Consider the following scenario:

In this assignment, you will analyze the need for program security and consider the use of trusted OSs for evaluating and managing security on a server. Continuing with the scenario from Week $1$ Discussion, Paul Gray was very pleased with your suggestions for security and is now moving forward with the changes to his organization. The organization currently has a network of two servers that can handle traffic for approximately fifty employees. The company uses a database to keep track of data on both clients and employees. Gray has decided that adequate measurements must be taken to protect the internal data and has stated the following requirements:

User authentication must be performed before an employee can log on to the network.

A mechanism needs to be devised by which data belonging to a user on the local machine is accessible to that user only.

The OS $($or OSs, if needed$)$ installed on the computers needs to be updated with the latest patches and fixes.

The OS $($or OSs, if needed$)$ needs to be customized to prevent outsiders from accessing the computers.

To meet Gray's requirements, you will need answers to the following questions.

Answer the following questions:

Which OS or OSs should Gray use on the servers? What is the rationale for your choice? Would this system and the expected requirements warrant the use of a trusted OS or would commercial systems be sufficient? Justify your decision with examples and a specific comparison between a trusted OS and a commercial OS$.$

Is the OS the primary piece of software responsible for the security of the overall system? Explain your answer and give examples to support your conclusion. How does this affect confidentiality, integrity, and availability for the system? Which of these factors is most influenced by the OS$?$

Would a single proxy server be a good solution for connecting Gray's employees to the Internet in this circumstance? What benefits and challenges would this introduce? How would this affect the attack surface of the system? Assume roughly twenty$-$five employees as a starting point for the organization; how would growth of the organization affect the use of the proxy server? How well does this type of solution scale with traffic volume?