jump to navigation

Security audits and alarms juni 18, 2006

Posted by Martin in Forensisch Informatie Systeem, Technisch.
trackback

Security audit and alarms

Definitie

•          Logging en monitoring van security-gerelateerde events

•          Analyse van deze events

•          Genereren van alarmen, indien nodig

Maatregelen

•          Logging –        beveiliging logdata–        opslag op separaat systeem

•          Alarmering bij overschrijding grenzen

•          Intrusion testing (security scanners)

•          Intrusion detection

Beperkingen:

• Beperkte opslagcapaciteit (oplossing: loghost)

• Beperkte log mogelijkheden

• Grote diversiteit systemen en grote aantallen componenten

• Beperkte standaardisatie

Voorwaarden

• Centraal overzicht

•  Synchroniseer klokken (tijden in logfiles gelijk)

 –        Secure Network Time Protocol (stime)

 –        Network Time Protocol (NTP)

Auditing/logging

• Prove information is accessed by a certain identity at certain time

• Successful access

            – Prove information was accessed legally;

            – Prove information was accessed violating the company’s policy

• Unsuccessful access (failed), use auditing to prove access to obtain information did not succeed. (e.g. hacking) 

•  Auditing will not restrict access

Restrict : pro-active versus Audit : ‘too late’

  • Most restrictive configuration means a lot of fine grained administration and inflexibility

  • Detailed auditing generates a mass of information

      – Intelligent programs needed for analysis

      – Might include immediate alerting

•   No generic solution to this: experience and feeling

      – Many tools from third parties to process “logging” 

Security Event Monitoring

•          Security Event

•          Performance monitor

•          Event consolidation

Best Practices

•   Only enable required authentication protocols

•   Limit and audit access for sensitive data

•   Use smart card logon where applicable

•   Limit certificates to authentication

•   Use object level security to delegate administration

•   BackOffice certified applications honor integrated security

Advertenties

Reacties»

No comments yet — be the first.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit / Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s

%d bloggers liken dit: