Page 171 - Courses
P. 171

Logical Security: The Network Layer

            •  Testing to ensure data is not retained on the FTP server longer than required.
                   •  Normally, batch jobs on a scheduler run to check and remove data on the FTP server. The
                       scheduler is usually contained in the organization’s network. Alerts on the scheduler
                       should notify staff if scheduled jobs affecting the FTP server are not running.

            Proxy Server

            Proxy Server Characteristics

            Proxy server characteristics include:
            •  They may reside on the firewall server or on their own independent physical servers. Proxy
               servers could also reside on a server with their own operating systems.
            •  They are usually placed in the DMZ.
            •  All requests to the internet from an organization’s network pass through the proxy server, where
               the internal network address is replaced with one of the proxy server addresses, hiding the
               organization’s internal IP addresses. All incoming communication must also pass through the
               proxy server.
            •  Illegitimate (illegal) proxy servers exist that can monitor network traffic.

            Security Risks

            Security risks include:
            •  The security of the proxy server is compromised.
                   •  A hacker could take control of the organization’s proxy server and reroute
                       communications to an alternative site so that malware can be introduced or
                       communications can be read.
                   •  A proxy server could be used as a branch to enter the organization’s network.
            •  Patches are not updated in a timely manner.
            •  The proxy server OS is not security hardened.
                   •  Server OS did not go through security administration validations.
                   •  Not all unnecessary OS commands and services are disabled.
                   •  Account vendor-supplied default passwords and configurations are not modified or
                       disabled.

            Controls

            Controls include:
            •  Monitoring proxy server vitality.
            •  Updating all patches in a timely manner and ensuring the change process complies with policy.
            •  Restricting access to the proxy server, including server security hardening, disabling or modifying
               default account passwords and configurations, and applying appropriate access restriction rules.

            Suggested Audit Procedures


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   166   167   168   169   170   171   172   173   174   175   176