4.6 Logging Procedures and the Results
Auditing is truly one of the baselines of security and defense in a network. Without auditing, you will be oblivious to any security violations that may have occurred or could occur. Auditing should always involve logging and set procedures to do so properly. In the section, you want to keep the fact that auditing is important to security and without it, there is no way to trace and understand how a certain violation occurred.
- Security application – While there are many other specific logging techniques for other security applications; there are three general rules of thumb that apply to most security applications. All logged entries should be as specific and detailed as possible. The more detailed a log the easier it becomes to track down violations. A backup version of the logging record should be kept on a separate system for security reasons.
- DNS – Focuses on two main activities, queries for zone transfer and changes to zone data. The DNS logs all changes to allow the tracking of invalid entries into the zone file and the time in which the entry occurs.
- System – The organization controls all of the factors of the system including who has access and when and the length of time these logs are kept in the database.
- Performance – Less important than security applications, performance logging takes a log of events that exceed a set parameter; these records should still be kept secure and private.
- Access – Any events of attempted access to sensitive material or any repeated attempts to log in to a sensitive area should be logged and noted on a centralized logging server.
- Firewall – Records all attempts, successful or failed, to gain access to the system.
- Antivirus – Log records include all notifications of malicious software gaining access to the system.
No comments:
Post a Comment