Page 38 - ITGC_Audit Guides
P. 38
Figure 14: Web Application Firewall Placement Example
End Users Web Application Web Servers
Firewall
Source: The Institute of Internal Auditors.
Additional security can be implemented through configuration to reject destinations with
questionable reputations. Security tools, such as firewalls, can intercept packets, inspect header
information, or even reconstruct the original data from up the stack to inspect it for security
threats.
IDS/IPS
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are devices or software
applications that monitor network traffic for indications of compromise or attempted compromise
of a system. IDS and IPS rule sets can be very large and each rule may require calibration and
threshold setting to ensure system integrity, such as preventing false positives. Well-calibrated
and well-monitored IDS and IPS applications can greatly increase an organization’s ability to
detect and stop attacks.
Alerts generated by an IDS are usually collected in a security information and event management
(SIEM) system. Alerts can be correlated with network traffic flow information (net flows) and
perimeter security tools such as firewalls. IDS alerts are compared against IPS rules; if there is a
match, the IPS and/or the data/information leakage prevention (DLP/ILP), software designed to
detect potential data breaches will execute a rule to stop an activity from taking place.
Wireless Access Points (APs)
A wireless access point (AP) provides wireless access to a network. Modern APs provide options
for encryption, or scrambling and securing data transmitted, but because the technological world
is advancing so rapidly, systems often fail to keep up with bad actors who attempt to override
encryption features for their own ― usually (or often) criminal or malicious ― purposes.
Corporate environments achieve wireless network access by broadcasting radio signals between
hosts and access points. An AP provides a range of options for the Layer 1 architecture of
wireless service. Depending on the age of equipment used, several types of encryption may be
used, or an organization may choose not to use encryption. However, this can expose the
organization to additional risk, and it is a relatively inexpensive cost to upgrade wireless network
components, in order to increase security.
Upgrading equipment or configuration of the entire user base to use newer encryption protocols
can be a very large task. Here is a brief list of various wireless encryption protocols, from least
encryption to most.
30 — theiia.org
