User monitoring

 User monitoring through passive or active monitoring is an essential element of a security plan.  In Linux, a file has a designated owner who could share read only, collaboration, or execute permissions with other users however there is only one owner (Mallett, 2018).  Passive monitoring is when events are aggregated to a log.  A logging application could either serve as a client or a server.  Consider the following analogy. A workforce member is concentrating on a project for five hours and it is time for them to check their email.  The worker finds 1000 new emails.  They scan the subject lines to see if there are any urgent actions that need to be taken.  He finds none so he deletes all the emails. However, one of those emails includes an action item that does not need to be addressed right then and there but it lets the worker know about an upcoming downtime of a production system (Smith, n.d.).  The described scenario is different than active monitoring because no learning takes place.  In an active monitoring solution, all the components are considered so it forms a pattern.  An event triggers a response.  Is it usual for a worker to login from a foreign country shortly after midnight?  Should this be the case in an active monitoring system the system could present the worker with a captcha or other mechanism to confirm their identity.  Users of systems often take advantage if they think they could blend into the environment anonymously.  For example, I was setting up a Django instance on a Dreamhost virtual server.  I typed in a command that I did not intent to and the terminal notified me saying that I did not have permissions but the command I entered will be recorded.  This scared me perhaps as the system designer intended it to.  When setting up an email service for a client I discovered senderscore.org which is a clearing house for emails to classify spam.  I realized that after I set up the email service better by using sender policy framework, I noticed my sender score went up.  They were assured that when I entered in a text string to the domain name register that emails whose origin matched the text string were to be meant to be sent from the organization.  In Linux it is possible to append the init service when physical access to the computing device is obtained making the software run services in addition to those which set up the user interface.  On Linux in order to stop a process the user must either be the system owner known as root or the owner of the process.  This is also demonstrated when learning about device management services on Android (Singh, 2018).  The monitoring of usernames is not only essential for people but for services as well.  When a service goes rogue the details of what started this process to behave in a certain way are also recorded.  I remember in 2007 I was working on installing a cloud backup solution onto our server and we did not have much disk space.  To backup a file, the computer made a huge zip file with the intent that files would be bundled together and be sent over the internet to the cloud server.  We did not realize what was happening, so we used the passive monitoring device of a Windows utility to see where our disk space was consumed.  With active monitoring, it is possible to avoid crashing the server by telling a server management software component to kill processes like this. 

References 

Mallett, A. (2018, March 7). Linux: System Security (LPIC-2). https://app.pluralsight.com/library/courses/linux-system-security-lpic-2/table-of-contents.  

Singh, N. (2018, October 18). Android Security: Effective Permission Handling. https://app.pluralsight.com/library/courses/android-security-permission-handling/table-of-contents.  

Smith, C. AWS Monitoring Strategies. https://learning.oreilly.com/videos/aws-monitoring-strategies/9780136611899/9780136611899-AWSM_01_02_00.  

Comments

Post a Comment

Popular posts from this blog

SSL strip with http and https

I  used Wireshark to set up a wireless network.  A Cisco wireless access point has 12 access points as indicated in the IEEE 802.11a standard.  When choosing what channel to use it is possible to use Wireshark to determine how much latency time there is in a channel.  Some protocols take longer than other protocols and use the network more intensively.  A few years ago, I was using a wireless bridge at a church to connect the main building and a second building.  We were wondering why a computer could access a web page but could not access our SQL server.  We used Wireshark to determine that the SQL protocols are more intensive than web traffic.   I have played around with SSL strip and noticed that either adds or r eplaces http with https or the reverse .  For example, should a person log into Facebook with http instead of https we can get access to what they send across as their password.  The lock item appears so they be...
Read more

Open Daylight and OpenFlow

  I came across an interesting page on EdX which talked about virtualizing network activities.  The comparison was drawn from when older computers such as IBM used to be sold, they came with an operating system produced by IBM.  Microsoft came along and produced an operating system which used a hardware abstraction layer so the same software could run on computers made by different manufacturers such as HP.  The same thing is happening with networking equipment.  It used to be that a switch used an ASIC to do certain tasks.  Like how server and storage was virtualized software defined networking defines how switches operate today.  Now with projects such as Open Daylight and OpenFlow which are open-source software.  Facebook was an early developer who made their own switches in hopes of getting the price to go down and they gave their infrastructure code to the community.  Cisco responded by coming up with App Centric Infrastructure which they hoped would stop the bleeding by...
Read more

Cancer

          Liberty University    Master of Science Health Informatics    BIOM 500-D01 LUO               Bacterial Agents in Cancer Development      Robert Wahlstedt    ID:  L29900431    March 24, 2019     Words: 7 31     The method of studying a section of human anatomy and contrasting it with other diseases can be helpful for understanding the prognosis of both diseases. An example of this is contrasting tuberculosis with cancer. A micro-environment can refer to the immediate small-scale environment of an organism or a part of an organism, especially a distinct part of a larger environment. Within the human body there are epithelial tissue which provides a surface for many internal and external surfaces of the body. Its role is as a protective barrier which filters the absorption of materials. When a foreign invading particle which the body is not...
Read more