IT Audit – Why it is important to system administrators?

Ramdev

I have started unixadminschool.com ( aka gurkulindia.com) in 2009 as my own personal reference blog, and later sometime i have realized that my leanings might be helpful for other unixadmins if I manage my knowledge-base in more user friendly format. And the result is today's' unixadminschool.com. You can connect me at - https://www.linkedin.com/in/unixadminschool/

Loading Facebook Comments ...

9 Responses

  1. Muneer says:

    FILE-SYSTEM SECURITY
    Weak File system configuration
    Set Null shell for system user accounts
    Login banner is not enabled
    Non essential services are enabled in inetd
    Non essential services are enabled in startup scripts
    FTP and Telnet banners are absent in the system
    . FTP users are not restricted
    SNMP Service is not secured
    Executable stacks are not secured
    Weak system umask
    Weak user permissions for CRON and AT
    Critical folders have weak permission
    Intense use of system resources
    EEPROM security functionality is disabled
    SYSTEM ACCESS AND AUTHENTICATION
    Password policy is not enabled in the system
    Remote root login is enabled
    Remote login by unauthenticated users
    XDMCP protocol is enabled for CDE
    AUDITING AND LOGGING
    Failed login attempts are not audited
    User authentication is not audited
    Weak permission on log files
    NETWORK SETTINGS AND SERVICES
    Weak preliminary network settings
    Weak TCP sequence number used

  2. Ramesh says:

    Hi Gukulindia,

    Please share some knowledge on hadoop .

    Regards
    Ramesh Reddy 

  3. AbheeG says:

    IT Audit is mainly done to check if the the systems are in accordance with the companies/System Owners Security Policy.As long as the Security Policy maker is technical enough that what is to mentioned and what is not u can have a relatively easier time implement it and maintain it.I Have seen policies which have been entirely downloaded from net and give to me to apply.As a System Admin we always have right of denial.Sometimes its just not practically possible to apply all the policies to a non critical system. Also Patch Management can be a big a nightmare if you do not test them on a testing server before applying it on a production server.

  4. ramdev says:

    @AbheeG – thanks for sharing your experience.

  5. PiGeePi says:

    Just wanted to point out that the word compliant is misspelled as ‘complaint’ numerous times in the article. There is a big difference in meaning.

    Nevertheless, this was an excellent article.

    I worked for a company in New York, where we implement PCI compliance. We ran some scripts that checked for a lot of the things mentioned here and in Muneer’s list. If I can ever find this script I will post some additional comments here.

  1. September 15, 2015

    […] IT Audit – Why it is important to system administrators? […]

  2. September 17, 2015

    […] IT Audit – Why it is important to system administrators? […]

Leave a Reply

Your email address will not be published.

[contact-form to='ramkumar.ramadevu@gmail.com' subject='New Learning Request Submitted'][contact-field label='Name' type='name' required='1'/][contact-field label='Email' type='email' required='1'/][contact-field label='Learning Request' type='textarea' required='1'/][contact-field label='Are you Looking for ' type='radio' required='1' options='Paid Training,Free Training'/][/contact-form]

What is your Learning Goal for Next Six Months ? Talk to us