Page 174 - Courses
P. 174

Logical Security: The Network Layer


            Web servers within the DMZ reside on servers with operating systems that are security hardened,
            and all unused operating services are removed or disabled. This prevents hackers from using
            existing operating services to assume control over the web server.

            Security Risks

            Security risks include:
            •  Unauthorized access occurs and goes undetected.
                   •  This would be focused specifically on the DLP software. Authentication to the DLP
                       software could be interfaced with AD.
                   •  The OS may not be security hardened such that the risk of potential intrusion occurring
                       increases.
            •  The incorrect policy or rule is applied.
                   •  The policy could state to capture specific data with the words “contains confidential” but
                       the policy misspelled the phrase as follows: contains confedential.
            •  Trapped events are not reviewed.
                   •  The DLP system may not interface with the organization’s SIEM and must be reviewed
                       separately.
                   •  Events are not reviewed or timely follow-up does not occur.
            •  Data is removed from the network and it goes undetected.

            Controls

            Controls include:
            •  Account vendor-supplied default passwords are changed. Each person accessing the system uses
               his or her own ID. The built-in administrator account is disabled or processes exist to ensure
               access to the account’s password is restricted.
            •  Policies and rules comply with the organization’s policies or documented configuration.
            •  Changes adhere to the organization’s change control process.
            •  Systems containing operating systems (e.g., Windows, UNIX, etc.) should be hardened so the
               bare minimum essential system services, modules, and features are enabled.
            •  Access is restricted to a minimal number of users.

            Suggested Audit Procedures

            Suggested audit procedures include:
            •  Obtain a sample of changes and test to ensure the changes were managed through the
               organization’s change process.
            •  Obtain evidence that the number of users is limited and users who access the system is
               appropriate.
            •  Test to ensure that identified events (based on policies and rules) are logged and reviewed.





            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   169   170   171   172   173   174   175   176   177   178   179