LINUX Operating System Audit & Assessment

19 pages

English

LINUX Operating System Audit & Assessment

Viwyur

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

19 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

LINUX Operating System Audit & AssessmentAugust 9, 2006www. lsat.sourceforg net (LSAT).www .bastille- linux.org (Jay Beale)(today’ s script 8.4)N o longer completely free: www.cisecurity.orgStandard disclaimer, “‘I never said TH AT, and if you did THA T, and something broke, it’ s your own durn fault. Al so, the views expressed here are mine, not my past, present or future employer’ s, and not the conference sponsor, nor any quail hunting partners. When using any tool, do no harm.”M ichael T H oesing C ISA, C ISSP, C IA, C C P, C M A, C PA AU4 11/14/20 0 5 m-hoesing@ cox.net (40 2) 981-7747Learning O bjectives• Define an Audit Approach/M ethodology• Determine Audit G oals, O bjectives, Scope• Individual Tests to Achieve the G oals (7) • O ther R esources• Auditing Example – an independent assessment process (take home scripts)Audit Approach• Determine K ey Success C riteria (objectives)• Define System Under R eview (scope, LIN UX, file server, web server, both)• Assess R isk (focus test resources where appropriate)• G ather Standards (policy, procedures, regulation, contracts)• Inventory the C urrent State (the scripts)• C ompare the C urrent State to Standards (analysis)• Investigate Differences (reporting, correction)Audit O bjectives and R isks• Authorized User Access H igh• Authorized Services, Daemons, M odules H igh• Authorized N etworking/C onnections H igh +• Authorized File Access H igh• Appropriate R ecording/Logging H ...

Informations

Publié par	Viwyur
Nombre de lectures	60
Langue	English

Extrait

SLTA.)2 40t ne74-781 9/11 4UA75002/41-moh oc.xseni

Michael T Hoesing CISA, CISSP, CIA, CCP, CMA, CPA

LINUX Operating System Audit & Assessment August 9, 2006

www .bastille-linux.org (Jay Beale)

www. lsat.sourceforg net (

(today’s script 8.4)

No longer completely free: www.cisecurity.org

Standard disclaimer, “‘I never said THAT, and if you did THAT, and something broke, it’s your own durn fault. Also, the views expressed here are mine, not my past, present or future employer’s, and not the conference sponsor, nor any quail hunting partners. When using any tool, do no harm.”

• • • • •

Learning Objectives

Define an Audit Approach/Methodology

Determine Audit Goals, Objectives, Scope

Individual Tests to Achieve the Goals (7)

Other Resources

Auditing Example an independent assessment – process (take home scripts)

• • • • • • •

Audit Approach

Determine Key Success Criteria (objectives) Define System Under Review (scope, LINUX

Define System Under Review (scope, LINUX, file server, web server, both) Assess Risk (focus test resources where appropriate) Gather Standards ( Inventory the Current State (the scripts)

ploci,y procedures, regulation

Inventory the Current State (the scripts) Compare the Current State to Standards

, contracts)

Compare the Current State to Standards (analysis) Investigate Differences (reporting, correction)

Investigate Differences (reporting, correction)

• • • • • • •

Audit Objectives and Risks

Authorized User Access

Authorized Services, Daemons, Modules

Authorized Networking/Connections Authorized File Access

Authorized File Access

Appropriate Recording/Logging

Appropriate Security Parameters Authorized Applications

Authorized Applications

High

High + High

High

High High

High

•

Scope

Which Systems ? (risk based)

How much time for each system?

How much sys admin time for each system?

How Long of a Duration?

Who approves scope expansion?

Standards (if you don’t have them the auditor will be happy to set them for you)

• • • •

Organization Policy, Standards, Procedures Regulation Contractual Requirements Industry Best Practice – Center for Internet Security (CIS) [Jay Beale] Linux Benchmark Standards –http:// www cisecurity.org standard is free assessment script is not free (version 1.6.8 on disk) approach = compares to specific metrics (8.3 password maximum days > 90 shows as negative) – Bastille now has an –assess option

• • •

•

Other Standards Resources

More industry standards http:// www. linuxsecurity.com 8/05 Jay Beale contributor LINUX Security, Audit and Control Features http://www.isaca.org/bookstore Auditing Linux – Krishni Naidu

Auditing Linux – Krishni Naidu http:// www.sans.org/score/checklists/AuditingLinux.doc