3.2.2.1: Unix: Difference between revisions
No edit summary |
No edit summary |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
''' | '''1 Risk: Unauthorized access attempts go unnoticed.'''<br> | ||
:a. SOX.4.2.1. | :a. [[SOX.4.2.1.1:|'''SOX.4.2.1.1''']] UNIX authentication attempts are limited to attempts specified by the Corporate IT standard.<br> | ||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.'''<br> | |||
:a. [[SOX.4.2.1.2:|'''SOX.4.2.1.2''']] UNIX administrator level access is password restricted and is limited to the designated UNIX administrators only.<br> | |||
</blockquote> | |||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
'''3. Risk: Unscheduled access by support vendors may result in business process interruptions or loss of production data.'''<br> | |||
<br> | :a. [[SOX.4.2.1.3:|'''SOX.4.2.1.3''']] UNIX access by support vendors is granted through a service request.<br> | ||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''4. Risk: Unauthorized users might exploit privileged access to critical business processes and data.'''<br> | ||
:a. [[SOX.4.2.1.4:|'''SOX.4.2.1.4''']] New UNIX user accounts are pre-expired.<br> | |||
<br> | |||
</blockquote> | </blockquote> | ||
<br> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
''' | '''5. Risk: Unauthorized users might exploit unauthorized access to critical business processes and data.'''<br> | ||
<br> | :a. [[SOX.4.2.1.5:|'''SOX.4.2.1.5''']] The UNIX operating application has a session "Time-Out" function enabled.<br> | ||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''6. Risk: Unnecessary disruptions to business processes or data corruption may occur.'''<br> | ||
:a. [[SOX.4.2.1.6:|'''SOX.4.2.1.6''']] UNIX rule changes are scheduled during maintenance windows.<br> | |||
<br> | |||
[[ | |||
<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''7. Risk: Unidentifiable users may compromise critical business processes and data.'''<br> | ||
:a. [[SOX.4.2.1.7:|'''SOX.4.2.1.7''']] The UNIX system will not allow identical administrator IDs.<br> | |||
<br> | |||
</blockquote> | </blockquote> | ||
Line 68: | Line 43: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | ||
:a. SOX.4.2.1.8: UNIX passwords are required for each system ID. Password configuration is based on Corporate IT standards.<br> | :a. [[SOX.4.2.1.8:|'''SOX.4.2.1.8''']] UNIX passwords are required for each system ID. Password configuration is based on Corporate IT standards.<br> | ||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
'''9. Risk: Inappropriate administrative actions are executed without accountability measures.'''<br> | |||
:a. [[SOX.4.2.1.9:|'''SOX.4.2.1.9''']] The UNIX operating system application has forensic auditing enabled to enable the monitoring of administrative access related events.<br> | |||
</blockquote> | |||
<br> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<br> | |||
:a. [[SOX.4.2.1.10:|'''SOX.4.2.1.10''']] UNIX administration team is notified when security violations occur.<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''11. Risk: Forensic evidence is not available to resolve malfunctions, compromises or other security compromising incidents.'''<br> | ||
:a. [[SOX.4.2.1.11:|'''SOX.4.2.1.11''']] The UNIX administration team reviews security logs looking for security violations.<br> | |||
<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
'''12. Risk: Unauthorized access is granted to business systems or data stores.'''<br> | |||
:a. [[SOX.4.2.1.12:|'''SOX.4.2.1.12''']] UNIX access is granted through a service request.<br> | |||
</blockquote> | |||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
'''13. Risk: Unauthorized access may occur resulting in business data compromise or destruction.'''<br> | |||
:a. [[SOX.4.2.1.13:|'''SOX.4.2.1.13''']] Terminations are sent through the HR process. An Email is sent from HR with all terminations to the UNIX system administrators.<br> | |||
''' | |||
<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''14. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | ||
:a. [[SOX.4.2.1.14:|'''SOX.4.2.1.14''']] UNIX password expiration is set to Corporate IT standards.<br> | |||
<br> | |||
[[ | |||
<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''15. Risk: Security violations or data corruption may occur with no forensic evidence available to resolve the situation.'''<br> | ||
:a. [[SOX.4.2.1.15:|'''SOX.4.2.1.15''']] UNIX rules and logging is applied to everyone equally including system administrators.<br> | |||
<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
''' | '''16. Risk: Unauthorized access (i.e. terminated employees) may occur.'''<br> | ||
:a. SOX.4.2.1. | :a. [[SOX.4.2.1.16:|'''SOX.4.2.1.16''']] A semi-annual revalidation of UNIX administrator accounts are performed by security administration.<br> | ||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<br> | '''17. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.'''<br> | ||
:a. [[SOX.4.2.1.17:|'''SOX.4.2.1.17''']] Root level access is password restricted. This password is know only by system the administrators.<br> | |||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | '''18. Risk: Unauthorized users could elevate their access to privileged file systems.'''<br> | ||
:a. [[SOX.4.2.1.18:|'''SOX.4.2.1.18''']] The /etc/default/login UMASK 027 parameter is enabled.<br> | |||
<br> | |||
</blockquote> | </blockquote> | ||
<br> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
''' | '''19. Risk: Unauthorized personnel gain access to the application through remote access.'''<br> | ||
<br> | :a. [[SOX.4.2.1.19:|'''SOX.4.2.1.19''']] The /etc/default/login CONSOLE parameter is enabled.<br> | ||
</blockquote> | </blockquote> | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | |||
<blockquote style="background: | [[Image:Key-control.jpg]]<br> | ||
[[Image: | |||
<br> | <br> | ||
'''20. Risk: Controls provide reasonable assurance that the systems are appropriately tested and validated prior to being placed into production processes, and associated controls operate as intended and support financial reporting requirements.'''<br> | |||
:a. [[SOX.5.4:|'''SOX.5.4''']] A testing strategy is developed and followed for all significant changes in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testing so that deployed systems operate as intended.<br> | |||
</blockquote> | </blockquote> | ||
--[[User:Mdpeters|Mdpeters]] 09:44, 23 June 2006 (EDT) | |||
Latest revision as of 13:44, 23 June 2006
1 Risk: Unauthorized access attempts go unnoticed.
- a. SOX.4.2.1.1 UNIX authentication attempts are limited to attempts specified by the Corporate IT standard.
2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.
- a. SOX.4.2.1.2 UNIX administrator level access is password restricted and is limited to the designated UNIX administrators only.
3. Risk: Unscheduled access by support vendors may result in business process interruptions or loss of production data.
- a. SOX.4.2.1.3 UNIX access by support vendors is granted through a service request.
4. Risk: Unauthorized users might exploit privileged access to critical business processes and data.
- a. SOX.4.2.1.4 New UNIX user accounts are pre-expired.
5. Risk: Unauthorized users might exploit unauthorized access to critical business processes and data.
- a. SOX.4.2.1.5 The UNIX operating application has a session "Time-Out" function enabled.
6. Risk: Unnecessary disruptions to business processes or data corruption may occur.
- a. SOX.4.2.1.6 UNIX rule changes are scheduled during maintenance windows.
7. Risk: Unidentifiable users may compromise critical business processes and data.
- a. SOX.4.2.1.7 The UNIX system will not allow identical administrator IDs.
8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.
- a. SOX.4.2.1.8 UNIX passwords are required for each system ID. Password configuration is based on Corporate IT standards.
9. Risk: Inappropriate administrative actions are executed without accountability measures.
- a. SOX.4.2.1.9 The UNIX operating system application has forensic auditing enabled to enable the monitoring of administrative access related events.
10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.
- a. SOX.4.2.1.10 UNIX administration team is notified when security violations occur.
11. Risk: Forensic evidence is not available to resolve malfunctions, compromises or other security compromising incidents.
- a. SOX.4.2.1.11 The UNIX administration team reviews security logs looking for security violations.
12. Risk: Unauthorized access is granted to business systems or data stores.
- a. SOX.4.2.1.12 UNIX access is granted through a service request.
13. Risk: Unauthorized access may occur resulting in business data compromise or destruction.
- a. SOX.4.2.1.13 Terminations are sent through the HR process. An Email is sent from HR with all terminations to the UNIX system administrators.
14. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.
- a. SOX.4.2.1.14 UNIX password expiration is set to Corporate IT standards.
15. Risk: Security violations or data corruption may occur with no forensic evidence available to resolve the situation.
- a. SOX.4.2.1.15 UNIX rules and logging is applied to everyone equally including system administrators.
16. Risk: Unauthorized access (i.e. terminated employees) may occur.
- a. SOX.4.2.1.16 A semi-annual revalidation of UNIX administrator accounts are performed by security administration.
17. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.
- a. SOX.4.2.1.17 Root level access is password restricted. This password is know only by system the administrators.
18. Risk: Unauthorized users could elevate their access to privileged file systems.
- a. SOX.4.2.1.18 The /etc/default/login UMASK 027 parameter is enabled.
19. Risk: Unauthorized personnel gain access to the application through remote access.
- a. SOX.4.2.1.19 The /etc/default/login CONSOLE parameter is enabled.
20. Risk: Controls provide reasonable assurance that the systems are appropriately tested and validated prior to being placed into production processes, and associated controls operate as intended and support financial reporting requirements.
- a. SOX.5.4 A testing strategy is developed and followed for all significant changes in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testing so that deployed systems operate as intended.
--Mdpeters 09:44, 23 June 2006 (EDT)