Establish a Bullet-Proof Security Policy - Page 4

By  Elizabeth Ferrarini | Oct 4, 2001
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Auditing and Reviewing
To help determine if there is a violation of your security policy, you'll need to depend on the tools included with your computer and network. Most operating systems store numerous bits of information in log files. Examining these log files regularly will often provide the first line of defense for detecting unauthorized use of the system.

  • Compare lists of currently logged in users and past login histories. Most users typically log in and out at roughly the same time each day. An account logged in outside the normal time for the account may be in use by an intruder.
  • Many systems maintain accounting records for billing purposes. These records can also be used to determine usage patterns for the system; unusual accounting records may indicate unauthorized use of the system.
  • System logging facilities, such as the UNIX syslog utility, should be checked for unusual error messages from system software. For example, a large number of failed login attempts in a short period of time may indicate someone trying to guess passwords.
  • Operating system commands which list currently executing processes can be used to detect users running programs they are not authorized to use, as well as to detect unauthorized programs which have been started by an intruder.

By running various monitoring commands at different times throughout the day, you'll make it hard for an intruder to predict your actions. While it may be exceptionally fortuitous that an administrator would catch a violator in their first act, by reviewing log files you'll have a very good chance setting up procedures to identify them at a later date.

Security is a dynamic process. Since it's getting easy to break into network sites through easily available, point-and-click packages, you'll need to do regularly reviews of your network. To this end, you'll need to assemble the core team or a representative subset to review how well things are working, what are the latest threats and security tools, and what are the risks against new assets and business practices.

--
In the conclusion of this article, we'll look at some of the preventative measures you can take, as well as how to respond to violations.

Elizabeth M. Ferrarini is a free-lance writer based in Arlington, Massachusetts.

jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >