Security Audit

Security Audit

CGPL offers free of cost IT Audit to our clients and provide all IT infrastructure solutions related to same,

We provide you world class solutions against network threats, and consult best IT best practice to our reputed clients.

A computer security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT’s, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches

Audit Event Reporting

During the last few decades systematic audit record generation (also called audit event reporting) can only be described as ad hoc. Ironically, in the early days of mainframe and mini-computing with large scale, single-vendor, custom software systems from companies such as IBM and Hewlett Packard, auditing was considered a mission-critical function. Over the last thirty years, commercial off-the-shelf (COTS) software applications and components, and micro computers have gradually replaced custom software and hardware as more cost-effective business management solutions.…

During this transition, the critical nature of audit event reporting gradually transformed into low priority customer requirements. Software consumers, having little else to fall back on, have simply accepted the lesser standards as normal. The consumer licenses of existing COTS software disclaim all liability for security, performance and data integrity issues.

Traditional Logging

Using traditional logging CGPLhods, applications and components submit free-form text messages to system logging facilities such as the Unix Syslog process, or the Microsoft Windows System, Security or Application event logs. Java applications often fall back to the standard Java logging facility, log4j. These text messages usually contain information only assumed to be security-relevant by the application developer, who is often not a computer- or network-security expert.

The fundamental problem with such free-form event records is that each application developer individually determines what information should be included in an audit event record, and the overall format in which that record should be presented to the audit log. This variation in format among thousands of instrumented applications makes the job of parsing audit event records by analysis tools (such as the Novell Sentinel product, for example) difficult and error-prone. Such domain and application specific parsing code included in analysis tools is also difficult to maintain, as changes to event formats inevitably work their way into newer versions of the applications over time.

Modern Auditing Services

Most contemporary enterprise operating systems, including Microsoft Windows, Solaris, Mac OS X, and FreeBSD (via the TrustedBSD Project) support audit event logging due to requirements in the Common Criteria (and more historically, the Orange Book). Both FreeBSD and Mac OS X make use of the open source Opens library and command suite to generate and process audit records.

The importance of audit event logging has increased with recent new (post-2000) US and worldwide legislation mandating corporate and enterprise auditing requirements. Open source projects such as OpenXDAS, a Bandit project identity component, have begun to be used in software security reviews. OpenXDAS is based on the Open Group Distributed Auditing Service specification.

Computer Security

Computer security, also known as cyber security or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.

It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

The field is of growing importance due to the increasing reliance on computer systems in most societies and the growth of “smart” devices, including smart phones, televisions and tiny devices as part of the Internet of Things – and of the Internet and wireless network such as Bluetooth and Wi-Fi.

Some organizations are turning to big data platforms, such as Apache Hadoop, to extend data accessibility and machine learning to detect advanced persistent threats.