Media is regularly publishing reports that suggest about the spread of malicious software across various networks and talk about the external threats that may cause irreversible harm to the network resources. Although, external threats are really troublesome and may cause a lot of negative business impact, the internal threats are far more powerful and may result in a much higher loss as compared to that of the external attacks. This business risk has led to the companies to create investigation systems in order to monitor the networks is that there can be a proactive analysis of the activities and detection of attacks.
/>
There are various facilities like security logs that can help to create a check at the starting point of an application, so that it can be monitored for security. Similarly, there are integrated technology applications that can be helpful in collection of security logs that can centrally track the activities on a particular network. This paper will discuss various threats and monitoring systems that can be applied to different domains within an organization like Human Resources, General Ledger and many others.
The Business Challenge
The businesses can suffer a lot if an effective security monitoring is not done, and therefore it is important to implement security applications that are capable of:
Identification of the need to protect information
Provide a definition to the authorization levels for administrators and users
Implement a comprehensive monitoring policy
Correlating this policy to the required security norms
Security Issues
Before an actual monitoring system for both external and internal applications is discussed, it is important to look at the basic security issues that require monitoring:
● Attempts to gain access to any files that are secured
● Attempts to gain access using password reset feature
● Providing access to any new users
● Adding users to a secure group or application
● Addition of an administrator account with modification rights
● Installing and executing programs that are restricted
● Damaging important files within the network
● Multiple logins within a particular session
In order to create a solution, based on the above security concerns it is important to plan the solution as well to cater to each issue that has been highlighted.
Solution Requirements
In order to make a comprehensive solution, this is customized for all domains, and is universally applicable within an organization, following needs to be done.
Security procedure implementations across all the networks.
Security audit logs need to be activated for all applications that require network access or are secure.
There needs to be a secure and regular channel for the collection or analysis of audit logs.
The security audits should be adjustable and high risk areas should face more robust audits.
The audits must be tracked for any omissions, exceptions or deletions to restrict any kind of data theft.
There can be configuration errors that might take place and mentioned below are the steps that need to be taken:
The change management system should be strong enough to ensure that any unsafe changes can be tracked and reversed.
The security audit logs must be effective and efficient.
The collection of the security logs must be centralized in order to avoid any modifications to it.
The analysis of the security logs must be automated so that any changes may be immediately reported and there is no time gap.
Identification of External and Internal Attacks and Monitoring Solutions
The attacks that happen externally can be in two ways, firstly the attacks perpetrated by people and attacks that happen due to applications. In case of attacks by people, the network information is compromised ad an attack is planned on the network through gaining access and implementing modifications.
Security Policy Creation
Category
Adequate Departments
Effect
Account logon events
Payroll, Human Resources, Inventory, General ledger,
Audits logon attempts to a local account on a computer. If the user account is a domain account, this event also appears on the domain controller.
Account management
Payroll, Human Resources, Inventory, General ledger,
Audits the creation, modification, and deletion of user and group accounts, in conjunction with password changes and resets.
Directory service access
Finance and Accounting
Audits access to objects in the Active Directory® service.
Logon events
Finance and Accounting
Audits attempts to log on to workstations and member servers.
Object access
E-commerce, Internet sales and marketing
Audits attempts to access an object such as a file, folder, registry key, or printer that has defined audit settings within that object's system access control list (SACL).
Policy change
All
Audits any change to user rights assignment, audit, account, or trust policies.
Conclusion
The monitoring activity needs to take place at regular interwells and needs to be audited in a secure environment so that there cannot be any modification of the data that is being audited. Also, the audit needs to be targeted both, on people and applications and therefore it is important to implement checks that can identify the changes that take place due to the above mentioned factors.
Works Cited
Hsin-Yi, T., & Yu-Lun, H. (2011). An Analytic Hierarchy Process-Based Risk Assessment Method for Wireless Networks. IEEE Transactions on Reliability Vol. 60 Issue 4 , p801-816.
Keralapura, R., Chuah, C.-N., & Fan, Y. (2006). Optimal Strategy for Graceful Network Upgrade. Davis: University of California.
Pandey, S. (2011). Modern Network Security: Issues and Challenges. / International Journal of Engineering Science and Technology Vol. 3 No. 5 , 4351-4359.
Schwalbe, K. (2010). Information Technology Project Management Revised 6E. Boston: Cengage Learning.
