clients’ data are well secured and protected. Therefore I would greatly appreciate if you could make me any assistance and guidance on my system. Its security holes that have to be removed and any other method for enhancing security to the level of a no-hole system.

looking forward to hear from you  



Software/Hardware used:
software firewalls and routers ( on linux)- sugarcrm
ASKED: November 15, 2010  1:34 PM
UPDATED: November 15, 2010  6:59 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

If the Softtalk shared server is accesible from the internet, that would be one point that needs to be properly secured. How do external users access it ? How is it connected to the internet ? how does it connect to your sugarcrm server ?

One general security measure is to have all operating systems patched to the latest patch level available, and this includes client and server machines. Also, disabling all services that not in use, and changing all default configuration/passwords is something that needs to be done, mainly on machines that are accesible from the internet.

If the sugarcrm server is only accessed from the internal network you could use the iptables firewall to only accept packets from the internal network and only to the ports your CRM application and any other application running on the server use to service client requests.

On your users’ machines a good anti malware program should be installed too, in addition to a firewall.

—————

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following