REVIEW AUDIT LOGS

The main importance of reviewing audit/event logs is to monitor the security of the system. Besides, C2 Security compliance requires that the system be monitored (audited) continuously. Whether it pertains to the system ‐ what hardware was accessed, security ‐ identify who logged on (logged-in), or application ‐ what software was accessed; usage must be tracked.

The term auditing refers to the process of recording events, such as file access, creations, deletions, the addition of print jobs, and so on, and using that information to detect usage violations or to confirm that network procedures are operating correctly.

A network administrator, by using the audit logs, can track what files were accessed, when they were accessed (date and time), by whom, and even what transactions were performed. Some logs even show you if the transaction was or was not successful with some type of message.

NETWORK CONFIGURATION

Equipment, the connections, and equipment settings for a network comprise the network configuration. The equipment refers to the hardware (computers, peripherals, boards, and cables), but may also include software under certain circumstances.

Because of equipment compatibility and interoperability, a system administrator needs to know considerable detail about all of the equipment that comprises the network. This information may include model numbers, memory specifications, enhancements, and so on. This information must be maintained, or conflicts between the equipment may occur. Most networking systems include a utility for recording system configuration information and updating it as the net work changes.

Record the current settings for each component as part of the configuration information. Avoid conflicts when deciding on specific settings. A conflict can arise because two boards want to use the same memory location or interrupt.

SYSTEM PARAMETERS

System parameters must be verified prior to installation and startup to avoid any conflicts. The majority of the conflicts involve system interrupts. An interrupt is a mechanism by which one computing element, such as a modem or a program, can get the attention of another elements. Interrupts may be generated by hardware or software.

Hardware Interrupt

There are 16 interrupt request lines (IRQs) for hardware interrupts in a PC environment. Each device attached to a computer can have an IRQ assigned. When the device wants service from the CPU, it signals on this line and waits.

IRQs have different priority levels, and the higher priority lines are assigned to the most important functions on the PC. By responding to IRQs according to their assigned priority, an operating system or interrupt handler can ensure that no vital activities are interrupted.

IRQ values for a device may be set through software or by manually setting them through the use of jumpers or DIP switches on the expansion board for the device. When configuring devices, it is important that you do not have two devices that use the same IRQ.

Software Interrupt

Executing programs also use interrupts to get resources needed to perform some action. There are software interrupts to access a monitor screen or disk drive, to handle a keystroke or a mouse click, and so on.

There are software interrupts for handling specific requests and for performing specific actions (for example, determining memory size). Interrupts can provide access to more functions (for example, DOS interrupt 2AH provides for network control functions).

SOFTWARE CONFIGURATIONS

All of the software that will be installed on the network will be configured for use on the system. Unfortunately, the manufacturers can't configure the software to function properly on each and every system. It will be up to you to make configuration changes to get the optimum performance from the specific software that will be loaded on the network.

These changes can include one or more of the following:

l Available memory

l Type of peripheral (e.g., disk or tape drives, printers, etc.)

l Number of users

l Access speeds

l Available disk space

Before making any changes to the software, ensure that there are adequate backups available to restore the system if problems are encountered. The most important thing to remember, when making changes, is to read the installation instructions that were supplied by the manufacturer first.