Research

Audit Trails? What Audit Trails?

A look at the use of audits and computer forensics to combat insider fraud.

By Robin Bloor

November 02, 2005CSO

If your employer accuses you of hacking into the companys computing system and perpetrating a fraud, and you happen to be guilty, what is your safest tactic if you want to escape criminal charges? The answer is: Ask them to prove it.

One out of three times, even if computer forensics experts are brought in and given unfettered access to all systems, it will be impossible to prove who is guilty of what. The reason is that few computer networks maintain comprehensive audit trails of who did what and when.

To put this is perspective, it isnt that there are no audit trails. Nearly all computer operating systems keep logs, which record some of the activities of computer users  such as user logins and launching programs - and although it is possible to turn such logs off, usually they are set on. Also databases have transaction logging capability and database logs are usually set on. Some network devices and IT security devices such as Intrusion Detection Systems (IDS) keep logs of network activity. But, even so if you are trying to prove how something happened within a computer network and who was responsible, these traces might not be enough to prove anything indisputably.

The fact that computer forensics experts exist gives some indication of the nature of this problem. Its easy to imagine a well organized computer environment where it is only necessary to search the user logs to find out who changed what information when - but such computer environments dont exist. Computer forensics experts have to build up a picture of what happened from diverse sets of data records and they also have to be sure that such data has not been interfered with in some way. The burden of proof is heavy.

And even if you can tie back a given activity to a specific login, can you prove absolutely who logged in? Passwords can be stolen in many ways using hacking techniques or more commonly nowadays, social engineering  simply persuading someone to give you their login credentials. Only strong authentication using tokens or biometrics (finger prints, retina scans, etc.) can prove with reasonable certainty who used a specific set of computer capabilities.

So what can be done to make it more difficult for digital thieves and fraudsters? Many of the products that are strongly marketed nowadays as compliance solutions will raise the bar for the bad guys. Consul InSight which co-ordinates and analyzes log files across a network and data audit products like Lumigents Audit DB, are examples. Coherent Identity Management systems coupled with strong authentication will improve the picture too.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

IS/IT Project Mgt. Credentials From Villanova - 100% Online

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Data Protection: Challenges for the Traveling User

Key strategies for C-level executives and security staff

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Solving Online Credit Fraud Using Device Reputation

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Configuration Assessment: Choosing the Right Solution

Revolutionizing Endpoint Security with a Single Agent

Envision Identity-Based Access Control for the Datacenter

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage