RFC1244 - Page 49

• Title: Site Security Handbook
• Author: J.P. Holbrook, J.K. Reynolds
• Date: July 1, 1991

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76  77  78  79  80  81  82  83  84  85  86  87  88  89  90  91  92  93  94  95  96  97  98  99  100  101 

Printable Version: RFC1244.PDF

RFC 1244                 Site Security Handbook                July 1991


            $266/year, 8 issues (1990)

            Elsevier Advanced Technology
            Journal Information Center
            655 Avenue of the Americas
            New York, NY 10010

         The "Data Security Letter" is published "to help data security
         professionals by providing inside information and knowledgable
         analysis of developments in computer and communications
         security."

            $690/year, 9 issues (1990)

            Data Security Letter
            P.O. Box 1593
            Palo Alto, CA 94302

   3.9.8  Problem Reporting Tools

      3.9.8.1  Auditing

         Auditing is an important tool that can be used to enhance the
         security of your installation.  Not only does it give you a
         means of identifying who has accessed your system (and may have
         done something to it) but it also gives you an indication of
         how your system is being used (or abused) by authorized users
         and attackers alike.  In addition, the audit trail
         traditionally kept by computer systems can become an invaluable
         piece of evidence should your system be penetrated.

         3.9.8.1.1  Verify Security

            An audit trail shows how the system is being used from day
            to day.  Depending upon how your site audit log is
            configured, your log files should show a range of access
            attempts that can show what normal system usage should look
            like.  Deviation from that normal usage could be the result
            of penetration from an outside source using an old or stale
            user account.  Observing a deviation in logins, for example,
            could be your first indication that something unusual is
            happening.

         3.9.8.1.2  Verify Software Configurations

            One of the ruses used by attackers to gain access to a
            system is by the insertion of a so-called Trojan Horse
            program.  A Trojan Horse program can be a program that does



Site Security Policy Handbook Working Group                    [Page 49]