Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] More Technical Guidance from US-CERT: System Integrity

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] More Technical Guidance from US-CERT: System Integrity


Chronological Thread 
  • From: "Capehart,Jeffrey D" <>
  • To: "" <>
  • Subject: [AD-Assurance] More Technical Guidance from US-CERT: System Integrity
  • Date: Tue, 21 May 2013 15:49:33 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport05.merit.edu; dkim=neutral (message not signed) header.i=none

I found a document from US-CERT that might be useful for reference to additional controls to demonstrate system integrity.  Some of these may already be necessary to meet the criteria.  Consider: Would greater system integrity compensate adequately for a non-approved algorithm or storage method?

-Jeff

 

TIP-11-075-01:  System Integrity Best Practices

http://www.us-cert.gov/sites/default/files/publications/TIP11-075-01.pdf

 

The two key components of system integrity are software authenticity and the assurance of user identity. US-CERT recommends that organizations routinely evaluate how to integrate the following best practices into their current environments to achieve these objectives. 

 

Enable strong logging.

                        o Enable logging for all centralized authentication services and collect the IP address of the system accessing the service, the username, the resource accessed, and whether the attempt was successful or not.

                        o Limit the number of authentication attempts and lockout the user if the limit is reached. Security professionals should conduct a manual review before unlocking the account and prohibit automatic unlocks after a specified time period.

                        o Conduct near real-time log review for failed attempts per user and per unit of time independent of successful logins; abnormal successful logins; and lockouts. Correlate this data to identify anomalous activity.

 

Limit remote access.

o Restrict access by IP address wherever possible.

o Limit concurrent logins to one per user.

 

Apply additional defense-in-depth techniques.

                        o Maximize complexity of passwords, passphrases, and personal identification numbers (PINs) whenever possible.

                        o Enable defenses against key logging such as forced frequent credential changing

and updated anti-virus (AV) signatures.

 

Validate software.

                        o Require validation of vendor-provided hash values or digital signatures prior of installation. If information is not customarily provided, request validation guidance from the vendor.

                        o Exercise additional caution when receiving unsolicited or unexpected software media.

                        o Establish installation baseline (e.g., file names, versions, hash values) and periodically revalidate this information.

                        o Enable revocation checking to include Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) checking.

 

 

 

 

Jeff Capehart, CISA
IT Audit Manager
University of Florida - Office of Internal Audit
(352) 273-1882

http://oia.ufl.edu

 


  • [AD-Assurance] More Technical Guidance from US-CERT: System Integrity, Capehart,Jeffrey D, 05/21/2013

Archive powered by MHonArc 2.6.16.

Top of Page