Page 34 - DCAP516_COMPUTER_SECURITY
P. 34
Computer Security
Notes
Figure 3.1: Example of File Checksum
5. Intrusion detectors analyze the system audit trail, especially log-ons, connections, operating
system calls, and various command parameters, for activity that could represent
unauthorized activity.
6. System performance monitoring analyzes system performance logs in real time to look for
availability problems, including active attacks (such as the 1988 Internet worm) and system
and network slowdowns and crashes.
Configuration Management
From a security point of view, configuration management provides assurance that the system in
operation is the correct version (configuration) of the system and that any changes to be made
are reviewed for security implications. Configuration management can be used to help ensure
that changes take place in an identifiable and controlled environment and that they do not
unintentionally harm any of the system’s properties, including its security. Some organizations,
particularly those with very large systems (such as the federal government), use a configuration
control board for configuration management. When such a board exists, it is helpful to have a
computer security expert participate. In any case, it is useful to have computer security officers
participate in system management decision making.
Changes to the system can have security implications because they may introduce or remove
vulnerabilities and because significant changes may require updating the contingency plan, risk
analysis, or accreditation.
Trade Literature/Publications/Electronic News
In addition to monitoring the system, it is useful to monitor external sources for information.
Such sources as trade literature, both printed and electronic, have information about security
28 LOVELY PROFESSIONAL UNIVERSITY
