Account Audit and Restriction Policies PDF

Summary

This document discusses account audit and restriction policies, outlining design considerations and the types of user actions recorded in security logs. It explores location-based restrictions using technologies like GPS, IP addresses, and geofencing, as well as time-based restrictions for controlling access durations. The document emphasizes the importance of these policies in protecting security systems from compromise.

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Administrative Controls V4 @) Exam 212-82 Account Audit Policy \ Z 0 O The account audit policy defines the types of user actions or events to be recorded in security logs O Create an effective audit policy to monitor and identify potent...

Certified Cybersecurity Technician Network Security Controls — Administrative Controls V4 @) Exam 212-82 Account Audit Policy \ Z 0 O The account audit policy defines the types of user actions or events to be recorded in security logs O Create an effective audit policy to monitor and identify potential security issues in advance, ensure accountability, and provide evidence in case of a data breach Design Considerations Decide how to collect, store, and analyze audit data S ©000 @ Test the audit policy before deploying it in the production environment Consider the amount of storage required for the audit data Decide the types of events to audit Account Audit Policy The account audit policy defines the types of user actions or events to be recorded in security logs. It is important for organizations to create an efficient and effective account audit policy to monitor and identify potential security issues in advance, ensure accountability, and provide evidence in case of a data breach. Each organization must take appropriate decisions according to the threats it faces and the risk tolerance factor, and it should design a relevant audit policy that best suits its security needs. Design Considerations = Decide how to collect, store, and analyze audit data. = Test the audit policy before deploying it in the production environment. = Consider the amount of storage required for the audit data. = Decide the types of events to audit such as account sign in, access to directory services, system changes, and process tracking. Module 05 Page 596 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Account Restriction Policy - O An account restriction policy is implemented to grant permissions or restrict users by considering certain parameters such location and time » Devices can be tracked and restricted based on their geo-locations » Location Services: Uses GPS-enabled devices to obtain accurate location information » IP address: Provides region-, city-, and country-based restrictions with the information provided by the local ISP » Geofencing: A virtual perimeter restriction that accepts or declines service requests depending on the location i : : : » Used to restrict connections or sessions for a specific amount of time » Creates specific access hours for a user account » Sets the maximum amount of time for which an account can access resources > Implements risky login time restriction to trace the login information of a device over time Account Restriction Policy Account restrictions are applied to protect security systems from being compromised. This policy can be implemented to grant permissions or restrict users by considering certain parameters. These restrictions can be added based on two factors: location and time. Location-based restriction: This type of account restriction is applied based on specific IP address blocks and premises. Location-based policies can also be applied to firewalls that block traffic from specific parts of the world. Devices can be tracked and restricted based on their geo-locations in the following ways. (@) Location services: Location services use real-time geographical data or information from a device to offer services. The OS of the device uses various techniques to measure its geo-location. GPS-enabled devices often provide very accurate location information and a regional view of where the device is being accessed from. Location services can also be determined based on Bluetooth, towers when the GPS service fails or is not available. Wi-Fi connections, and cell IP address: The IP address is used to enforce region-, city-, and country-based restrictions with the information provided by the local Internet service provider (ISP). The location defined by the ISP is the approximate location of the host service, rather than the exact location. In this case, accurate information. a mechanism called GeolP is used to acquire Geofencing: Geofences are virtual perimeter restrictions that accept or decline service requests depending on the location. Geofencing detects the entry of a device into a specific region and sends notification alerts to that device. When a user moves around a specific area, the device calculates the new position from different sources such as Wi-Fi, Module 05 Page 597 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 cellular data, and Bluetooth. Based on the notification received, users recognize that they have entered the geofenced area. Geotagging is another process used to attach geographical metadata to media files or data captured by a device. This mechanism is generally used in asset management to check whether a device is in the specified location. = Time-based restriction: This type of account policy is used to restrict connections or sessions between specific amounts of time. These restrictions can be implemented in three ways. o Atime-of-day restriction creates specific access hours for a user account. o A time-based login restriction sets the maximum access resources. o Risky login time restriction traces the login information of a device over time. If a device logs in from a different location within a short period of time, the account is restricted or disabled. Module 05 Page 598 amount of time an account can Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Organizational Policies: Third-party Risk Management Policy O A third-party risk management policy helps organizations in assessing and identifying suppliers vulnerable to cyberattacks and in defining the necessary controls to mitigate the identified vulnerabilities Design Considerations Sign service-level agreements (SLAs) and a third-party nondisclosure agreement Identify the list of compliance regulations for each vendor v" Identify acceptable vendor controls Agree to terminate the contract/service if any of the security measures are not satisfied Maintain a disaster recovery and redundancy plan in case of an emergency Perform third-party screening before providing network access I i\ ‘ Copyright © by EC-Council. All Rights Reserved. Reproductionis Strictly Prohibited Organizational Policies: Third-party Risk Management Policy Many organizations rely on third-party services to improve productivity and profitability. Along with the benefits these third-party services provide, they also pose many security risks. These security risks may lead to data breaches that result in financial loss, reputation damage, noncompliance issues, loss of customer trust, etc. To prevent such risks, organizations should create and deploy third-party risk management policies and procedures. Such policies help organizations in assessing and identifying suppliers vulnerable to cyberattacks and defining the necessary controls to mitigate the identified vulnerabilities. They also define which third-party vendors can have access to critical assets or data. Design Considerations = Vendors should sign service-level agreements (SLAs). = Vendors should sign organization’s data. = QOrganizations should identify the list of compliance regulations for each vendor. = QOrganizations should identify acceptable vendor controls. = Organizations should define the responsibility of the vendor in case of a data breach. = QOrganizations should enforce an agreement to terminate the contract/service if any of the security measures are not satisfied. = Organizations should maintain a disaster recovery and redundancy plan in case of an emergency. Module 05 Page 599 a third-party non-disclosure agreement before accessing the Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 = QOrganizations should perform third-party screening before granting network access. = QOrganizations should continuously monitor third-party vendors to be informed of present and future cyber risks. Module 05 Page 600 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser