Week 3 Assignment

Due Sunday, September 24, 2006

Joey's Pizza Parlor Application

Application Details

The web application allows a customer to create a pizza order online. First time users initiate the setup of their customer account by using their email address as their username and creating a password. The customer account allows them to order a pizza and the customer's order history is retained and accessible to them at any time. Orders are tracked by date and time. The customer can "login" to their account to view the status of their order.

When an order is submitted the customer receives back an estimated time for delivery or pickup and the total cost of the order. At this time, the application does not allow for on-line payment so the customer pays at pickup or delivery.

An email satisfaction survey is sent out for each customer transaction, but limited to one a month per customer (so as not to inundate frequent-flyer pizza eaters.) This application is very important (but not absolutely crucial) to Joey's Pizza Parlor business. It is important because it is a unique offering in the pizza business and customers have come to rely on it, but if the application is down customers can still place an order by calling it in over the phone.

Change-Control Policy

There are 3 types of possible change requests:

  1. Routine
  2. Enhancement
  3. Emergency

The vehicle for documenting and tracking changes is the Change Request Form (CRF) that is stored in a Change Request file.

The vehicle for evaluation and authorization of changes is done thru the Change Management Board (CMB) that consists of the business owner and the 3 developers.

Enhancement and emergency changes need to be identified, submitted to and evaluated by the CMB for authorization, denial, or deferment and tracked on a CRF.

Routine changes do not need to go thru the CMB but need to be documented and tracked on a CRF (routine changes would be database product related additions or deletions and the related application code.) Completion of a routine change is communicated to the CMB thru email.

Enhancement and Emergency change process:

  1. Change request information is documented in the CRF that will be reviewed by the CMB. This form gathers applicable change information such as: Change type, requester, change requirements and specifications, and a cost/schedule/impact analysis.
  2. The CMB reviews the change request and can either approve, deny or defer the change. The decision is documented on the form.
  3. An approved change is assigned to one of the three developers. All change coding will be done according to established best practices (checklist).
    1. If more then one developer is going to work on a project, each codeline will be assigned to a developer. It is important that developers check-in their codeline as soon as it is ready so the developers can integrate their work.
  4. CODE-TEST-REVIEW-DEBUG:
    1. A weekly change status and final change completion notification will be emailed to the CMB.
    2. When the change is completed the date, time and any related comments are noted on the CRF.
    3. Changes will be reviewed and tested by all 3 developers and debugged prior to moving the change to production.
    4. Review, testing and security comments are documented along with date and time that the change is moved to production.
  5. A documented rollback plan and uninstall procedures need to be in place (using the rollback checklist).
  6. Documented procedures are followed to monitor and evaluate performance after an enhancement or emergency change is made.
  7. A denied change is recorded as such with an explanation why.
  8. A deferred change is recorded as such with an explanation why and estimated time for commencement.

Logging and Auditing

The IDS monitoring system for Joey's Pizza is a combination of network based, host based, and application focused monitoring.

The network based IDS monitor sits on the DMZ segment of the firewall and monitors the traffic connection string signatures for protocols other than web (HTTP, HTTPS), SMTP , IPSec, FTP, DNS, etc. The presence of other protocols could indicate the firewall is misconfigured or additional services have been installed or enabled on the server (maliciously or inadvertently).

The host based IDS primary function is to monitor and prevent rogue activity at the operating system level and in the common server applications (HTTP, SQL, etc.) It will monitor the web server system logs (OS events) as well as system calls and program execution to detect attacks on the host OS in real time (IPS). Exploitation of web server vulnerabilities often results in escalation of privileges or Denial of Service.

The application focused monitoring will use the application event logs and database journal logs. Keeping applications patched with the latest security and bug fixes is the best defense. Since the web online ordering application is homegrown, the developers are responsible for secure coding and review of the event logs to correct any problems in their application.

Monitoring, logging and auditing are kept relatively simple at this time. When an on-line payment system is introduced, the IDS/IPS security methods will be increased because the CIA factor becomes more critical.