Effective information assets protection (IAP) technologies are valuable defense mechanisms for combating inappropriate and malicious behavior. Therefore, information security personnel should identify and evaluate deployed configuration management tools that ensure an entity’s network infrastructure maintains data integrity and availability.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Anomaly intrusion detection monitors network segments to compare the current state to the previously determined normal baseline and indicate unusual situations. Anomaly based detection can focus solely on protocols. Under this circumstance, protocol anomalies analysis exposes attacks a signature-based IDS is likely to overlook; however the false-assessment rate is often higher than other intrusion detection approaches. Statistical patterns or profiles are frequently the better means to detect insider IT attacks. However, cunning users can intentionally modify their statistical patterns or profiles to masquerade malicious activities. Additionally, a large amount of processing capacity is usually required for anomaly intrusion detection.

Host-based intrusion detection generally provides passive individual IT activity examinations. The Host-based IDS can employ system log data, resource utilization, modification or deletion of files, abnormal privilege escalation, as well as other indicators to note potential attacks for a particular IT.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

The misuse detection model is based on the hypothesis that known exploits of vulnerabilities can be described by attack signatures or patterns, therefore IT attacks can be revealed through identifiable patterns. Malicious misuse encompasses reading, modification, and destruction of data. Misuse detection systems normally compare gathered information to large databases of attack signatures for internal perpetrator identification. There is typically a high-degree of certainty that signature-based intrusion detection models will recognize exact attack pattern replications; however slight variations in a data-based attack pattern may escape discovery.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Deployed intrusion detection solutions are not a substitute for firewalls; although they usually complement the function of firewalls. Commonly, a deployed IDS inspects computer activity to identify suspicious patterns that may indicate an attack from hackers or crackers utilizing vulnerability assessment software. There are several categories for IDS inspection including misuse, anomaly, host-based, and network-based detection. Each IDS classification relies on analytical information to determine reportable conditions, such as signatures, protocols, profiles, and/or statistical patterns.

Generally, intrusion detection systems have passive and active components. Passive procedures normally encompass: inspection of system configuration files to expose inadvisable settings; inspection of password files to indicate imprudent pass-codes; and inspection of other system areas to detect policy violations. Whereas, active procedures usually accommodate: mechanisms to ascertain known methods of attack; mechanisms to log-off users; mechanisms to reprogram the firewall; and mechanisms to log system responses.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

IT decentralization clearly has increased the need for effective network security. In response, entities typically deploy several layers of information security technologies. Furthermore, due to technological and operational diversity, it is critical to have standard processes to control access that will permit economies of scale.

Network monitoring of packets to identify malformed packets and known attacks should be an entity’s Threat Management control objective. “Unauthorized access incidents are often preceded by reconnaissance activity to map hosts and services and to identify vulnerabilities.” Precursor exploits may include port scans, host scans, vulnerability scans, pings, trace-routes, DNS zone transfers, Operating System fingerprinting, and banner grabbing. Such unethical, if not unlawful, activities are discovered primarily through Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) software and secondarily through log analysis.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Usually, IT network environments orchestrate direction and control through an operating system installed to coordinate processes; including application software. In other words, an operating system performs most generally accepted management functions for IT processes.

Without an operating system certain functions, such as multiprogramming, simply would not be an available processing option, and many functions like I/O completion testing would have to be performed directly by a programmer. Therefore, operating systems are the primary catalyst sustaining efficient and effective information integrity. If this viewpoint is adopted throughout the entity, IT owners should ensure adequate protection mechanisms are installed with employed operating systems.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part VI” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”

Technically, the user program subroutine integration process is known as linkage editing. Linkage editing poses two risks: the unauthorized use of subroutines and the unauthorized suppression of subroutines that should accept utilization. In the first case, an application program might utilize a job control (script) statement requesting the services of an unauthorized subroutine that performs an illegal task. In the second case, the program might use a script statement that suppresses the services of a required subroutine. Consequently, policies and procedures should be implemented to ensure:

• error messages are displayed or other action taken when reference is made to unauthorized subroutines, or when external references are unsolved
• the operating system maintains a log of program usage
• the linkage editor of the operating system maintains a processing history of each program, including control statements utilized

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part V” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”

Processor protection deters infinite program loops that could affect availability. Inserting a timer prevents programs from being stuck in infinite loops, and never returning control to the operating system. The operating system timer can be fixed or variable. However, the system parameter for the timer should be set at a generally accepted practice range with instructions to interrupt the operating system timer considered a privileged authorization for incident prevention.

Reducing the risk of IT program manipulation

Lastly, user program protection dictates user access to shared user resources. Rather than include all necessary instructions in an application program, many programs simply reference other programs, or subroutines, that may be available in the program library. When a program makes a reference to subroutine, it is the operating system that calls the subroutine in from the library and makes it available to the requesting program.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part IV” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”

Intel Central Processing Unit (CPU)

A potential consequence for a breach in memory protection is a halt in all current processing. Therefore, the operating system should monitor the partitions to ensure that no program coding or data are moved into the wrong partition to prevent information corruption and unauthorized manipulation. Furthermore, operating systems should check to ensure data read into devices from other media are of the correct length. The operating system’s data length check prevents errors, such as blocks of records being too long for the memory buffer storage area.

Controlling privileged instructions

I/O allocation and control dynamically matches and assigns channels and devices with the processes’ particular requirements, monitors the status, and controls operations. Where online features are part of the IT configuration, communication with a terminal control unit (TCU) or front-end processor (FEP) are typically included in operating system duties. I/O protection prevents users from accessing privileged instructions.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part III” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”