Linux: Computer Security Audits
Many types of audits exist, and one of them relating to Linux is a computer security audit. The purpose of a computer security audit, in its simplest form, is to test your system and network security.
For larger organizations, an independent auditor (much like with the auditing of financial statements) can do the security audit. If you have only a few Linux systems or a small network, you can do the security audit as a self-assessment, just to figure out if you’re doing everything okay.
Nontechnical aspects of security audits
The nontechnical side of computer security audits focuses on your organization-wide security framework. The audit examines how well the organization has set up and implemented the policies, plans, and procedures for computer security. Here’s a list of some items to be verified:
Risks are periodically assessed.
An entity-wide security program plan is in place.
A security program-management structure is in place.
Computer security responsibilities are clearly assigned.
Effective security-related personnel policies are in place.
The security program’s effectiveness is monitored and changes are made when needed.
As you may expect, the nontechnical aspects of the security audit involve reviewing documents and interviewing appropriate individuals to find out how the organization manages computer security. For a small organization or a home PC, expecting plans and procedures in documents is ridiculous. In those cases, simply make sure that you have some technical controls in place to secure your system and your network connection.
Technical aspects of security audits
The technical side of computer security audits focuses on testing the technical controls that secure your hosts and network. The testing involves determining
How well the host is secured. Are all operating system patches applied? Are the file permissions set correctly? Are user accounts protected? Are file changes monitored? Are log files monitored? And so on.
How well the network is secured. Are unnecessary Internet services turned off? Is a firewall installed? Are remote logins secured with tools such as SSH? Are TCP wrapper access controls used? And so on.
Typically, security experts use automated tools to perform these two security reviews, for individual hosts and for the entire network.