The system’s critical files must be identified in order to monitor their integrity.
Each system has files that are necessary for its operation (master files, setting files, among others). Each one of these files must be identified and tracked using tools that permanently monitor the activities carried out on them.
Each system has a file structure that contains information about its configuration and operation. If these files are modified, they can alter the execution of the system and, for this reason, it is important to permanently monitor their integrity. The monitoring should immediately notify the system administrator of any changes, and keep a record of the activities.
An attacker modifies one or more of the critical files and the malicious activity is not detected on time due to a lack of detection or monitoring mechanisms.
Layer: Application layer
Asset: Critical files
Type of control: Recommendation