Page 168 - Courses
P. 168
Logical Security: The Network Layer
Security Risks
Security risks include:
• Unauthorized access occurs, and the directory is modified such that a lookup will send a user to a
different website.
• The user enters the eCommerce website and is re-routed to another web server that
appears to be the same as the real eCommerce site. The user could then enter his or her
ID and password, sign up for an account, and/or enter an order with his or her credit card
number.
• Re-routed website loads malware onto a person’s computer once they arrive at the site.
• The network appliance is hacked.
• The OS may not be security hardened such that the risk of a potential intrusion increases.
• Service is disrupted.
• This could occur through denial of service attacks or someone taking the service down
otherwise.
Controls
Controls include:
• The OS on the server is hardened with any unnecessary services either disabled or removed.
• Server and service patch levels are updated in a timely manner.
• The server is monitored and timely follow-up occurs when alerted.
• Access to the DNS is restricted.
Suggested Audit Procedures
Suggested audit procedures include:
• Test to ensure system configuration complies with policy.
• Like other configurations, DNS configurations should be documented and supported by
policy.
• Test to ensure patch levels are current and are applied in a timely manner.
• Test to ensure that changes to the DNS server comply with the organization’s change
management policy.
• Test to ensure that all network appliance software default settings are changed to a security-
hardened status. If an external operating system is used, test to ensure bare minimum operating
system processes, systems, services, and commands are enabled.
File Transfer Protocol (FTP) Server
Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
