REQ.047 Classify critical files for monitoring
Requirement
The critical files must be established for each system in order to follow up its integrity.
Description
Each system has files that are necessary for its operation (master files, setting files, among others), each one of these files must be identified and tracked using tools that permanently monitor the activities carried out on them.
Implementation
Each system has a file structure that contains information about its configuration and operation, if these files are modified they can alter the execution of the system and for this reason it is important to establish a permanent monitoring of the integrity of these. The monitoring should notify the system administrator of the changes made immediately, and enable a record of the activities carried out.
Attacks
-
An incident occurs in which a modification of critical files is identified, however it was not possible to detect in advance by not having a tool that registers the modifications in the compromised files.
Attributes
-
Layer: Application Layer.
-
Asset: Critical Files.
-
Scope: Integrity.
-
Phase: Operation.
-
Type of Control: Recommendation.
References
-
OWASP-ASVS v3.1-1.4 Data considered sensitive in the context of the application is clearly identified.