Thread: System Integrity
View Single Post
  #2 (permalink)  
Old 2007-01-23
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 909
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: System Integrity
It's not an easy question to answer.

How well are the SmartCenter and enforcement modules physically protected?

How well is the enforcement module protecting itself? Is there a rule that only allows access to it from certain IP addresses or can anyone "touch" it?

Does cpconfig on the SmartCenter restrict SmartConsole access to just certain IP addresses or did someone allow an entire subnet or * ?

How well are the SmartCenter and enforcement modules patched? Are OS patches applied in a timely basis? (Can someone use a remote exploit to gain admin access without knowing a set of credentials? Are there unnecessary services running that could be used in a remote exploit?)

How do administrators authenticate? User name and password only? Certificates? Is it the same one for everyone? Is anyone using the "admin" account instead of their own account? Are lockouts configured? How are alerts distributed?

How often do authorized administrators login and what do they check? You can use filters on the Audit tab to see this information. (i.e. Is anyone paying attention?)

How often are the logs deleted?

What exactly are you looking for? A routine audit or suspected abuse?

Ray
Reply With Quote