Information Technology > Computer Security

Another area where IDEA has been used with particular success is in conducting security audits. Normally on a security audit the various controls over access are evaluated, the types of journals and logs that are kept are considered, and the way the system is administered and monitored is assessed. To complement these theoretical evaluations, a much more substantive approach to checking security can be conducted using IDEA.

In overview, system level commands are used to create files containing data such as systems logs, access permissions, folder structures etc. and these files are then imported into IDEA. Various tests can then be carried out to determine if security is adequate.

The three major areas to use IDEA are in auditing and analysing access rights, file lists, and system file logs.

The following are commonly used tests (grouped by type).

Access Rights

  • List accounts with passwords not set or not required for access
  • Accounts with short access passwords (i.e. less than the recommended 6 characters)
  • Accounts not used in the last 6 months
  • Aging of password change
  • Accounts with access to key directories
  • Accounts with supervisor status
  • Accounts with equivalence to users with a high level access (e.g., supervisory equivalence)
  • List group memberships

File List Analysis

  • List duplicate names (both software for multiple copies and data where there is a risk of accidental deletion)
  • Identify old files
  • Analysis by folder
  • Analyse file sizes by owner
  • Last access dates for old files
  • Database type analysis, by extension
  • File type analysis (by file extension)
  • Identify all files without an owner, i.e. where user accounts have been removed from the system
  • Test for.COM,.EXE or.BAT files in areas where there should not be programs
  • DOS/Windows systems

System Logs

  • List all instances of access outside standard office hours
  • List all instances of access while users were on holiday/sick leave, etc.
  • Identify users, particularly those with supervisory rights who are logged in for long period of time
  • Identify those with higher use than might reasonably be expected
  • Summarise by network address
  • List all users with their normal PCs
  • List all PCs with their normal users
  • show users on unusual PCs
  • Summarise charges by user to determine resource utilisation
  • Analyse utilisation by period, i.e. daily, weekly, monthly, etc. to show historical trends