Establish a Bullet-Proof Security Policy - Page 4

By Elizabeth Ferrarini | Posted Oct 4, 2001
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Auditing and Reviewing
To help determine if there is a violation of your security policy, you'll need to depend on the tools included with your computer and network. Most operating systems store numerous bits of information in log files. Examining these log files regularly will often provide the first line of defense for detecting unauthorized use of the system.

  • Compare lists of currently logged in users and past login histories. Most users typically log in and out at roughly the same time each day. An account logged in outside the normal time for the account may be in use by an intruder.
  • Many systems maintain accounting records for billing purposes. These records can also be used to determine usage patterns for the system; unusual accounting records may indicate unauthorized use of the system.
  • System logging facilities, such as the UNIX syslog utility, should be checked for unusual error messages from system software. For example, a large number of failed login attempts in a short period of time may indicate someone trying to guess passwords.
  • Operating system commands which list currently executing processes can be used to detect users running programs they are not authorized to use, as well as to detect unauthorized programs which have been started by an intruder.

By running various monitoring commands at different times throughout the day, you'll make it hard for an intruder to predict your actions. While it may be exceptionally fortuitous that an administrator would catch a violator in their first act, by reviewing log files you'll have a very good chance setting up procedures to identify them at a later date.

Security is a dynamic process. Since it's getting easy to break into network sites through easily available, point-and-click packages, you'll need to do regularly reviews of your network. To this end, you'll need to assemble the core team or a representative subset to review how well things are working, what are the latest threats and security tools, and what are the risks against new assets and business practices.

--
In the conclusion of this article, we'll look at some of the preventative measures you can take, as well as how to respond to violations.

Elizabeth M. Ferrarini is a free-lance writer based in Arlington, Massachusetts.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter