|Partner TechTip: How to Maintain Your Data Integrity|
|Tips & Techniques - Security|
|Written by Robin Tatam|
|Friday, 10 August 2012 00:00|
File Integrity Monitoring techniques prevent unauthorized configuration and data changes from occurring unnoticed.
File Integrity Monitoring (FIM) helps ensure that your critical and sensitive data is viewed and changed only by authorized personnel through approved channels. Candidates for FIM include application files containing sensitive data, such as personnel or financial data, and server configuration files. FIM is a requirement of several regulatory standards, including the Payment Card Industry Data Security Standards (PCI DSS).
Baseline Validation vs. Real-time Monitoring
There are two main techniques for monitoring file integrity.
Baseline validation can be an effective method for determining that a configuration file has been altered from its desired state. Taking a copy of the file—typically after any authorized change—establishes the baseline. Comparing the current file to the baseline determines whether there are any discrepancies (although the source and timing of the event that caused the discrepancy may remain unknown).
Real-time monitoring doesn't require a baseline, as it monitors for changes as they occur. While this methodology can affect performance, its benefits can be significant. Notification of non-compliance is usually timelier than updates with occasional baseline validation; plus, real-time monitoring will record an event even if the file is returned to its desired state prior to the next validation.
Depending on the nature of the file and the data, the best approach is to utilize both methodologies. Both methods require someone to be responsible for reviewing changes to determine whether they were authorized.
FIM on IBM i
Compared to some operating systems, IBM i doesn't rely heavily on files for its configuration. Instead, many of the controls that dictate how the server will operate are managed through system values. The IBM i auditing facility records when system values are altered, so the job of the security officer becomes watching for when those events occur and whether the change leaves the server non-compliant.
Monitoring changes to database files, which typically hold an application's configuration and data, can be accomplished using facilities provided by the operating system (compare physical file member, triggers, journaling). But while these facilities are part of a successful FIM infrastructure, they are not designed for that purpose, and each has specific shortcomings when used alone.
PowerTech FIM Solutions
PowerTech has designed a portfolio of solutions that leverage and extend the core features of IBM i. Many provide specific benefits to an organization embarking on a FIM initiative.
Conclusion and Next Steps
Timely reaction to unauthorized changes can mean the difference between an attempted breach and an actual breach. Combining IBM i with PowerTech solutions makes it viable to monitor and alert on unusual activity—even if your configuration suffers from overly powerful users or open public access.
Are you considering a FIM initiative? The following process can help you implement smoothly:
In addition to offering leading security and compliance solutions, PowerTech publishes exclusive content on IBM security. Its new white paper on adopting FIM requirements for IBM i discusses in greater detail how security products can simplify your FIM initiative. For the white paper and more information on PowerTech solutions, visit www.powertech.com.
|Last Updated on Wednesday, 08 August 2012 15:37|