Page 164 - Courses
P. 164

Logical Security: The Network Layer

            •  Comparing an extract of the current firewall configuration to documented configurations,
               following up on variances, and ensuring firewall configuration complies with policy.
            •  Obtaining a sample of changes, and testing to ensure changes were managed through the
               organization’s change process.
            •  Obtaining evidence that the number of users is limited and users who access the system is
               appropriate.
            •  Testing to ensure that firewall events are logged and reviewed.
            •  Testing to ensure that all network appliance software default settings are changed to a security-
               hardened status:
                   •  Systems containing operating systems (e.g., Windows, UNIX, etc.) should be hardened so
                       the bare minimum essential system services, modules, and features are enabled.

            Data Loss Prevention (DLP)

            Data Loss Prevention (DLP) characteristics:
            •  Software that reviews network traffic, looking for specific words or groups of words. Search
               parameters are based on rules and policies defined by the organization. Policy violations will
               trigger alerts and block traffic. The software may come with some built-in rules.
            •  Rules and policies include searching for content in documents associated with social security
               numbers (SSNs), bank account numbers, or words such as “confidential” or “proprietary.”
            •  Will run on a standard server using a standard Windows operating system (OS).
            •  Have their own authentication and access management processes. DLP systems could be
               interfaced and managed with the company’s network management system (e.g. Active Directory
               System [ADS]).
            •  DLP systems are subject to standard organization logical and change controls and
               documentation requirements.

            Security Risks

            Security risks include:
            •  Unauthorized access occurs and goes undetected.
                   •  This would be focused specifically on the DLP software itself. Authentication to the DLP
                       software could be interfaced with Active Directory (AD).
                   •  The OS may not be security hardened such that the risk of potential intrusion occurring
                       increases.
            •  The incorrect policy or rule is applied.
                   •  The policy intended to capture specific data with the words “contains confidential”, but
                       the phrase was misspelled in the policy as “contains confedential.”
            •  Trapped events (events identified as being against established policies) are not reviewed.
                   •  The DLP system may not interface with the organization’s SIEM and must be reviewed
                       separately.
                   •  Events are not reviewed or follow-up is not timely.
            •  Data is removed from the network and it goes undetected.


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   159   160   161   162   163   164   165   166   167   168   169