2. Content
Auditing
- review of audit info
- protect log
Access Control Practice
- unauthorized disclosure of info
Access Control Monitoring
- IDS
- IPS
2
3. Auditing
- able to track
- detect intrusions
- reconstruct even and system
condition
- legal recourse material
- problem report
3
4. Audit
- store audits securely
- keep log size under control
- protect log
- right people to review data
- only admin can delete log
- contain activity of high privilege account
4
5. Access Control
Practice
Deny access to system by anonymous user
Limit,monitor admin/power user
Remove obsolete account
Disable unused service
Limit, monitor access rule
Audit system periodically
......
5