Page 148 - Courses
P. 148
Logical Security Applications
Concepts: Event Activity Logging
Key points of event activity logging:
OSs come with logging capability.
The depth and extent of logging is dependent upon the organization and OS.
Normally, those that use the super user account or have super account capability can disable
and modify OS logs.
To ensure log integrity, logs are usually transferred to a logging server for later review by the
security staff.
Server virtualization OS considerations:
Allows deployment of many servers at one time.
Servers can be moved very easily from one physical box to another.
One physical server can share several OSs all logically separated and controlled by the virtual OS.
Virtualization means that there is one root OS that all other deployed OSs run under. Examples of
OSs used for virtualization include Unix and VMS.
Virtualization allows dynamic addressing of capacity management; however, this means that
they are relying on this as their only option.
The root OS has the same risks as a standard OS. The main difference is that now you have a
single OS controlling several. The root OS should deploy virus protection, etc.
Security Risks
Incorrect security modifications:
A change to an OS results in the system becoming insecure.
A user approved for access assigns an incorrect ACL.
An access rule provides users access to the wrong data.
Intrusions that occur and go undetected:
Ineffective controls fail to identify a hacker intrusion.
OS security updates are not patched in a timely fashion.
A guest or other OS account is not disabled or becomes re-enabled.
Virus contamination:
The computer does not have antivirus software or it has been disabled.
Antivirus software is not updated.
Malware is not recognized by the current, updated antivirus system.
Controls
Antivirus Software
Antivirus software prevents malware situations. The following steps help assure antivirus software
effectiveness:
Copyright © 2022 by The Institute of Internal Auditors, Inc. All rights reserved.
