3.2.1.5: Intrusion Detection or Prevention System: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''1. Risk: Unauthorized access attempts go unnoticed.'''<br> | '''1. Risk: Unauthorized access attempts go unnoticed.'''<br> | ||
:a. SOX.2.1.5.1: IDS-IPS authentication attempts are limited to attempts specified by the Corporate IT standard.<br> | :a. [[SOX.2.1.5.1:|'''SOX.2.1.5.1''']] IDS-IPS authentication attempts are limited to attempts specified by the Corporate IT standard.<br> | ||
</blockquote> | </blockquote> | ||
Line 7: | Line 7: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.'''<br> | '''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.'''<br> | ||
:a. SOX.2.1.5.2: IDS-IPS administrator level access is password restricted and is limited to the designated IDS-IPS administrators only.<br> | :a. [[SOX.2.1.5.2:|'''SOX.2.1.5.2''']] IDS-IPS administrator level access is password restricted and is limited to the designated IDS-IPS administrators only.<br> | ||
</blockquote> | </blockquote> | ||
Line 13: | Line 13: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''3. Risk: Unscheduled access by support vendors may result in business process interruptions or loss of production data.'''<br> | '''3. Risk: Unscheduled access by support vendors may result in business process interruptions or loss of production data.'''<br> | ||
:a. SOX.2.1.5.3: IDS-IPS access by support vendors is granted through a service request.<br> | :a. [[SOX.2.1.5.3:|'''SOX.2.1.5.3''']] IDS-IPS access by support vendors is granted through a service request.<br> | ||
</blockquote> | </blockquote> | ||
Line 19: | Line 19: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''4. Risk: Unauthorized users might exploit privileged access to critical business processes and data.'''<br> | '''4. Risk: Unauthorized users might exploit privileged access to critical business processes and data.'''<br> | ||
:a. SOX.2.1.5.4: New IDS-IPS user accounts are pre-expired.<br> | :a. [[SOX.2.1.5.4:|'''SOX.2.1.5.4''']] New IDS-IPS user accounts are pre-expired.<br> | ||
</blockquote> | </blockquote> | ||
Line 25: | Line 25: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''5. Risk: Unauthorized users might exploit unauthorized access to critical business processes and data.'''<br> | '''5. Risk: Unauthorized users might exploit unauthorized access to critical business processes and data.'''<br> | ||
:a. SOX.2.1.5.5: The IDS-IPS operating application has a session "Time-Out" function enabled.<br> | :a. [[SOX.2.1.5.5:|'''SOX.2.1.5.5''']] The IDS-IPS operating application has a session "Time-Out" function enabled.<br> | ||
</blockquote> | </blockquote> | ||
Line 31: | Line 31: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''6. Risk: Unnecessary disruptions to business processes or data corruption may occur.'''<br> | '''6. Risk: Unnecessary disruptions to business processes or data corruption may occur.'''<br> | ||
:a. SOX.2.1.5.6: IDS-IPS rule changes are scheduled during maintenance windows.<br> | :a. [[SOX.2.1.5.6:|'''SOX.2.1.5.6''']] IDS-IPS rule changes are scheduled during maintenance windows.<br> | ||
</blockquote> | </blockquote> | ||
Line 37: | Line 37: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''7. Risk: Unidentifiable users may compromise critical business processes and data.'''<br> | '''7. Risk: Unidentifiable users may compromise critical business processes and data.'''<br> | ||
:a. SOX.2.1.5.7: The IDS-IPS system will not allow identical administrator IDs.<br> | :a. [[SOX.2.1.5.7:|'''SOX.2.1.5.7''']] The IDS-IPS system will not allow identical administrator IDs.<br> | ||
</blockquote> | </blockquote> | ||
Line 43: | Line 43: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | ||
:a. SOX.2.1.5.8: IDS-IPS passwords are required for each administrator ID. Password configuration is based on Corporate IT standards.<br> | :a. [[SOX.2.1.5.8:|'''SOX.2.1.5.8''']] IDS-IPS passwords are required for each administrator ID. Password configuration is based on Corporate IT standards.<br> | ||
</blockquote> | </blockquote> | ||
Line 49: | Line 49: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''9. Risk: Inappropriate administrative actions are executed without accountability measures.'''<br> | '''9. Risk: Inappropriate administrative actions are executed without accountability measures.'''<br> | ||
:a. SOX.2.1.5.9: The IDS-IPS operating application has the functionality to monitor administrator access related events.<br> | :a. [[SOX.2.1.5.9:|'''SOX.2.1.5.9''']] The IDS-IPS operating application has the functionality to monitor administrator access related events.<br> | ||
</blockquote> | </blockquote> | ||
Line 55: | Line 55: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<br> | '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<br> | ||
:a. SOX.2.1.5.10: IDS-IPS administration team is notified when security violations occur.<br> | :a. [[SOX.2.1.5.10:|'''SOX.2.1.5.10''']] IDS-IPS administration team is notified when security violations occur.<br> | ||
</blockquote> | </blockquote> | ||
Line 61: | Line 61: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''11. Risk: Forensic evidence is not available to resolve malfunctions, compromises or other security compromising incidents.'''<br> | '''11. Risk: Forensic evidence is not available to resolve malfunctions, compromises or other security compromising incidents.'''<br> | ||
:a. SOX.2.1.5.11: The IDS-IPS administration team reviews security logs looking for security violations.<br> | :a. [[SOX.2.1.5.11:|'''SOX.2.1.5.11''']] The IDS-IPS administration team reviews security logs looking for security violations.<br> | ||
</blockquote> | </blockquote> | ||
Line 67: | Line 67: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''12. Risk: Unauthorized access is granted to business systems or data stores.'''<br> | '''12. Risk: Unauthorized access is granted to business systems or data stores.'''<br> | ||
:a. SOX.2.1.5.12: IDS-IPS access is granted through a service request.<br> | :a. [[SOX.2.1.5.12:|'''SOX.2.1.5.12''']] IDS-IPS access is granted through a service request.<br> | ||
</blockquote> | </blockquote> | ||
Line 73: | Line 73: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''13. Risk: Unauthorized access may occur resulting in business data compromise or destruction.'''<br> | '''13. Risk: Unauthorized access may occur resulting in business data compromise or destruction.'''<br> | ||
:a. SOX.2.1.5.13: Terminations are sent through the HR process. An Email is sent from HR with all terminations to the IDS-IPS system administrators.<br> | :a. [[SOX.2.1.5.13:|'''SOX.2.1.5.13''']] Terminations are sent through the HR process. An Email is sent from HR with all terminations to the IDS-IPS system administrators.<br> | ||
</blockquote> | </blockquote> | ||
Line 79: | Line 79: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''14. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | '''14. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.'''<br> | ||
:a. SOX.2.1.5.14: IDS-IPS password expiration is set to Corporate IT standards.<br> | :a. [[SOX.2.1.5.14:|'''SOX.2.1.5.14''']] IDS-IPS password expiration is set to Corporate IT standards.<br> | ||
</blockquote> | </blockquote> | ||
Line 85: | Line 85: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''15. Risk: Security violations or data corruption may occur with no forensic evidence available to resolve the situation.'''<br> | '''15. Risk: Security violations or data corruption may occur with no forensic evidence available to resolve the situation.'''<br> | ||
:a. SOX.2.1.5.15: IDS-IPS rules and logging is applied to everyone equally including system administrators.<br> | :a. [[SOX.2.1.5.15:|'''SOX.2.1.5.15''']] IDS-IPS rules and logging is applied to everyone equally including system administrators.<br> | ||
</blockquote> | </blockquote> | ||
Line 91: | Line 91: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''16. Risk: Unauthorized access (i.e. terminated employees) may occur.'''<br> | '''16. Risk: Unauthorized access (i.e. terminated employees) may occur.'''<br> | ||
:a. SOX.2.1.5.16: A semi-annual revalidation of IDS-IPS administrator accounts are performed by security administration.<br> | :a. [[SOX.2.1.5.16:|'''SOX.2.1.5.16''']] A semi-annual revalidation of IDS-IPS administrator accounts are performed by security administration.<br> | ||
</blockquote> | </blockquote> | ||
Line 97: | Line 97: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''17. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.'''<br> | '''17. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.'''<br> | ||
:a. SOX.2.1.5.17: Privileged level access is password restricted. This password is known only by the system administrators.<br> | :a. [[SOX.2.1.5.17:|'''SOX.2.1.5.17''']] Privileged level access is password restricted. This password is known only by the system administrators.<br> | ||
</blockquote> | </blockquote> | ||
Line 103: | Line 103: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''18. Risk: Unauthorized routing parameters or virtual LAN connections established may disrupt business capabilities or bypass security controls causing business data loss and confidentiality loss.'''<br> | '''18. Risk: Unauthorized routing parameters or virtual LAN connections established may disrupt business capabilities or bypass security controls causing business data loss and confidentiality loss.'''<br> | ||
:a. SOX.2.1.5.18: Routing protocols are approved by management.<br> | :a. [[SOX.2.1.5.18:|'''SOX.2.1.5.18''']] Routing protocols are approved by management.<br> | ||
</blockquote> | </blockquote> | ||
Line 109: | Line 109: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
'''19. Risk: Confidentiality and or privacy may be compromised.'''<br> | '''19. Risk: Confidentiality and or privacy may be compromised.'''<br> | ||
:a. SOX.2.1.5.19: Unauthorized network tapping does not occur without the approval of management.<br> | :a. [[SOX.2.1.5.19:|'''SOX.2.1.5.19''']] Unauthorized network tapping does not occur without the approval of management.<br> | ||
</blockquote> | </blockquote> |
Revision as of 13:59, 13 June 2006
1. Risk: Unauthorized access attempts go unnoticed.
- a. SOX.2.1.5.1 IDS-IPS authentication attempts are limited to attempts specified by the Corporate IT standard.
2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.
- a. SOX.2.1.5.2 IDS-IPS administrator level access is password restricted and is limited to the designated IDS-IPS administrators only.
3. Risk: Unscheduled access by support vendors may result in business process interruptions or loss of production data.
- a. SOX.2.1.5.3 IDS-IPS access by support vendors is granted through a service request.
4. Risk: Unauthorized users might exploit privileged access to critical business processes and data.
- a. SOX.2.1.5.4 New IDS-IPS user accounts are pre-expired.
5. Risk: Unauthorized users might exploit unauthorized access to critical business processes and data.
- a. SOX.2.1.5.5 The IDS-IPS operating application has a session "Time-Out" function enabled.
6. Risk: Unnecessary disruptions to business processes or data corruption may occur.
- a. SOX.2.1.5.6 IDS-IPS rule changes are scheduled during maintenance windows.
7. Risk: Unidentifiable users may compromise critical business processes and data.
- a. SOX.2.1.5.7 The IDS-IPS system will not allow identical administrator IDs.
8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.
- a. SOX.2.1.5.8 IDS-IPS passwords are required for each administrator ID. Password configuration is based on Corporate IT standards.
9. Risk: Inappropriate administrative actions are executed without accountability measures.
- a. SOX.2.1.5.9 The IDS-IPS operating application has the functionality to monitor administrator access related events.
10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.
- a. SOX.2.1.5.10 IDS-IPS administration team is notified when security violations occur.
11. Risk: Forensic evidence is not available to resolve malfunctions, compromises or other security compromising incidents.
- a. SOX.2.1.5.11 The IDS-IPS administration team reviews security logs looking for security violations.
12. Risk: Unauthorized access is granted to business systems or data stores.
- a. SOX.2.1.5.12 IDS-IPS access is granted through a service request.
13. Risk: Unauthorized access may occur resulting in business data compromise or destruction.
- a. SOX.2.1.5.13 Terminations are sent through the HR process. An Email is sent from HR with all terminations to the IDS-IPS system administrators.
14. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.
- a. SOX.2.1.5.14 IDS-IPS password expiration is set to Corporate IT standards.
15. Risk: Security violations or data corruption may occur with no forensic evidence available to resolve the situation.
- a. SOX.2.1.5.15 IDS-IPS rules and logging is applied to everyone equally including system administrators.
16. Risk: Unauthorized access (i.e. terminated employees) may occur.
- a. SOX.2.1.5.16 A semi-annual revalidation of IDS-IPS administrator accounts are performed by security administration.
17. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.
- a. SOX.2.1.5.17 Privileged level access is password restricted. This password is known only by the system administrators.
18. Risk: Unauthorized routing parameters or virtual LAN connections established may disrupt business capabilities or bypass security controls causing business data loss and confidentiality loss.
- a. SOX.2.1.5.18 Routing protocols are approved by management.
19. Risk: Confidentiality and or privacy may be compromised.
- a. SOX.2.1.5.19 Unauthorized network tapping does not occur without the approval of management.