Effective information assets protection (IAP) technologies are valuable defense mechanisms for combating inappropriate and malicious behavior. Therefore, information security personnel should identify and evaluate deployed configuration management tools that ensure an entity’s network infrastructure maintains data integrity and availability.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Anomaly intrusion detection monitors network segments to compare the current state to the previously determined normal baseline and indicate unusual situations. Anomaly based detection can focus solely on protocols. Under this circumstance, protocol anomalies analysis exposes attacks a signature-based IDS is likely to overlook; however the false-assessment rate is often higher than other intrusion detection approaches. Statistical patterns or profiles are frequently the better means to detect insider IT attacks. However, cunning users can intentionally modify their statistical patterns or profiles to masquerade malicious activities. Additionally, a large amount of processing capacity is usually required for anomaly intrusion detection.

Host-based intrusion detection generally provides passive individual IT activity examinations. The Host-based IDS can employ system log data, resource utilization, modification or deletion of files, abnormal privilege escalation, as well as other indicators to note potential attacks for a particular IT.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

The misuse detection model is based on the hypothesis that known exploits of vulnerabilities can be described by attack signatures or patterns, therefore IT attacks can be revealed through identifiable patterns. Malicious misuse encompasses reading, modification, and destruction of data. Misuse detection systems normally compare gathered information to large databases of attack signatures for internal perpetrator identification. There is typically a high-degree of certainty that signature-based intrusion detection models will recognize exact attack pattern replications; however slight variations in a data-based attack pattern may escape discovery.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Deployed intrusion detection solutions are not a substitute for firewalls; although they usually complement the function of firewalls. Commonly, a deployed IDS inspects computer activity to identify suspicious patterns that may indicate an attack from hackers or crackers utilizing vulnerability assessment software. There are several categories for IDS inspection including misuse, anomaly, host-based, and network-based detection. Each IDS classification relies on analytical information to determine reportable conditions, such as signatures, protocols, profiles, and/or statistical patterns.

Generally, intrusion detection systems have passive and active components. Passive procedures normally encompass: inspection of system configuration files to expose inadvisable settings; inspection of password files to indicate imprudent pass-codes; and inspection of other system areas to detect policy violations. Whereas, active procedures usually accommodate: mechanisms to ascertain known methods of attack; mechanisms to log-off users; mechanisms to reprogram the firewall; and mechanisms to log system responses.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

IT decentralization clearly has increased the need for effective network security. In response, entities typically deploy several layers of information security technologies. Furthermore, due to technological and operational diversity, it is critical to have standard processes to control access that will permit economies of scale.

Network monitoring of packets to identify malformed packets and known attacks should be an entity’s Threat Management control objective. “Unauthorized access incidents are often preceded by reconnaissance activity to map hosts and services and to identify vulnerabilities.” Precursor exploits may include port scans, host scans, vulnerability scans, pings, trace-routes, DNS zone transfers, Operating System fingerprinting, and banner grabbing. Such unethical, if not unlawful, activities are discovered primarily through Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) software and secondarily through log analysis.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

Teleprocessing is the handling of data through a communications channel, such as telephone lines, microwave towers, or artificial satellites. It permits datum to be posted to files in a second location, with the processing results being printed in a third location.

A major problem created by teleprocessing capabilities is the potential devaluation of information assets based on data communication errors affecting information reliability. Consequently, technology owners must evaluate the ability of teleprocessing systems to resist such data corruption to ensure information asset devaluation is minimized and information reliability is maximized.

Sources:

Davis, Robert E. IT Auditing: IT Service Delivery and Support. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 6, 236-7, 467

Davis, Robert E. “IT Hardware Risks.” Suite101.com. Retrieved on 10/03/2010

Strangio, Christopher E. “Data Communications Basics: A Brief Introduction to Digital Transfer.” Camiresearch.com. Retrieved on 10/03/2010

“View Part I of the Data Communications Risk in Distributed Computing series here”

Post Note: “Data Communications Risk in Distributed Computing – Part V” was originally published through Suite101.com under the title “Data Communications Risk in Distributed Computing”

@TempleU News flash! Just received a Temple University appointment letter! As of 08/29/2012, I am the (First and Inaugural) CISA in Residence at Temple University! (Job Description Link: http://www.linkedin.com/in/havecisawilltravel)

Signal distortion can result from lack of synchronization between the time datum is sent and the time they are received. Lack of synchronization typically occurs when a signal travels several paths with different delays in each path. This will result in distortion when there is overlapping in the receipt of data from the different signal paths.

Sources:

Davis, Robert E. IT Auditing: IT Service Delivery and Support. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 6, 236-7, 467

Davis, Robert E. “IT Hardware Risks.” Suite101.com. Retrieved on 10/03/2010

Strangio, Christopher E. “Data Communications Basics: A Brief Introduction to Digital Transfer.” Camiresearch.com. Retrieved on 10/03/2010

“View Part I of the Data Communications Risk in Distributed Computing series here”

Post Note: “Data Communications Risk in Distributed Computing – Part IV” was originally published through Suite101.com under the title “Data Communications Risk in Distributed Computing”

Root causes of most data communication errors

Errors associated with the communication of data, rather than a mechanical failure, are generally due to noise, fading, or distortion.

Communication noise is electrical interference with the signal. It may be background noise or impulse noise, and it may be random or cyclical. Background noise usually has little effect on the transmission of a signal. Impulse noise, such as a sudden voltage surge, is more likely to mask or distort a signal. As long as the noise occurs randomly, it is usually easy to detect an error. Conversely, cyclical noise, such as voltage oscillation, can create compensating errors that are difficult to detect.

Sources:

Davis, Robert E. IT Auditing: IT Service Delivery and Support. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 6, 236-7, 467

Davis, Robert E. “IT Hardware Risks.” Suite101.com. Retrieved on 10/03/2010

Strangio, Christopher E. “Data Communications Basics: A Brief Introduction to Digital Transfer.” Camiresearch.com. Retrieved on 10/03/2010

“View Part I of the Data Communications Risk in Distributed Computing series here”

Post Note: “Data Communications Risk in Distributed Computing – Part III” was originally published through Suite101.com under the title “Data Communications Risk in Distributed Computing”

According to Christopher E. Strangio, the distance over which data moves within IT can vary from a few thousandths of an inch, as is the case within a single integrated circuit (IC) chip, to several feet along the main circuit board’s backplane connections. However, datum frequently must be sent beyond the local circuitry constituting an IT configuration.

In data communications, electronically encoded content is transmitted in the form of electrical signals. An inadvertent change in a signal will result in the datum received being in some way different from the datum sent. Typically, this increased information reliability risk is based on the probability of change in an electrical pulse due to the data communications facilities utilized for moving datum from one location to another.

Sources:

Davis, Robert E. IT Auditing: IT Service Delivery and Support. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 6, 236-7, 467

Davis, Robert E. “IT Hardware Risks.” Suite101.com. Retrieved on 10/03/2010

Strangio, Christopher E. “Data Communications Basics: A Brief Introduction to Digital Transfer.” Camiresearch.com. Retrieved on 10/03/2010

“View Part I of the Data Communications Risk in Distributed Computing series here”

Post Note: “Data Communications Risk in Distributed Computing – Part II” was originally published through Suite101.com under the title “Data Communications Risk in Distributed Computing”