Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  727

                 to log on, activities performed by users and by the system, and problems that tran-
                 spired. Logs are not only a function of OSes, but may also be provided through a
                 wide variety of applications. For example, while Windows provides logs dealing
                 with the OS, additional logs may be provided through the firewall running on the
                 server.
                    Logs can also provide insight into physical security problems. Computerized
                 door lock systems may require a PIN number, biometrics, or card key before access
                 is granted. In other cases, a system may be implemented requiring a person to sign
                 their name before entering a secure area. Logs of such entries may correspond to a
                 problem occurring and provide valuable information of who caused or witnessed it.
                    Inventories provide a record of devices and software making up a network.As
                 seen earlier, such inventories should be as thorough as possible. Inventories provide
                 a record that can be used to determine which computers require upgrades, which
                 are old and need to be removed from service, and other common tasks.When
                 changes occur on a network, such as switching to a more secure protocol, the
                 inventory can be consulted to determine if all machines have been changed over.
                 Failing to perform uniform upgrades on all machines can pose a security threat, as
                 insecure protocols or services that are no longer needed but still running on
                 machines can be exploited.
                    Inventories are also useful when disasters occur. Imagine a fire burning up all
                 the computers in a department. By consulting the inventory, the administrator can
                 recoup their losses through insurance, by showing which machines were destroyed.
                 When new machines are acquired, the inventory can again be used to set up the
                 new equipment with the same configurations as those they are replacing.
                    Inventories and logs are also used as a reference of common tasks, to ensure
                 they were done and to provide a record of when they were performed and who
                 completed the job. For example, backup logs are often used to record what data
                 was backed up on a server, which tape it was placed on, when the backup
                 occurred, who set up the backup, and the type of backup that was performed.
                 When certain information is needed, the log can then be referred to so that the
                 correct tape can be used to restore the backup. Similar logs and inventories can also
                 be used to monitor diagnostics that are run, performance tests, and other tasks that
                 are routinely carried out.

                 Classification

                 In order for users to be aware of what information they can share with certain
                 members of their organization, distribute to the public, or keep to themselves, a




                                                                              www.syngress.com