Databases Reference
In-Depth Information
pagers to support personnel. Policies and procedures should be developed
for handling alarms and problems, i.e., isolate and monitor, disconnect, etc.
There are many audit facilities available today, including special audit
software products for the Internet, distributed client server environments,
WWW clients and servers, Internet firewalls, E-mail, News Groups, etc. The
application of one or more of these must be consistent with your risk as-
sessment, security requirements, technology availability, etc. The most im-
portant point to make here is the fundamental need to centralize
distributed systems auditing (not an oxymoron). Centrally collect, sort, de-
lete, process, report, take action and store critical audit information. Auto-
mate any and all steps and processes. It is a well-established fact that
human beings cannot review large numbers of audit records and logs and
reports without error. Today's audit function is an adjunct to the security
function, and as such is more important and critical than ever before. It
should be part of the overall security strategy and implementation plan.
The overall audit solutions set should incorporate the use of browser ac-
cess logs, enterprise security server audit logs, network and firewall system
authentication server audit logs, application and middle-ware audit logs,
URL filters and access information, mainframe system audit information,
distributed systems operating system audit logs, database management
system audit logs, and other utilities that provide audit trail information
such as accounting programs, network management products, etc.
The establishment of auditing capabilities over WWW environments fol-
lows closely with the integration of all external WWW servers with the fire-
wall, as previously mentioned. This is important when looking at the
various options available to address a comprehensive audit approach.
WWW servers can offer a degree of auditability based on the operating
system of the server on which they reside. The more time-tested environ-
ments such as UNIX are perceived to be difficult to secure, whereas the
emerging NT platform with its enhanced security features supposedly
make it a more secure and trusted platform with a wide degree of audit
tools and capabilities (though the vote is still out on NT, as some feel it
hasn't had the time and exposure to discover all the potential security
holes, perceived or real). The point, though, is that in order to provide
some auditing the first place to potentially implement the first audit is on
the platform where the WWW server resides. Issues here are the use of
privileged accounts and file logs and access logs for log-ins to the operat-
ing system, which could indicate a backdoor attack on the WWW server it-
self. If server-based log are utilized, they of course must be file protected
and should be off-loaded to a nonserver-based machine to protect against
after-the-fact corruption.
Search WWH ::
Custom Search