Page 145 - Courses
P. 145

Logical Security Applications

               network, then interview DBAs to determine purpose, and note if reasonable. Sometimes this may
               occur due to lack of IT personnel.

            3.  Test reasonableness of activity logged within the database (or the activity logged by third-party
               software). Test to ensure activity logged is migrated to an independent area where another
               independent party would review logs.

             TOPIC 4: SECURITY OPERATING SYSTEM LAYER

            Introduction

            The OS is the master program that controls a computer. Microsoft Windows is used as the OS for
            both servers and desktop computers in most corporations.

            The Windows OS has similar functionality to servers and desktop computers. The Windows server
            offers additional server software and features, not found in windows desktop.

            Concepts: Server Types

            Administrative File Server
              The primary purpose is file sharing (e.g., Word or Excel documents, pictures).
              Users will have access to specific pathnames but do not have access to the root OS layer.

            Application Server
              The primary purpose is the maintenance and execution of application system code.
              The general user population will not have direct access to the server (only IT personnel).

            Database Server
              The primary purpose is the maintenance and execution of databases.
              The general user population will not have direct access to the server. For these servers, DBAs will
               have access to the database systems and those who maintain the OS will have OS access.

            Web Sever
              The primary purpose is the maintenance and execution of web services.
              The general user population will not have direct access to the server (only IT personnel).
              For Internet-facing web servers, the OS components are removed to ensure security.
              An internet-facing web server is viewable or accessible through the internet.

            Other Server Concepts
              An application, database, and web server can exist on one physical server or three independent
               servers, or variations may exist. The degree and extent of variability depends on the type of
               application and cost.
              Servers can also be used for other purposes such as automated schedulers, file transfer systems,
               email systems, etc.


            Copyright © 2022 by The Institute of Internal Auditors, Inc. All rights reserved.
   140   141   142   143   144   145   146   147   148   149   150