24 - Chapter 24: Auditing Overview What is auditing? What...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-1 Chapter 24: Auditing Overview What is auditing? What does an audit system look like? How do you design an auditing system? Auditing mechanisms Examples: NFSv2, LAFS
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-2 What is Auditing? Logging Recording events or statistics to provide information about system use and performance Auditing Analysis of log records to present information about the system in a clear, understandable manner
Background image of page 2
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-3 Uses Describe security state Determine if system enters unauthorized state Evaluate effectiveness of protection mechanisms Determine which mechanisms are appropriate and working Deter attacks because of presence of record
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-4 Problems What do you log? Hint: looking for violations of a policy, so record at least what will show such violations What do you audit? Need not audit everything Key: what is the policy involved?
Background image of page 4
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-5 Audit System Structure Logger Records information, usually controlled by parameters Analyzer Analyzes logged information looking for something Notifier Reports results of analysis
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-6 Logger Type, quantity of information recorded controlled by system or program configuration parameters May be human readable or not If not, usually viewing tools supplied Space available, portability influence storage format
Background image of page 6
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-7 Example: RACF Security enhancement package for IBM’s MVS/VM Logs failed access attempts, use of privilege to change security levels, and (if desired) RACF interactions View events with LISTUSERS commands
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #24-8 RACF: Sample Entry USER=EW125004 NAME=S.J.TURNER OWNER=SECADM CREATED=88.004 DEFAULT-GROUP=HUMRES PASSDATE=88.004 PASS-INTERVAL=30 ATTRIBUTES=ADSP REVOKE DATE=NONE RESUME-DATE=NONE LAST-ACCESS=88.020/14:15:10 CLASS AUTHORIZATIONS=NONE NO-INSTALLATION-DATA NO-MODEL-NAME LOGON ALLOWED (DAYS) (TIME) -------------------------------- ANYDAY ANYTIME GROUP=HUMRES AUTH=JOIN CONNECT-OWNER=SECADM CONNECT-DATE=88.004 CONNECTS= 15 UACC=READ LAST-CONNECT=88.018/16:45:06 CONNECT ATTRIBUTES=NONE REVOKE DATE=NONE RESUME DATE=NONE GROUP=PERSNL AUTH=JOIN CONNECT-OWNER=SECADM CONNECT-DATE:88.004 CONNECTS= 25 UACC=READ LAST-CONNECT=88.020/14:15:10 CONNECT ATTRIBUTES=NONE REVOKE DATE=NONE RESUME DATE=NONE SECURITY-LEVEL=NONE SPECIFIED CATEGORY AUTHORIZATION NONE SPECIFIED
Background image of page 8
June 1, 2004 Computer Security: Art and Science
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 83

24 - Chapter 24: Auditing Overview What is auditing? What...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online