MedranoRobertMilestone1

.pdf

School

Full Sail University**We aren't endorsed by this school

Course

ITE 229-O

Subject

Information Systems

Date

Jan 10, 2025

Pages

Uploaded by robertmedrano25

Page 1of 61[Your Company Name Proof of Concept Proposal] Proof of Concept Technical Solution for the Marconi Law Firm, LLC. (WordPress Website) Orlando, Florida Robert Medrano Worlds Collide LLC

Page 2of 61[Your Company Name Proof of Concept Proposal] Table of Contents Inventory ................................................................................................................................6Custom Network .....................................................................................................................6IDs and Passwords ..................................................................................................................6Preface ...................................................................................................................................7Network Topology Diagram ....................................................................................................8SSH Install & Access................................................................................................................8OpenSSH Install (Ubuntu) .................................................................................................................9Node.js Application (Ghost) on Docker ....................................................................................9Update Rocky8-Docker Host Name .................................................................................................10Update Rocky8-Docker ...................................................................................................................10Install EPEL Packages ......................................................................................................................11Install Nano Editor .........................................................................................................................13Docker CE .......................................................................................................................................13Set up stable repository .....................................................................................................................................13Install Docker CE ................................................................................................................................................16Verify Docker version .........................................................................................................................................17Initialize Docker .............................................................................................................................18Start Docker.......................................................................................................................................................18Enable Docker....................................................................................................................................................19Test Docker (hello-world)..................................................................................................................................20Disable SELinux (/etc/selinux.config) ..............................................................................................21Reboot VM .....................................................................................................................................21Confirm SELinux Status...................................................................................................................22Install Ghost Docker Container .......................................................................................................23Check for Ghost Container (docker ps) ...........................................................................................23Ghost Container ID .............................................................................................................................................23NginX Reverse Proxy .............................................................................................................25Update Rocky8-Nginx Host Name ...................................................................................................25Update Rocky8-Nginx .....................................................................................................................25Install EPEL Packages ......................................................................................................................26Install Nano Editor .........................................................................................................................26Disable SELinux ..............................................................................................................................26

Page 3of 61[Your Company Name Proof of Concept Proposal] Reboot VM .....................................................................................................................................27Confirm SELinux Status...................................................................................................................28Rocky Firewall ................................................................................................................................28Stop Firewall ......................................................................................................................................................28Disable Firewall ..................................................................................................................................................28NginX .............................................................................................................................................29Install NginX .......................................................................................................................................................29Start NginX .........................................................................................................................................................29Enable NginX ......................................................................................................................................................30Confirm NginX Status .........................................................................................................................................30Reverse Proxy for Ghost Site ..........................................................................................................31Edit NginX configuration file ..............................................................................................................................31Reload NginX service ..........................................................................................................................................31Terminate Docker ..............................................................................................................................................31Delete First Ghost Container ..............................................................................................................................32Create New Ghost Container .............................................................................................................................32Browse to Ghost from Firefox on Ubuntu (10.10.229.10/blog) .........................................................................32WordPress on Ubuntu - LAMP Stack ......................................................................................35Update Ubuntu Host Name ............................................................................................................35Update Ubuntu ..............................................................................................................................35Upgrade Ubuntu ............................................................................................................................35Install Nano Editor .........................................................................................................................36Install Git .......................................................................................................................................36Install Apache2 ..............................................................................................................................36Open Firewall Ports 80 and 443 .........................................................................................................................37Browse to Apache2 Ubuntu Default Page ..........................................................................................................38Install MySQL .................................................................................................................................38Alter root user password (root@localhost) .......................................................................................................39Flush Privileges ...................................................................................................................................................39Exit MySQL .........................................................................................................................................................39Install PHP ......................................................................................................................................39Install Required PHP Libraries ............................................................................................................................39Install Required MySQL Libraries .......................................................................................................................40Enable URL Rewrites (clean URLs)......................................................................................................................40Restart Apache Service ......................................................................................................................................41Create a test.php Web Page ..............................................................................................................................41Test the test.php Web Page ...............................................................................................................................41Database Configuration in MySQL Log into MySQL .........................................................................41Create MySQL WordPress Database (WordPressDB) ........................................................................................42Create MySQL WordPress User (WordPressUser) .............................................................................................42Grant Privileges to the WordPress Database (WordPressDB) to WordPress User (WordPressUser) ................42

Page 4of 61[Your Company Name Proof of Concept Proposal] Flush Privileges ...................................................................................................................................................42Exit MySQL .........................................................................................................................................................42Install WordPress ...........................................................................................................................43Grant Permission to /var/www/html/ Directory to WordPress User ................................................................43Delete Files from /var/www/html/ Directory ....................................................................................................43Verify /var/www/html/ Directory is Empty .......................................................................................................43Clone WordPress to /var/www/html/ Directory ............................................................................44Verify /var/www/html/ Directory Contains WordPress Files ............................................................................44Verify Permissions on /var/www/html/ Directory .............................................................................................44Edit Ownership ..............................................................................................................................45Edit Ownership of and the contents of /var/www/html/ Directory ..................................................................45Edit the apache2.conf File ..............................................................................................................45Override All Default Apache Directives ..............................................................................................................46Create a .htaccess File in the /var/www/html/.git/ Directory ........................................................47Restart the Apache Service.............................................................................................................47WordPress Configuration ......................................................................................................48Configure WordPress .....................................................................................................................48WordPress Configuration Selections ..................................................................................................................48Run Installation ..................................................................................................................................................50Create an Admin WordPress User .....................................................................................................................50WordPress Site Selections ..................................................................................................................................51Test WordPress Website ....................................................................................................................................52WordPress Security Settings and Configurations ...................................................................56File Permissions .............................................................................................................................56Vulnerability .......................................................................................................................................................56Configuration .....................................................................................................................................................56Validation ...........................................................................................................................................................57Securing wp-config.php ..................................................................................................................57Vulnerability .......................................................................................................................................................57Configuration .....................................................................................................................................................57Validation ...........................................................................................................................................................58Firewall (Shield) .............................................................................................................................58Vulnerability .......................................................................................................................................................58Configuration .....................................................................................................................................................58Validation ...........................................................................................................................................................59Conclusion ............................................................................................................................59Appendix A ...........................................................................................................................60NginX Config File ............................................................................................................................60Appendix B ...........................................................................................................................60

Page 5of 61[Your Company Name Proof of Concept Proposal] NginX Access Log File .....................................................................................................................60NginX Error Log File ........................................................................................................................61

Page 6of 61[Your Company Name Proof of Concept Proposal] Inventory EQUIPMENT OPERATIING SYSTEM ADDITIONAL INFO IP ADDRESS Router/Custom Network - (Firewall VM) -Firewall VM 10.10.229.1 Docker Rocky 8 (-Docker) Ghost Container 10.10.229.11 NginX Reverse Proxy Rocky 8 (-Nginx) Reverse Proxy 10.10.229.10 WordPress Ubuntu LAMP Stack running WordPress 10.10.229.12 Custom Network NETWORK NAME SUBNET IP SUBNET MASK DNS GATEWAY ITE229 10.10.229.0 255.255.255.0 10.10.229.1 10.10.229.1 IDs and Passwords ACCOUNT USER ID PASSWORD Rocky8-Docker Root User root Fullsail1! Rocky8-Nginx Root User root Fullsail1! Ubuntu Root User Root Fullsail1! MySQL Root User root@localhost Fullsail1! MySQL WordPress User WordPressUser Fullsail1! WordPress Admin admin Fullsail1!

Page 7of 61[Your Company Name Proof of Concept Proposal] Preface This document will serve as proof of concept to Mr. Marconi for creating his WordPress website for his law firm and as audit documentation. The purpose of audit documentation is to provide a comprehensive record of the organization's information technology infrastructure and security controls and processes. It plays a crucial role in providing transparency, accountability, and QA/QC regarding an organization's cybersecurity controls and practices. It enables organizations to demonstrate compliance, identify areas for improvement, and make informed decisions to strengthen their overall organizational cybersecurity. Audit documentation serves several important purposes: •Compliance: Evidence that an organization has undergone a thorough examination of its systems. It helps validate that the organization has implemented appropriate controls to protect its information systems and sensitive data. •Validation: Verification of the effectiveness and adequacy of cybersecurity controls. It provides detailed information about the design, implementation, and operation of these controls, enabling reviewers to assess their reliability and identify any gaps or weaknesses. •Records Maintenance: Historical record of cybersecurity audits conducted over time. It enables organizations to track their progress, identify trends, and evaluate the effectiveness actions taken. It also serves as reference for future audits and allows auditors to understand the current cybersecurity implemented and facilitates a more targeted approach to future cybersecurity updates and audits. •Decision-making Support: Valuable insights and information that can support decision-making processes. It allows management to make informed decisions about allocating resources, prioritizing cybersecurity investments, and addressing identified risks and vulnerabilities.

Page 8of 61[Your Company Name Proof of Concept Proposal] fgm Network Topology Diagram SSH Install & Access

Page 9of 61[Your Company Name Proof of Concept Proposal] OpenSSH Install (Ubuntu) Log into Ubuntu virtual machine, Open terminal in Ubuntu virtual machine, type in sudo apt install openssh-client-y

Page 10of 61[Your Company Name Proof of Concept Proposal] Node.js Application (Ghost) on Docker Update Rocky8-Docker Host Name Open the terminal in your virtual machine and type in “sudo nmtui”, a menu should appear and go down to “Set system host name”, Enter the new name for Rocky8- Docker host name.Update Rocky8-Docker Type in “ sudo yum update -y \ sudo yum install nano \ sudo yum install epel-release -y” to update docker

Page 11of 61[Your Company Name Proof of Concept Proposal] Install EPEL Packages

Page 12of 61[Your Company Name Proof of Concept Proposal] To install EPEL packages in the terminal type in “sudo yum install epel-release-y”

Page 13of 61[Your Company Name Proof of Concept Proposal] Install Nano Editor To install EPEL packages in the terminal type in “sudo yum install nano”Docker CE Set up stable repository Set up repository by using this commands “sudo apt-get update” Install prerequisite packages “sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common”Add Docker’s official GPG key curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - Verify that you now have the key with the fingerprint 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 sudo apt-key fingerprint 0EBFCD88 pub rsa4096 2017-02-22 [SCEA] 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 uid [ unknown] Docker Release (CE deb) <docker@docker.com>

Page 14of 61[Your Company Name Proof of Concept Proposal] sub rsa4096 2017-02-22 [S] *****INSTALL PACKAGE MANAGER***************TO ADD THE REPOSITORY ***** sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Page 15of 61[Your Company Name Proof of Concept Proposal]

Page 16of 61[Your Company Name Proof of Concept Proposal] Install Docker CE Begin to install Docker by using the command “sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin” make sure to press “Y” for everything as it installs.

Page 17of 61[Your Company Name Proof of Concept Proposal] Verify Docker version To verify docker version type in “docker –version”

Page 18of 61[Your Company Name Proof of Concept Proposal] Initialize Docker Start Docker Start Docker with “sudo systemctl start docker”

Page 19of 61[Your Company Name Proof of Concept Proposal] Enable Docker Enable Docker by using the command “sudo systemctl enable docker”

Page 20of 61[Your Company Name Proof of Concept Proposal] Test Docker (hello-world) Use the command “sudo docker run hello-world”

Page 21of 61[Your Company Name Proof of Concept Proposal] Disable SELinux (/etc/selinux.config) Disable SELinux in the SELinux configuration file change “enforcing” to “disabled” and also use the command "sudo nano /etc/selinx/config"Reboot VM Reboot VM using the command "reboot"

Page 22of 61[Your Company Name Proof of Concept Proposal] Confirm SELinux Status Confirm SELinux status was by using in "sestatus".

Page 23of 61[Your Company Name Proof of Concept Proposal] Install Ghost Docker Container Using this command below following will create, start, and name a new container. “docker run -d --name ghost -p 3001:2368 -e url=http://10.10.229.11:3001 ghost” •docker run: Docker to creates and starts the new container. •-d: Runs it in detached mode. •--name ghost: Adds the name "ghost" to the new container. •-p 3001:2368: Maps port 3001 on the VM to port 2368 inside the Docker container. •ghost: Specific Docker image you need to use for the container.Check for Ghost Container (docker ps) Ghost Container ID Use code “docker ps -a”

Page 24of 61[Your Company Name Proof of Concept Proposal]

Page 25of 61[Your Company Name Proof of Concept Proposal] NginX Reverse Proxy Update Rocky8-Nginx Host Name Open the terminal in your virtual machine and type in “sudo nmtui”, a menu should appear and go down to “Set system host name”, Enter the new name for Rocky8- NginX host name.Update Rocky8-Nginx Update the VM by using the command "sudo yum update -y"

Page 26of 61[Your Company Name Proof of Concept Proposal] Install EPEL Packages Install EPEL packages by typing the command "sudo yum install epel-release -y"Install Nano Editor Install Nano editor by typing "sudo yum install nano"Disable SELinux disable SELinux going to the SELinux configuration file by typing the command "sudo nano /etc/selinux/config" Where it says "SELINUX=enabled" delete "enabled" and replace it with "disabled." The replaced text must say "disabled" not "disable"

Page 27of 61[Your Company Name Proof of Concept Proposal] Reboot VM Reboot VM using the command "reboot"

Page 28of 61[Your Company Name Proof of Concept Proposal] Confirm SELinux Status Confirm SELinux was disabled by typing in "sestatus". You should see "SELinus stats: disabled"Rocky Firewall Stop Firewall stop and disable Rocky 8's firewall. Do so using the command "systemctl stop firewalld" Disable Firewall disable it using the command "systemctl disabled firewalld"

Page 29of 61[Your Company Name Proof of Concept Proposal] NginX Install NginX Install Nginx by using the command "sudo yum install nginx -y"Start NginX After installing NginX to start it use the command "systemctl start nginx"

Page 30of 61[Your Company Name Proof of Concept Proposal] Enable NginX Enable Nginx with "systemctl enable nginx"Confirm NginX Status Confirm you had a good Nginx installation and the processes are active and working using the command "service nginx status"

Page 31of 61[Your Company Name Proof of Concept Proposal] Reverse Proxy for Ghost Site Edit NginX configuration file Navigate to the Nginx configuration file using the command "nano /etc/nginx/nginx.conf"Reload NginX service reload Nginx with the command "systemctl reload nginx" This ends the Nginx installation, exit SSH by using the command “exit”.Terminate Docker After figuring out the container ID, use command "docker kill [containerID]"

Page 32of 61[Your Company Name Proof of Concept Proposal] Delete First Ghost Container To delete Ghost Container use "docker rm [containerID]" Create New Ghost Container Create a new ghost container using command "docker run -d --name ghost -p 3001:2368 -e url=http://10.10.229.10/blog ghost" Browse to Ghost from Firefox on Ubuntu (10.10.229.10/blog) Legible, annotated screenshots AND written instructions required

Page 33of 61[Your Company Name Proof of Concept Proposal] When you browse to Ghost, if you get a web page that says “NginX Error!”, don’t freak. Just take a screenshot and place it here. Please remember to complete Appendicies A and B at the end of this document for milestone 1 after you have completed the above steps. Use the “tail” command on your reverse proxy VM. You may need to research this command.

Page 34of 61[Your Company Name Proof of Concept Proposal] END OF MILESTONE 1

Page 35of 61[Your Company Name Proof of Concept Proposal] WordPress on Ubuntu - LAMP Stack Update Ubuntu Host Name Update Ubuntu Use the command “sudo apt-get update -y”in the terminal. Upgrade Ubuntu Use the command “sudo apt upgrade -y”in the terminal.

Page 36of 61[Your Company Name Proof of Concept Proposal] Install Nano Editor To install EPEL packages in the terminal type in “sudo apt install nano”Install Git Use the command “sudo apt install git -y”in the terminal. Install Apache2 Use the command “sudo apt install apache2 -y”in the terminal.

Page 37of 61[Your Company Name Proof of Concept Proposal] Create Firewall Profile for Apache: Use the command “sudo ufw allow in "Apache Full" “ in the terminal. Open Firewall Ports 80 and 443 In the terminal use these commands to open firewall ports 80 and 443. 1.sudo ufw status 2.sudo ufw allow 80/tcp 3.sudo ufw allow 443/tcp

Page 38of 61[Your Company Name Proof of Concept Proposal] Browse to Apache2 Ubuntu Default Page To get to the Ubuntu Default page open firefox or any web browser and type in http://localhost and press enter. Install MySQL Use command “sudo apt install mysql-server -y”

Page 39of 61[Your Company Name Proof of Concept Proposal] Alter root user password (root@localhost) Use the command “ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'Fullsail1!' ; “ to change the root user password NOTE: Document root user password in table at top of document. Flush Privileges Use command “FLUSH PRIVILEGES; “ Exit MySQL Use command “exit” Install PHP Install Required PHP Libraries Use command “sudo apt install php libapache2-mod-php php-mysql ”

Page 40of 61[Your Company Name Proof of Concept Proposal] Install Required MySQL Libraries Use the command “sudo apt install php-curl php-gd php-xml php-mbstring php-xmlrpc php-zip php-soap php-intl” Enable URL Rewrites (clean URLs) Use command “sudo a2enmod rewrite”

Page 41of 61[Your Company Name Proof of Concept Proposal] Restart Apache Service Use command ”sudo systemctl restart apache2” and press enter Create a test.php Web Page Use command “sudo nano /var/www/html/test.php” Once in the nano text editor use the command “<?php phpinfo(); ?>” Test the test.php Web Page In Firefox browser address bar type “ http://10.10.229.12/test.php “ Database Configuration in MySQL Log into MySQL Use command “ mysql -u root -p “

Page 42of 61[Your Company Name Proof of Concept Proposal] Create MySQL WordPress Database (WordPressDB) When you type the command pay attention to capitilization. Use the command “ CREATE DATABASE WordPressDB DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci; “ Create MySQL WordPress User (WordPressUser) Use command “ CREATE USER 'WordPressUser'@'localhost' IDENTIFIED BY 'Fullsail1!'; “ Grant Privileges to the WordPress Database (WordPressDB) to WordPress User (WordPressUser) Use command “GRANT ALL ON WordPressDB.* TO 'WordPressUser'@'localhost'; “ Flush Privileges Use command “ FLUSH PRIVILEGES; “Exit MySQL Use command “ exit”

Page 43of 61[Your Company Name Proof of Concept Proposal] Install WordPress Grant Permission to /var/www/html/ Directory to WordPress User Use command “ sudo chown $USER:$USER /var/www/html/* “ Delete Files from /var/www/html/ Directory Use command “ sudo rm /var/www/html/* “NOTE: Please remember that, when you delete the files from the /var/www/html/ directory, you will be deleting your test.php file from here. Use the command “ sudo rm /var/www/html/* “ Verify /var/www/html/ Directory is Empty Use command “ sudo apt upgrade -y “

Page 44of 61[Your Company Name Proof of Concept Proposal] Clone WordPress to /var/www/html/ Directory Use the command” sudo git clone https://github.com/WordPress/WordPress /var/www/html/ “Verify /var/www/html/ Directory Contains WordPress Files Use the command “sudo ls -la /var/www/html “ Verify Permissions on /var/www/html/ Directory Use command “ sudo ls -ls /var/www/html “

Page 45of 61[Your Company Name Proof of Concept Proposal] Edit Ownership Edit Ownership of and the contents of /var/www/html/ Directory Use command “ sudo chown -R www-data:www-data /var/www/html/* “ Afterwards use the command “ sudo chown www-data:www-data /var/www/html/ “ Edit the apache2.conf File Use command “ sudo nano /etc/apache2/apache2.conf --linenumbers “

Page 46of 61[Your Company Name Proof of Concept Proposal] Override All Default Apache Directives Around line numbers 170-173 you should see "<Directory /var/www/>. Change "AllowOverride None" to "AllowOverride ALL" Save the file and exit.

Page 47of 61[Your Company Name Proof of Concept Proposal] Create a .htaccess File in the /var/www/html/.git/ Directory Use command “ sudo nano /var/www/html/.git/.htaccess “ Insert this text: "order deny, allow deny from all" Restart the Apache Service Use command “ sudo systemctl restart apache2 “

Page 48of 61[Your Company Name Proof of Concept Proposal] WordPress Configuration Configure WordPress WordPress Configuration Selections Go to firefox and type in the search bar “ http://10.10.229.12 “

Page 49of 61[Your Company Name Proof of Concept Proposal] •Database Name:WordPressDB •Username:WordPressUser •Password:this is your WordPressUser password•Database Host:localhost •Table Prefix:wp_

Page 50of 61[Your Company Name Proof of Concept Proposal] Run Installation In the previous instruction after submitting the information you will be taken to a page to run the installation at the bottom of the screen. Click it. Create an Admin WordPress User Legible, annotated screenshots AND written instructions/commands required NOTE: Document WordPress admin user password in table at top of document.

Page 51of 61[Your Company Name Proof of Concept Proposal] WordPress Site Selections Legible, annotated screenshots AND written instructions/commands required •Site Title:Ubuntu LAMP •Username: admin •Password:You will create this•Your email:root@localhost.local •Search Engine Visibility:leave unchecked

Page 52of 61[Your Company Name Proof of Concept Proposal] Test WordPress Website Legible, annotated screenshots AND written instructions/commands required In order to change themes on Ubuntu you can go to where it says “Ubuntu Lamp” and select “themes” and install and activate a new theme. When creating a post click on “New” and click “Post”

Page 53of 61[Your Company Name Proof of Concept Proposal]

Page 54of 61[Your Company Name Proof of Concept Proposal] After your done typing in your title click “Publish”. Afterwards you can click to see your post and you’re done.

Page 55of 61[Your Company Name Proof of Concept Proposal] END OF MILESTONE 2

Page 56of 61[Your Company Name Proof of Concept Proposal] WordPress Security Settings and Configurations File Permissions Vulnerability Open the terminal in Ubuntu and type in the command “ cd /var/www/html/ “ press “enter” and after doing so you will input the command “ls -la” and whatever is in blue are the vulnerabilites. Configuration In this step you will show the commands used to configure around or secure the screenshot. Include a brief description of what is occuring in the screenshot. Type the command “ sudo find /var/www/html/* -type d -exec chmod 750 {} \;” press “enter” Input this next command “sudo find /var/www/html/* -type f -exec chmod 640{} \; “ and press “enter”.

Page 57of 61[Your Company Name Proof of Concept Proposal] Validation Now type go back to root user by typing “exit” and pressing “enter” then typing in “cd /var/www/html/” and then type in “cd wp-admin”,”cd wp-content”, and cd wp-includes” to see if you have permission to access them. Securing wp-config.phpVulnerability Type in the command “cd /var/www/html”, then “nano wp-config.php” then exit it and then type in “ls -la”. Configuration Type in the command “mv wp-config.php /var/www/” and press “enter”

Page 58of 61[Your Company Name Proof of Concept Proposal] Validation Once in /var/www type in “ls -la” to see if it transferred. Firewall (Shield) Vulnerability Go to plugins and we see that we have nothing protecting our wordpress. Configuration Go to plugins and add new plugin. Then you should see a plugin called “Shield Security” and you activate it. It should appear in your plugins.

Page 59of 61[Your Company Name Proof of Concept Proposal] Validation When you activate the plugin you should see it appear in a new tab down below and it should be up and running. Conclusion One of the first things that we took care of when creating everything for Mr. Marconi was setting up the proper permissions. For example, we made sure to see the file to ‘644’ and to ‘755’. We also made sure that the right users had access to change things and that not everyone could access said files. Secondly, the next thing we did was made sure to move the wp-config.php file to another directory and out of the internet path. This is to make that if anyone were to go looking for it they wouldn’t find it. This eliminates the possibility of hackers and unauthorized personnel from accessing this information. Thirdly, we installed a firewall on WordPress. This helps ensure that there are no malicious attacks and is constantly scanning for vulnerabilities to make sure there are no threats. This is all done to ensure that if one area is breached the rest are okay and will not be compromised. For the milestone we didn’t just implement of security measure, we made sure to cover all the bases. We made to sure to create file permissions so that not just anyone can access files in the database. We also made sure to move ‘wp-config.php’ to another directory to ensure that it was off the internet line. Lastly, we created a firewall so that if any area was compromised we had other layers of protection to ensure that nothing would be stolen. Defense-in-depth can be used on a variety of systems far beyond just being used on the WordPress site. The same process of adding layers, securing files, and even adding a firewall to make sure that each area is protected and always making sure that there are no potential vulnerabilities and if there are to address the situation quickly and find a solution.

Page 60of 61[Your Company Name Proof of Concept Proposal] Appendix A NginX Config File[Both Appendix A & B are required for Milestone 1. You may delete this after completing the Appendices.] Appendix B NginX Access Log File

Page 61of 61[Your Company Name Proof of Concept Proposal] NginX Error Log File