Chapter 4 - Auditing and Accountability Flashcards

1
Q

What does accountability provide us with?

A

the means to trace activities in our environment back to their source

it provides us with a number of capabilities, when properly implemented, which can be of great use in conducting the daily business of security and information technology in our organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do we need to ensure we have accountability?

A

We need certain other tools to be in place and working properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does accountability rely on?

A

Accountability depends on identification, authentication, and access control being present so that we can know who a given transaction is associated with, and what permissions were used to allow them to carry it out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can we ensure that identification, authentication and access control are helping accountability?

A

Given proper monitoring and logging, we can often do exactly this and determine, in very short order, the details of the situation in question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the security benefits of accountability?

A

Implementing accountability often brings with it a number of useful features from a security perspective. When we implement monitoring and logging on our systems and networks, we can use this information to maintain a higher security poster than we would be able to do otherwise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the additional benefits of using tools that deliver accountability?

A

nonrepudiation

deter those that would misuse our resources

help us in detecting and preventing intrusions

assist us in preparing materials for legal proceedings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is nonrepudiation?

A

Nonrepudiation refers to a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do we accomplish nonrepudiation?

A

In information security settings, this can be accomplished in a variety of ways

We may be able to produce proof of the activity directly from system or network logs, or recover such proof through the use of digital forensic examination of the system or devices involved. We may also be able to establish nonrepudiation through the use of encryption technologies, more specifically through the use of hash functions that can be used to digitally sign a communication or a file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe deterrence

A

Accountability can also prove to be a great deterrent against misbehavior in our environments. If those we monitor are aware of this fact, and it has been communicated to them that there will be penalties for acting against the rules, these individuals may think twice before straying outside the lines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe intrusion detection and prevention

A

One of the motivations behind logging and monitoring in our environments is to detect and prevent intrusions in both the logical and physical sense. If we implement alerts based on unusual activities in our environments and check the information we have logged on a regular basis, we stand a much better chance of detecting attacks that are in progress and preventing those for which we can see the precursors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe Admissibility of Records

A

When seeking to submit documents in a legal setting, it is much easier to have them accepted when they are produced from a consistent tracking system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do we accomplish accountability?

A

We can attempt to ensure accountability by laying out the rules and ensuring that they are being followed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe auditing

A

Auditing is one of the primary ways we can ensure accountability through technical means.

Keeping track of who did what and when, is auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does auditing provide us with?

A

The data with which we can implement accountability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do we audit?

A

When we perform an audit there are a number of items we can examine, primarily focused on compliance with relevant laws and policies.

Passwords

Software Licensing

Internet usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is logging?

A

Logging gives us a history of the activities that have taken place in the environment
being logged. We typically generate logs in an automated fashion in
operating systems, and keep track of the activities that take place on most computing,
networking, and telecommunications equipment, as well as most any
device that can be remotely considered to incorporate or be connected to a computer.
Logging is a reactive tool, in that it allows us to view the record of what
happened after it has taken place

17
Q

What is monitoring? How does it relate to auditing?

A

Monitoring is a subset of auditing and tends to focus on observing information
about the environment being monitored in order to discover undesirable
conditions such as failures, resource shortages, security issues, and trends that
might signal the arrival of such conditions. Monitoring is largely a reactive
activity, with actions taken based on gathered data, typically from logs generated
by various devices.

18
Q

Describe logging:

A

Logging gives us a history of the activities that have taken place in the environment being logged. We typically generate logs in an automated fashion in operating systems, and keep track of the activities that take place on most computing, networking, and telecommunications equipment.

Logging is a reactive tool.

Logs are generally only available to the admin.

Logs can be used to analyze a specific incident or situation.

19
Q

Describe monitoring

A

Monitoring is a subset of auditing.

It focuses on observing information about the environment to discover undesirable conditions.

Monitoring is largely a reactive activity, with actions taken based on gathered data, typically from log generated by various devices.

20
Q

What are the two main approaches to determining whether everything is as it should be?

A

Vulnerability Assessments

Penetration Testing

21
Q

Describe vulnerability assessments

A

use vulnerability scanning tools

These tools generally work by scanning the target systems to discover which pots are open on them, and then interrogating each open port.

22
Q

Describe penetration testing

A

A more active method of finding security holes.

Takes the process a few steps further than VA’s.

We mimic the techniques of an actual attacker, attempting to gather additional information on the target environment.

23
Q

What is the main purpose of performing assessments?

A

To find and fix vulnerabilities before any attackers do.