auditing os and network
TRANSCRIPT
-
7/25/2019 Auditing Os and Network
1/43
AUDITING OS AND
NETWORK
Chapter 3
-
7/25/2019 Auditing Os and Network
2/43
The operating system is thecomputers contro! program"
It a!!o#s users an$ their app!icationsto share an$ access commoncomputer resources% such asprocessors% main memory%
$ata&ases% an$ printers
-
7/25/2019 Auditing Os and Network
3/43
Operating SystemObjectives
-
7/25/2019 Auditing Os and Network
4/43
OS Security
Operating system security in'o!'espo!icies% proce$ures% an$ contro!sthat $etermine #ho can access the
operating system% #hich resources()!es% programs% printers* they canuse% an$ #hat actions they can ta+e
-
7/25/2019 Auditing Os and Network
5/43
OS Security
,og-On .roce$ure
-
7/25/2019 Auditing Os and Network
6/43
Access Contro! ,ist
-
7/25/2019 Auditing Os and Network
7/43
Threats to Operating SystemIntegrity
acci$enta!!y or intentiona!!y
Acci$enta! threats inc!u$e har$#are/ai!ures that cause the operatingsystem to crash
Intentiona! threats to the operatingsystem are most common!y attemptsto i!!ega!!y access $ata or 'io!ateuser pri'acy /or )nancia! gain
-
7/25/2019 Auditing Os and Network
8/43
Operating System Controlsand Audit Tests
Contro!!ing Access .ri'i!eges
The au$itors o&0ecti'e is to 'eri/ythat access pri'i!eges are grante$ ina manner that is consistent #ith thenee$ to separate incompati&!e/unctions an$ is in accor$ance #ith
the organi1ations po!icy"
-
7/25/2019 Auditing Os and Network
9/43
Au$it .roce$ures Re!ating to Access
.ri'i!eges
Re'ie# the organi1ations po!icies /orseparating incompati&!e /unctionsan$ ensure that they promote
reasona&!e security"
Re'ie# the pri'i!eges o/ a se!ectiono/ user groups an$ in$i'i$ua!s to
$etermine i/ their access rights areappropriate /or their 0o& $escriptionsan$ positions"
-
7/25/2019 Auditing Os and Network
10/43
Re'ie# personne! recor$s to $etermine#hether pri'i!ege$ emp!oyees un$ergo ana$e2uate!y intensi'e security c!earance
chec+ in comp!iance #ith company po!icy" Re'ie# emp!oyee recor$s to $etermine
#hether users ha'e /orma!!y ac+no#!e$ge$their responsi&i!ity to maintain the
con)$entia!ity o/ company $ata" Re'ie# the users permitte$ !og-on times
-
7/25/2019 Auditing Os and Network
11/43
.ass#or$ Contro!
A pass#or$ is a secret co$e the userenters to gain access to systems%app!ications% $ata )!es% or a net#or+ser'er
Reusa&!e pass#or$ The user$e)nes the pass#or$ to the systemonce an$ then reuses it to gain /utureaccess
-
7/25/2019 Auditing Os and Network
12/43
one-time password the userspass#or$ changes continuous!y
The au$itors o&0ecti'e here is toensure that the organi1ation has ana$e2uate an$ eecti'e pass#or$po!icy /or contro!!ing access to the
operating system"
-
7/25/2019 Auditing Os and Network
13/43
Au$it .roce$ures Re!ating to
.ass#or$s
4eri/y that a!! users are re2uire$ toha'e pass#or$s"
4eri/y that ne# users are instructe$in the use o/ pass#or$s an$ theimportance o/ pass#or$ contro!"
Re'ie# pass#or$ contro! proce$ures
to ensure that pass#or$s arechange$ regu!ar!y
-
7/25/2019 Auditing Os and Network
14/43
Re'ie# the pass#or$ )!e to $etermine that#ea+ pass#or$s are i$enti)e$ an$$isa!!o#e$"
4eri/y that the pass#or$ )!e is encrypte$ an$that the encryption +ey is proper!y secure$"
Assess the a$e2uacy o/ pass#or$ stan$ar$ssuch as !ength an$ e5piration inter'a!"
Re'ie# the account !oc+out po!icy an$proce$ures
-
7/25/2019 Auditing Os and Network
15/43
Contro!!ing Against 6a!icious an$Destructi'e .rograms
The !osses are measure$ in terms o/$ata corruption an$ $estruction%$egra$e$ computer per/ormance%
har$#are $estruction% 'io!ations o/pri'acy% an$ the personne! time$e'ote$ to repairing the $amage"
This c!ass o/ programs inc!u$es'iruses% #orms% !ogic &om&s% &ac+$oors% an$ Tro0an horses
-
7/25/2019 Auditing Os and Network
16/43
Au$it O&0ecti'e Re!ating to 4irusesan$ Other Destructi'e .rograms
The au$itors o&0ecti'e is to 'eri/ythat eecti'e management po!iciesan$ proce$ures are in p!ace to
pre'ent the intro$uction an$ sprea$o/ $estructi'e programs% inc!u$ing'iruses% #orms% &ac+ $oors% !ogic
&om&s% an$ Tro0an horses"
-
7/25/2019 Auditing Os and Network
17/43
Au$it .roce$ures Re!ating to 4irusesan$ Other Destructi'e .rograms
Through inter'ie#s% $etermine that operationspersonne! ha'e &een e$ucate$ a&out computer'iruses an$ are a#are o/ the ris+y computingpractices that can intro$uce an$ sprea$ 'iruses
an$ other ma!icious programs" 4eri/y that ne# so/t#are is teste$ on stan$a!one
#or+stations prior to &eing imp!emente$ on thehost or net#or+ ser'er"
4eri/y that the current 'ersion o/ anti'ira! so/t#areis insta!!e$ on the ser'er an$ that upgra$es areregu!ar!y $o#n!oa$e$ to #or+stations"
-
7/25/2019 Auditing Os and Network
18/43
System Au$it Trai! Contro!s
!ogs that recor$ acti'ity at thesystem% app!ication% an$ user !e'e!
t#o types o/ au$it !ogs7
(8* $etai!e$ !ogs o/ in$i'i$ua!+eystro+es an$ (9* e'ent-oriente$!ogs
-
7/25/2019 Auditing Os and Network
19/43
Keystro+e monitoring in'o!'esrecor$ing &oth the users +eystro+esan$ the systems responses
E'ent monitoring summari1es +eyacti'ities re!ate$ to system resources
-
7/25/2019 Auditing Os and Network
20/43
Au$it trai!s can &e use$ to supportsecurity o&0ecti'es in three #ays7
(8* $etecting unauthori1e$ access tothe system%
(9* /aci!itating the reconstruction o/e'ents% an$
(3* promoting persona! accounta&i!ity
-
7/25/2019 Auditing Os and Network
21/43
The au$itors o&0ecti'e is to ensurethat the esta&!ishe$ system au$ittrai! is a$e2uate /or pre'enting an$
$etecting a&uses% reconstructing +eye'ents that prece$e systems /ai!ures%an$ p!anning resource a!!ocation"
-
7/25/2019 Auditing Os and Network
22/43
Au$it .roce$ures Re!ating to System
Au$it Trai!s
6ost operating systems pro'i$e some/orm o/ au$it manager /unction tospeci/y the e'ents that are to &e au$ite$
6any operating systems pro'i$e anau$it !og 'ie#er that a!!o#s the au$itorto scan the !og /or unusua! acti'ity
The organi1ations security group hasresponsi&i!ity /or monitoring an$reporting security 'io!ations
-
7/25/2019 Auditing Os and Network
23/43
AUDITI! "T#O$%S
intranet ris+s
-
7/25/2019 Auditing Os and Network
24/43
Intranet ris+s
Intranets consist o/ sma!! ,ANs an$!arge WANs that may containthousan$s o/ in$i'i$ua! no$es
Interception o/ Net#or+ 6essages
Access to Corporate Data&ases
.ri'i!ege$ Emp!oyees
-
7/25/2019 Auditing Os and Network
25/43
Internet ris+s
I. Spoo)ng
-
7/25/2019 Auditing Os and Network
26/43
Controlling etwor&s
:ire#a!!sa system that en/orces accesscontro! &et#een t#o net#or+s
Encryption the con'ersion o/ $ata into a
secret co$e /or storage in $ata&ases an$transmission o'er net#or+s" The sen$eruses an encryption a!gorithm to con'ertthe origina! message (ca!!e$ c!earte5t* into
a co$e$ e2ui'a!ent (ca!!e$ cipherte5t*" Atthe recei'ing en$% the cipherte5t is$eco$e$ ($ecrypte$* &ac+ into c!earte5t
-
7/25/2019 Auditing Os and Network
27/43
Digita! Signatures e!ectronicauthentication that cannot &e /orge$
Digita! Certi)cate issue$ &y atruste$ thir$ party ca!!e$ acerti'cation authority (CA)
-
7/25/2019 Auditing Os and Network
28/43
Controlling $is&s *rom"+uipment ,ailure
,ine Errors
The au$itors o&0ecti'e is to 'eri/ythe integrity o/ the e!ectroniccommerce transactions &y$etermining that contro!s are in p!aceto $etect an$ correct message !oss
$ue to e2uipment /ai!ure"
-
7/25/2019 Auditing Os and Network
29/43
AUDITI! ""CT$OIC DATAIT"$C.A!" ("DI)
A genera! $e)nition o/ EDI is7 Theintercompany e5change o/ computer-processi&!e &usiness in/ormation in
stan$ar$ /ormat" Key to EDI success is the use o/ a
stan$ar$ /ormat /or messaging
&et#een $issimi!ar systems
-
7/25/2019 Auditing Os and Network
30/43
se'era! important /eatureso/ EDI
-
7/25/2019 Auditing Os and Network
31/43
/ene'ts o* "DI
Data keying. EDI reduces or eveneliminates the need for data entry.
Error reduction. Firms using EDI see
reductions in data keying errors, humaninterpretation an$ c!assi)cation errors%an$ )!ing (!ost $ocument* errors
Reduction of paper. The use of electronicenvelopes and documents drasticallyre$uces the paper /orms in the system"
-
7/25/2019 Auditing Os and Network
32/43
Postage. Mailed documents are replacedith much cheaper data transmissions.
!utomated procedures. EDI automates
manual activities associated ithpurchasing, sa!es or$er processing% cash$is&ursements% an$ cash receipts"
Inventory reduction. "y ordering directly
as needed from vendors, EDI reduces the!ag time that promotes in'entoryaccumu!ation
-
7/25/2019 Auditing Os and Network
33/43
"DI Controls
Some 4ANs ha'e the capa&i!ity o/ 'a!i$atingpass#or$s an$ user ID co$es /or the 'en$or &ymatching these against a 'a!i$ customer )!e" The4AN re0ects any unauthori1e$ tra$ing partner
transactions &e/ore they reach the 'en$orssystem"
;e/ore &eing con'erte$% the trans!ation so/t#arecan 'a!i$ate the tra$ing partners ID an$ pass#or$
against a 'a!i$ation )!e in the )rms $ata&ase" ;e/ore processing% the tra$ing partners app!ication
so/t#are re/erences the 'a!i$ customer an$ 'en$or)!es to 'a!i$ate the transaction
-
7/25/2019 Auditing Os and Network
34/43
EDI Au$it Trai!
One techni2ue /or restoring the au$ittrai! is to maintain a contro! !og%#hich recor$s the transactions
-
7/25/2019 Auditing Os and Network
35/43
The au$itors o&0ecti'es are to $etermine that
(8* a!! EDI transactions are authori1e$%
'a!i$ate$% an$ in comp!iance #ith the tra$ing
partner agreement=(9* no unauthori1e$ organi1ations gain accessto $ata&ase recor$s=
(3* authori1e$ tra$ing partners ha'e access
on!y to appro'e$ $ata= an$(>* a$e2uate contro!s are in p!ace to ensure a
comp!ete au$it trai! o/ a!! EDI transactions"
-
7/25/2019 Auditing Os and Network
36/43
Au$it .roce$ures Re!ating toEDI
Tests of Authorization and
Validation Controls
Tests of Access Controls
Tests of Audit Trail Controls
-
7/25/2019 Auditing Os and Network
37/43
AUDITI! 0C-/AS"DACCOUTI! S1ST"2S
.C app!ications ten$ to &e genera!-purposesystems that ser'e a #i$e range o/ nee$s a!!o#s so/t#are 'en$ors to mass-pro$uce
!o#-cost an$ error-/ree stan$ar$ pro$ucts" .C accounting systems are popu!ar #ith
sma!!er )rms% #hich use them to automatean$ rep!ace manua! systems an$ thus
&ecome more e?cient an$ competiti'e" 6ost .C systems are mo$u!ar in $esign
-
7/25/2019 Auditing Os and Network
38/43
0C Systems $is&s andControls
Operating System Wea+nesses
Wea+ Access Contro!
Ina$e2uate Segregation o/ Duties
6u!ti!e'e! .ass#or$ Contro!
Ris+ o/ The/t
Wea+ ;ac+up .roce$ures Ris+ o/ 4irus In/ection
-
7/25/2019 Auditing Os and Network
39/43
Au$it O&0ecti'es Associate$ #ith .C
Security
4eri/y that contro!s are in p!ace to protect $ata% programs% an$computers /rom unauthori1e$ access% manipu!ation%$estruction% an$ the/t"
4eri/y that a$e2uate super'ision an$ operating proce$urese5ist to compensate /or !ac+ o/ segregation &et#een the
$uties o/ users% programmers% an$ operators"
4eri/y that &ac+up proce$ures are in p!ace to pre'ent $ata an$program !oss $ue to system /ai!ures% errors% an$ so on"
4eri/y that systems se!ection an$ ac2uisition proce$urespro$uce app!ications that are high 2ua!ity% an$ protecte$ /rom
unauthori1e$ changes" 4eri/y that the system is /ree /rom 'iruses an$ a$e2uate!y
protecte$ to minimi1e the ris+ o/ &ecoming in/ecte$ #ith a'irus or simi!ar o&0ect"
-
7/25/2019 Auditing Os and Network
40/43
Au$it .roce$ures Associate$ #ith .C
Security
The au$itor shou!$ o&ser'e that .Csare physica!!y anchore$ to re$ucethe opportunity o/ the/t"
The au$itor shou!$ 'eri/y /romorgani1ationa! charts% 0o&$escriptions% an$ o&ser'ation that
programmers o/ accounting systems$o not a!so operate those systems"
-
7/25/2019 Auditing Os and Network
41/43
The au$itor shou!$ con)rm that reports o/processe$ transactions% !istings o/ up$ate$accounts% an$ contro! tota!s are prepare$%$istri&ute$% an$ reconci!e$ &y appropriatemanagement at regu!ar an$ time!y inter'a!s"
Where appropriate% the au$itor shou!$$etermine that mu!ti!e'e! pass#or$ contro! isuse$ to !imit access to $ata an$ app!icationsan$ that the access authority grante$ isconsistent #ith the emp!oyees 0o&$escriptions"
-
7/25/2019 Auditing Os and Network
42/43
I/ remo'a&!e or e5terna! har$ $ri'es are use$%the au$itor shou!$ 'eri/y that the $ri'es areremo'e$ an$ store$ in a secure !ocation#hen not in use"
;y se!ecting a samp!e o/ &ac+up )!es% theau$itor can 'eri/y that &ac+up proce$ures are&eing /o!!o#e$" ;y comparing $ata 'a!ues
an$ $ates on the &ac+up $is+s to pro$uction)!es% the au$itor can assess the /re2uencyan$ a$e2uacy o/ &ac+up proce$ures
-
7/25/2019 Auditing Os and Network
43/43
;y se!ecting a samp!e o/ .Cs% theau$itor shou!$ 'eri/y that theircommercia! so/t#are pac+ages #ere
purchase$ /rom reputa&!e 'en$orsan$ are !ega! copies
The au$itor shou!$ re'ie# the
organi1ations po!icy /or usinganti'ira! so/t#are