General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  29

                 Auditing


                 Auditing provides methods for tracking and logging activities on networks and sys-
                 tems, and links these activities to specific user accounts or sources of activity. In the
                 case of simple mistakes or software failures, audit trails can be extremely useful in
                 restoring data integrity.They are also a requirement for trusted systems to ensure
                 that the activity of authorized individuals can be traced to their specific actions,
                 and that those actions comply with defined policy.They also allow for a method of
                 collecting evidence to support any investigation into improper or illegal activities.
                 Auditing Systems


                 Auditing of systems must occur with a thorough understanding of the benefits of
                 the process.As you create your auditing procedures, you are trying to develop a
                 path and trail system in the logging of the monitored events that allows you to
                 track usage and access, either authorized or unauthorized.To do this, you must
                 consider the separation of duties that improves security and allows for better defini-
                 tion of your audit policies and rules.
                    To assist in catching mistakes and reducing the likelihood of fraudulent activi-
                 ties, the activities of a process should be split among several people.This process is
                 much like the RBAC concepts discussed earlier.This segmentation of duties allows
                 the next person in line to possibly correct problems simply because they are being
                 viewed with fresh eyes.
                    From a security point of view, segmentation of duties requires the collusion of
                 at least two people to perform any unauthorized activities.The following guidelines
                 assist in assuring that the duties are split so as to offer no way other than collusion
                 to perform invalid activities.

                      ■  No access to sensitive combinations of capabilities. A classic
                         example of this is control of inventory data and physical inventory. By sep-
                         arating the physical inventory control from the inventory data control, you
                         remove the unnecessary temptation for an employee to steal from inven-
                         tory and then alter the data so that the theft is left hidden.

                      ■  Prohibit conversion and concealment. Another violation that can be
                         prevented by segregation is ensuring that there is supervision for people
                         who have access to assets.An example of an activity that could be pre-
                         vented if properly segmented follows a lone operator of a night shift.This
                         operator, without supervision, could copy (or “convert”) customer lists and




                                                                              www.syngress.com