Keep Regular with Security Audits

Routine Security Audits can help things stay routine.

Security audits are one of the most important things you can do to protect your network. Security breaches happen all the time, and it’s up to you to stay ahead of these breaches with regular security audits. Security auditing is not just about checking logs – it’s about actively looking for changes on your network so that if something happens, you’ll know what was changed and how it happened. Security audits also provide peace of mind by showing that the right level of security is in place at any given time.

An audit includes reviewing firewall settings, software updates, antivirus/anti-malware status, account permissions (including Active Directory) domain controller health checks, password strength requirements, file share permissions including NTFS[1] permission changes, DHCP/DNS/WINS settings, user rights, Windows Security auditing settings, SharePoint Security Settings, anti-malware scanners to ensure virus signatures are up to date, patch statuses (including WSUS[2]) change logs and even checking for unauthorized software.

What is a security audit

A security audit is a process of evaluating the effectiveness of information security policies. Many businesses now depend on technology for their day to day operations and consequently, they expose themselves to various risks. Security audits are now an integral part of the security policy and it is important that they be made routine. The scope of the audit is determined by the level and type of risk identified in the organization and also is based on certain standards that have been developed.

Types of Security Audits & Auditors

Security audits are an important part of keeping your company safe. But there are many different types to choose from, and each type has its own set of benefits and drawbacks. The process begins with analyzing the environment that needs to be audited, then matching the audit to the need. That’s why it’s crucial to understand what kind of security audit is needed before getting started. And while some audits may seem more difficult than others, they all have their place in a comprehensive security plan.[3]

Internal Auditors

These employees work inside the company looking for vulnerabilities or signs that something could go wrong within their departments or areas of responsibility which can be anything from the water cooler to the data center. They are employees who are trained in spotting red flags or inconsistencies that, when addressed early on, can prevent crisis situations down the road.

External Auditors

These auditors don’t work for your company but examine your systems and equipment regularly to look for security gaps in policies and procedures. These audits are performed by a hired third party or government agency.

These audits can also take the form of either Black Box or White Box (or Glass Box) Penetration Testing. With Black Box, the auditor has no knowledge of your systems and is testing from a position outside your network, looking for vulnerabilities by attacking them from the internet. With White Box, the auditor knows everything about how your systems are put together.[4] Each method has its pros and cons, but the goal with both is to harden[5] the system.

Manual Audits

A manual audit can be performed by an internal or external auditor. During this type of auditing, the interviewer will interview your employees to evaluate physical access and vulnerability scans for security as well as application, network and operating system controls that may need adjustment if necessary in order to make sure you’re up-to-date on best practices. These audits require extensive knowledge of the type of environment being audited and the ability to generate reports based on their findings.

Automated Audits

Automated audits are a Computer-Assisted Audit Technique, also known as CAAT that produces comprehensive, customizable reports. They can be used internally by management and externally for auditing purposes. Advanced programs will monitor the IT environment continuously so you’re always in the know about any suspicious activity taking place within your networked devices.

IT Audit Standards

The security audit standards ISO, HIPAA Security Rule, PCI DSS Compliance and SOX Compliance are designed to help businesses comply with their own internal data security protocols.

ISO Compliance is a process of verifying that an organization meets the requirements of the ISO/IEC 27001 standard. This standard covers the Information Security Management System (ISMS).[6] An ISMS is a framework that allows an organization to manage and control its information security risks. ISO Compliance is necessary for organizations that want to protect their customers’ data.

The HIPAA Security Rule is a set of regulations that are designed to protect the privacy and security of electronic health information. The Rule requires covered entities to implement a variety of security measures, including:

• Access Control
• Audit Logging
• Password Management
• Data Encryption 

PCI DSS compliance is a requirement for any business that accepts credit cards. In order to be PCI compliant, a business must implement certain security measures to protect its customers’ credit card data. These security measures include things like firewalls, anti-virus software, and data encryption.

Businesses that are not PCI compliant can face fines and other penalties from the credit card companies. It’s therefore important for businesses to ensure that they are PCI compliant at all times, especially if they hand credit card data.

One of the most important audit standards is SOX compliance.[7] This stands for “Sarbanes-Oxley Act of 2002” and it demands that any company with over $10 million in assets or sales must produce an annual report, or ER. One of the mandates is to establish an internal control to keep track of risks and vulnerability to fraud, waste and abuse. There are many other mandates in the SOX standard to help protect a company and its stakeholders from fraudulent activities.

How to conduct an audit

When it comes to auditing your network security, there are a few key steps that you need to follow in order to get the most comprehensive results. Here’s a quick overview:

1. Start by assessing your current security posture. This will help you to identify any weak spots that need to be addressed.
2. Next, perform an audit on the devices that are being used to manage security. You need to know exactly how many of each type of device you have, what they do, and where they are. This step will help you to create a standardized configuration across your entire network.
3. After creating a standard configuration for all of your devices, you can run vulnerability scans against them in order to see if any holes have been opened up due to lack of updates or new patches.
4. Once everything has been inventoried and patched as needed, it’s time for another assessment so that you can see if the changes had the intended effect and whether there were any unexpected consequences.
5. Finally, review your firewall and Active Directory settings to make sure that they are configured correctly.
6. Rinse; repeat…

How often to do audits

How often should you do security audits? It depends on your organization’s risk level. If you’re dealing with sensitive data, you should probably be doing audits at least once a quarter. If your organization is less risky, you can get away with doing them every six months or even once a year. However, it’s always a good idea to be proactive and do audits more often than you need to. This way, you’ll catch any issues before they become a problem.

Conclusion

A security audit is an important component of network management. It’s also one of the most overlooked areas in many organizations. Without regular audits, you can’t be sure if your system is secure enough to protect data and meet compliance requirements. You don’t want to wait until there has been a breach before taking action. If you’re interested in learning more about our services or would like help with designing a custom security plan tailored specifically for your organization, contact us today!

Sources:

[1] https://docs.microsoft.com/en-us/windows-server/storage/file-server/ntfs-overview

[2] https://en.wikipedia.org/wiki/Windows_Server_Update_Services

[3] https://www.dnsstuff.com/it-security-audit

[4] https://teskalabs.com/blog/security-audit-white-box-vs-black-box-penetration-testing

[5] “In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions.” https://en.wikipedia.org/wiki/Hardening_%28computing%29

[6] https://www.itgovernanceusa.com/blog/what-exactly-is-an-information-security-management-system-isms-2

[7] https://www.soxlaw.com/sox-compliance/

Picture Credits

https://pixabay.com/images/id-4189560/

https://pixabay.com/images/id-265130/

https://pixabay.com/images/id-5382501/

SECURITYBRIDGE BROADENS U.S. REACH WITH NEW 1st BASIS GROUP PARTNERSHIP

Press Release

Ingolstadt, Germany, February 22, 2022 – SAP security provider SecurityBridge—now operating in the U.S.,—today announced a partnership with Wisconsin-based 1^st Basis SAP Services Group, (1^st Basis). The partnership enables 1^st Basis to provide SecurityBridge’s integrated SAP Security platform and services—the most advanced cybersecurity to SAP managed services, and S4HANA migration projects—to their customer base.

“It’s no secret that SAP often holds an organization’s crown jewels and needs to be given the utmost protection. However, according to the latest research 43% of data breaches are at the application layer and we are finding that this is the greatest area of weakness,” said Doug Pastrich, CEO of 1^st Basis.

SecurityBridge provides the most advanced cyber-platform with real-time threat detection, vulnerability management, custom code scanning, and patch-management in a seamless one-stop-shop solution, built on a single technology layer. With real-time dashboards based on SAP Fiori, SecurityBridge provides actionable intelligence that can be relied upon to make critical security decisions.

“SecurityBridge provides the most comprehensive functionality and seamlessly integrates within the SAP technology stack. Its agile and holistic approach enables us to provide transformation and managed services very quickly and smoothly. 1^st Basis will be building on our solid reputation of providing our clients with the utmost quality of managed services as security is becoming more urgent. With this partnership, we will provide significant speed to security in our ability to reduce the attack surface for our customers by utilizing the power of SecurityBridge,” added Pastrich.

“Threats against SAP systems are becoming more prevalent and more sophisticated. The most effective, proven approach is to combine constant real-time threat monitoring and vulnerability management into a holistic security process’’, said Christoph Nagy, CEO of SecurityBridge.

“The partnership with 1^st Basis will be highly synergistic for both parties, as we see the increasing migration towards managed services for SAP clients. We value the expertise and excellent reputation that 1^st Basis provides, and we look forward to an exciting year ahead.”

About Security Bridge

SecurityBridge is an SAP Security Platform provider, developing tools to extend the SAP ecosystem. The company takes a radically different approach to traditional security tools, believing SAP applications and custom code will be infiltrated no matter how diligently security hygiene is applied. In response to this belief, SecurityBridge created the world’s only natively integrated real-time solution for constant monitoring. Powered by anomaly detection, the SecurityBridge platform can differentiate between accurate results and false positives so that security teams can better focus on real issues. For more information, please visit securitybridge.com.

About 1st Basis

Founded in 2006, 1st Basis provides affordable, high-quality SAP Basis managed services at SAP Best Practices standards. For over a decade, we have kept that promise. We leverage our unmatched expertise to keep our customers’ SAP systems secure, stable and highly available. For more information, please visit www.1stbasis.com.

Security Concerns with Zoom and SAP

This is a companion piece to our other post on TikTok and potential security concerns with SAP. The geopolitical background issues are the same. China has a history of corporate and other espionage and a history of inserting its interests into the affairs of corporate entities, even technically private ones, at home. It is also the world’s most developed surveillance state, and recently, it and the United States have been increasingly at odds on a variety of issues.

Unlike TikTok, Zoom is not headquartered in China. Its owner, Eric Yuan is originally from China, but moved to the United States in 1997.

The Rise of Zoom

As most people now know, Zoom has been one of the greatest beneficiaries of CoVid lockdowns, seeing an almost twentyfold rise in usage over the past year. People isolating to slow the spread of ‘the virus’ have flocked to the platform for social and work purposes. The subsequent discovery by many workers (and some businesses) that much of what they do doesn’t depend on their being on-site has contributed to its continued expansion. Lots of educational institutions and social services and primary medical services have adapted to employ video as well.

The ease with which Zoom can be accessed and its full but intuitive feature set have spurred its widespread adoption, but that same broad suite of functionalities and ease of access have made it a broad target for hackers and other online bad actors.

The Problematic History

There have been a series of security issues with Zoom that are, perhaps, not surprising given the nature of the platform. Early on, many people using the platform were declining to use the password option, which gave an opening to bombers and grifters to bust in to meetings and wreak havoc. In one infamous example, a major university’s graduation, held online because of CoVid, was interrupted with racial invectives. The platform has been used for information scraping, malware injection, password stealing, and just about anything else a hacker might want to do. At one point, Zoom partnered with a Chinese firm to generate cryptographic keys, which threw up warning signs among politicians and security experts. Additionally, Zoom agreed to de-platform several well-known Chinese dissidents at the request of the Chinese Communist Party (CCP).

The list of exploits and possible vulnerabilities is very long, and you can read about them in depth in this excellent compilation at Tom’s Guide. The most problematic thing about Zoom, though, has been its lack of candor at times, for instance claiming to have inaugurated end-to-end encryption when it hadn’t done so. In response to various criticisms, Zoom has taken steps to mitigate its vulnerabilities, but very few of these steps seem, from an outside perspective, to have been taken proactively. A variety of alternatives to Zoom are available. If you share sensitive information on such a platform, you might be better off to look elsewhere until Zoom has established a more robust security track record, and this is probably more likely to be true of businesses that employ SAP services than those that do not. Zoom’s vulnerabilities make it not just problematic in view of the Chinese, but also corporate espionage, sabotage, and sundry black-hat exploits. As with TikTok, your vulnerability profile will depend entirely on the potential value of the information that you share to those who shouldn’t have it.