|
|
Advanced
How To Guides
eSecurity
Who
should be authorised to get access to certain types
of data?
9. How do I keep track of everything?
System
Monitoring Including Audit Trail and Logging.
A key step is to audit and review the logs or reports
that record selected activities on the application or
server. The activities monitored should be those that
are indicative of unusual or unauthorised activity.
It
also is important that procedures are in place to alert
the administrator if the web server, application server
or database servers are down at any given time. Any
specifics relating to web and database server monitoring,
including highlighting problems, should be identified,
implemented, documented, and communicated to all affected
parties. If something does happen all parties should
know what they are supposed to do.
When upgrades are being implemented, make sure that
none of the security controls are turned off. This is
an area that is often neglected. Administration of web
sites and related servers should be properly controlled
and monitored as changes and enhancements are made.
Keep a record of any changes made to systems. This is
good operational practice as well as good security.
Guidelines:
Actions that may help in this area include:
-
A periodic scan of data bases for obsolete and/or
sensitive data. If such data exists, it should be
deleted from the system to prevent a security risk.
-
A periodic security review of the web site and related
servers.
- Systems
should have the ability to generate simple network
management
protocol alerts i.e. tell you when something is
wrong, examples include warning notes and help options.
-
Automated monitoring of network vulnerabilities
should be researched and, if appropriate, used.
-
Keep logs of important systems, covering security
alerts and system utilisation to detect memory leaks
or excessive usage.
-
Keep logs to identify a standard usage baseline
to determine user work habits, such as how often
and how long users or customers use your systems.
-
Conduct regular security system reviews preferably
using an independent third party.
10.
Network security: Modems and remote access services
Many
organisations focus on the newer technologies, such
as web or databases, but ignore older technologies such
as plain old telephone systems (POTS). Today more employees,
from management to technical staff, require the facility
to work from home or a remote location during business
travel. Most personal computers come with built in modems,
facilitating connection from the actual computer from
any location to the company network using a phone line.
In most cases, connections are signed off by technical
staff and additional passwords are used to ensure only
those authorised can dial in to the network from their
homes or remote locations. However it will come as no
surprise that some companies have large numbers of uncontrolled
modem connections bypassing security controls. This
would include employees who want to work at home, employees
who are testing their technical skills etc. Unauthorised
modems can leave IT systems open to receiving viruses
& attack. Hackers scanning the web can identify
modems with little or no security and use your employees'
computers to go straight into the company network.
Security policies should clearly state that any connections
to the company network must be authorised by security/IT
personnel.
Guidelines:
-
Remote access policy should be clearly documented
and communicated.
- In/outbound
communication via modem access should be approved
and validated.
- Modems
that accept incoming calls must have a documented
justification.
- It
is recommended that dial-up modems are left disconnected
unless maintenance is needed.
- Proper
authentication of the users should be enforced.
- Each
user should have individual ID's and passwords.
-
Dialup procedures, security measures and remote
access activities should be recorded and reviewed
on a periodic basis. Issues reported to management
for follow up.
-
Dialup should be validated by a secured process
(i.e. SecurID, SNC, VPN)
-
A restricted number of users should have access
to dial up communication.
| |
