Content |
Therefore it is important that at any moment it was possible to learn who got access to files and folders or tried to change permissions for them. Also occasionally it is necessary to know date and time when such access attempts or changes were performed and on what server it occurred.
There are different reasons for which audit of file servers is the necessary procedure:
Audit of file servers as method of risk reduction
Automatic information acquisition and report generation on changes and access attempts give to the organization a feedback about file activity in its infrastructure. Use of such information allows to reduce risks of violation of information security considerably. Effective management of interaction of the user and administrator with files reduces risk, guaranteeing at the same time that at users necessary access rights that they could execute the duties effectively are had.
Audit of changes for the purposes of security gain
Monitoring of file activity is directly connected with gain of information security of the organization. However audit of file servers using only the built-in instruments of audit is bulky and unproductive. Because of the volume of the written data it is difficult to obtain necessary information, besides the majority of events is not unauthorized. One of the simplest methods of gain of safety of access to files is automatic obtaining information on changes on a permanent basis.
Audit of file servers in the context of requirements of standards for information security
Such standards in the field of information security as SOX, HIPAA, FISMA and PCI exist to set IT audit standards of changes for protection both the organizations, and consumers. Finally, these standards and their improvement are designed to confirm that the organization protects, writes and monitors changes which mean access to confidential information.
All this gave an impetus to emergence of the auxiliary tools especially relevant in large IT infrastructures with the different IT administrations levels.
Requirements imposed to functions of the programs performing audit of file servers.
Automatic data acquisition.
If data collection is performed irregularly, then there is a risk of loss of important information owing to rewriting of the event log or problems with exhaustion of an empty seat on the server. This important requirement to instruments of audit of file servers so without it timely audit is impossible.
The effective centralized data storage
Automation usually requires additional resources and can negatively affect functioning of a system that in turn can lead to problems. For this reason it is important that influence of the applied method of data collection was minimum. Moreover, data storage should be considered also in the course of implementation of the software solution. While it is possible, data of events and audit can be stored only in a local system where events took place to be. However a preferable method – centralization of this information in the certain data warehouse where they would be at the same time protected and available. Such approach has the advantages as the need to analyze information and to create reports on its basis becomes a part of daily activity of the IT administrator or group responsible for the general health of different file services.
Collection of information should be reliable.
In the course of data collection preference should be given to those methods which use Event Log and other built-in instruments of audit which differ from the methods requiring implementation of agents or change of the system code for extraction of data on an event. It allows to fix any potential problems connected with stability of system operation or incompatibility of software. Especially it is relevant for Windows of systems in which it is impossible to rely only on data of the event log since the generated information is not complete. Completely to understand this or that event, information from different sources should be aggregated, and its subsequent analysis should consider already aggregated information. Protection of such information for the purposes of short-term and long-term storage is also important process. It is important that none of privileged users had access to them and furthermore opportunities to delete or otherwise to interfere with these data. Access to such information should be limited or in general is prohibited.
Scalability
To perform audit of file servers, the software solution for audit should be scalable. It should adapt to constantly changing infrastructure of the organization, but at the same time without "breakthroughs" in the course of implementation. Implementation and further use of solutions for audit of file servers will be simplified in that case when software or significant changes in a configuration are not required additional to adapt to changes in the organization. The solution for audit of file servers should take gradual (granular) changes, such as changes of the general network topology, controllers of domains and Active Directory into account. It is necessary to exercise constant control over changes for the purpose of providing the best service quality to users and providing records of audit to IT professional.
Possibility of formation of detailed reports
Additional opportunities, such as notifications by e-mail and a subscription for reports, also have an impact on overall effectiveness of management of the file system. Thus, the possibility of formation of detailed reports is the key to successful implementation of audit of file servers.
Audit of storage devices
In the majority of IT infrastructures the Windows systems dominate, however such popular storage devices, such as EMC Celerra and NetApp Filer are also widely used. Therefore they also should be taken into account at implementation of audit of changes.
Monitoring of integrity of files
Monitoring of integrity of files guarantees integrity of files by means of monitoring a hash amount, but not the file. This approach allows to record quickly changes of files and to timely notify when such change happened. Monitoring of integrity of files is also required for fulfillment of requirements of the PCI DSS standard. Monitoring of integrity of files in the program of audit of file servers is necessary to provide the high levels of security and change control over data.
Additional requirements
The preferred solutions should be simple in implementation and have a connectivity of add-on modules for formation of the complete software package to maximize potential benefits from audit of changes. Some additional types of systems can include firewalls, routers, servers with databases, storage devices and other technologies of Microsoft, such as SQL and SharePoint and especially the Active Directory and group politicians. The notification in real time and functions of recovery of objects will also add value to the selected solutions for audit of file servers.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |