Page 172 - Courses
P. 172

Logical Security: The Network Layer

            •  Suggested audit procedures include:
            •  Review appropriateness of proxy server monitoring procedures.
            •  Test the function of the proxy server to ensure compliance with change policy of a sample of
               patches.
            •  Test appropriateness of access to proxy server, including performing a review of users who can
               access it.
                   •  Test to ensure that all network appliance software default settings are changed to a
                       security-hardened status. If an external OS is used, test to ensure bare minimum OS
                       processes, systems, services, and commands are enabled.
            •  Disable or change default configurations.

            Mail Server

            Mail Server Characteristics

            Mail server characteristics include:
            •  Email gateways reside in the DMZ.
            •  Mail servers (Microsoft Exchange) either reside in the DMZ or the network.
            •  Mail servers receive incoming messages from internal network users and forward mail for
               internal or external delivery. The mail server is an application that runs on a physical server.
            •  Industry standards for email transmission include Simple Mail Transfer Protocol (SMTP),
               Hypertext Transfer Protocol (HTTP), Post Office Protocol (POP), and Internet Message Access
               Protocol (IMAP).
            •  Effective mail server security practices rely on good security for the mail server, underlying OS,
               and IT infrastructure. A guide for email security is National Institute of Standards and Technology
               (NIST) Special Publication 800-177 r1, Trustworthy Email.
            •  Internal mail communications are usually secured using HTTP Secure (HTTPS) because most
               clients are web based. Sometimes, an organization may allow email login through the home
               page, and then use of HTTPS is required.

            Security Risks

            Security risks include:
            •  Improper mail server configuration.
                   •  This includes the mail application and the server operating system.
                   •  Configuration features include password requirements and modification of supplied
                       default passwords.
            •  Unrestricted access to mail servers.
                   •  Access is usually integrated with the organization’s network. Therefore, access is only as
                       good as the integration with the network and overall network security functions.
                   •  Users could access another user’s email if not integrated with the network.
            •  Risks posed by email content take the form of malware, spam, social engineering, or users
               sending confidential information.


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   167   168   169   170   171   172   173   174   175   176   177