Page 173 - Courses
P. 173

Logical Security: The Network Layer

            Controls

            Controls include:
            •  Corporate content filters, including:
                   •  Antivirus review on incoming attachments.
                   •  Review of attachments and email content for erroneous items, which may label the email
                       to be sent to a holding inbox for further evaluation before being sent to the actual
                       recipient.
                   •  Utilization of filters that may not allow certain email into the organization’s network,
                       especially from specific email addresses.
            •  Email system monitor.
            •  Integration of the email application (and security) with network (e.g., active directory) security.
                   •  Access to each user’s email is restricted.
            •  Organizationwide email policies.
            •  Configuration of the mail server (and OS) to ensure appropriate security, including changing
               default passwords.

            Suggested Audit Procedures

            Suggested audit procedures include:
            •  Test to ensure compliance with change policy for a sample of patches.
            •  Test appropriateness of access to the mail server.
                   •  This includes a review of users who can access it.
                   •  Test whether the server (mail software and operating system) is security hardened. If an
                       external operating system is used, test to ensure bare minimum operating system
                       processes, systems, services, and commands are enabled.
                   •  Confirm that default configurations are disabled or changed, including account vendor-
                       supplied default passwords.
            •  Validate whether antivirus is enabled and evaluating incoming attachments.
            •  Review the appropriateness of email filters.
            •  Review the appropriateness of mail server monitoring procedures.

            Web Server

            Web Server Characteristics

            •  Web servers process HTTP, the basic network protocol for web page distribution and service.
               Some concepts to understand include:
                   •  An example of a web server system is Microsoft’s Internet Information Services (IIS), which
                       runs under a Windows server environment.
                   •  Web servers are located within the organization’s network and within the DMZ. Internally,
                       web servers are used to host internal web interfaced web applications. Web servers within
                       the DMZ could be used for hosting eCommerce sites or the primary website for the
                       organization.

            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   168   169   170   171   172   173   174   175   176   177   178