2. Security Audit. ControlsSecurity logsRisk assessment. 3. Steps in Audit. Starts with policies and procedures in placeInitially the policy is treated as threat and audit focuses on how people and systems address the threatInterview employees and administratorsEvaluate technical aspects for s
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
1. 1 Security Audit
2. 2 Security Audit Controls
3. 3 Steps in Audit Starts with policies and procedures in place
Initially the policy is treated as threat and audit focuses on how people and systems address the threat
Interview employees and administrators
Evaluate technical aspects for security
Review all data logs
4. 4 What to look for in audit? Are passwords difficult to crack?
Are there access control lists (ACLs) in place on network devices to control who has access to shared data?
Are there audit logs to record who accesses data?
Are the audit logs reviewed?
Are the security settings for operating systems in accordance with accepted industry security practices?
Have all unnecessary applications and computer services been eliminated for each system?
Are these operating systems and commercial applications patched to current levels?
How is backup media stored? Who has access to it? Is it up-to-date?
Is there a disaster recovery plan? Have the participants and stakeholders ever rehearsed the disaster recovery plan?
5. 5 What to look for in audit? Are there adequate cryptographic tools in place to govern data encryption, and have these tools been properly configured?
Have custom-built applications been written with security in mind?
How have these custom applications been tested for security flaws?
How are configuration and code changes documented at every level? How are these records reviewed and who conducts the review?
6. 6 Why do security audit? Assess compliance aspects of policy
Assess level of security
Evaluate security incident response
7. 7 Items to check in an audit
8. 8 Security Tools
9. 9 Audit components Preparation 10%
Reviewing Policy/Docs 10%
Technical Investigation 15%
Reviewing Data 20%
Writing Up 20%
Report Presentation 5%
Post Audit Actions 10%
Source: Tech Support Alert website (see references)
10. 10 Audit Process Security audit team reports directly to CEO or the Board of Directors
Types of security audits:
Firewall (every 6 months)
Network (every year)
11. 11 Auditors Usually third party companies specializing in security audit
For internal audit, people with necessary security access privileges
Technical expertise is a must
12. 12 References Security Audit http://www.porcupine.org/auditing/
Security Audit http://www.securityfocus.com/infocus/1697
How to perform security audit? http://www.techsupportalert.com/search/t04123.pdf
Site Security Handbook. RFC 2196
13. 13 References packetstorm.security.com
PacketStorm Security is a very good source of the latest security issues.
Rootshell is another source of security issue information. This site hasn’t been updated in a while - however, the information provided is useful.
L0pht is a “Black Hat” group that performs testing of commonly used tools for security issues. L0pht also produces a number of useful tools for testing system security.
14. 14 References www.securityfocus.com
Bugtraq is a mailing list for the discussion and announcement of computer security vulnerabilities. Details of how to subscribe and archive for the mailing list can be found at the above website
NTBugtraq is the Windows platform version of the Bugtraq mailing list
CIAC (Computer Incident Advisory Capability) provides tools and advisory information.
15. 15 References www.cs.purdue.edu/coast/coast.html
COAST (Computer Operations, Audit and Security Technology) is a research project into computer security at the Computer Sciences Department at Purdue University. COAST also boasts a large catalog of security and audit-related applications in their ftp archive.
Security audit http://www.insecure.org/nmap