Why Should I Monitor My System Activity?

Like many important things in life, security is one of those items that you shouldn’t just “set it and forget it”. Part of having a holistic security system is to monitor your systems for various indicators. You will want to monitor for system activity because you want to be proactive and understand the changes on your system. Don’t put your head in the sand and hope everything will be okay.

Here are some reasons for why you should monitor your systems:

  • What if an attacker was trying to brute force login into your system and you didn’t have a control in place to block them. How would you know if they succeeded or not?
  • What if there was a vulnerability on your site and an attacker uploaded code to have a backdoor in your system. If you didn’t have a system to alert you to changes, how would you know anything changed?
  • What if you were just trying to change a setting and your whole website broke because of a couple changes you did, but you couldn’t remember what you exactly did? If these actions weren’t logged, then you wouldn’t have the ability to go back and review what happened.



Three Additional Access Control Strategies

Below are some some additional access control strategies that are commonly in use.

  1. Limit access to networked systems by IP. Example would be if you have a database server online, does all of the internet have a need to access that system? Or does really only your webserver(s) need access to it?
  2. In the case you don’t limit access by IP, you should at least have a system to block brute force attacks. If you have a system online and don’t restrict access after x attempts, then an attacker can spend an unlimited amount of time trying to break into your system by brute force guessing an account.
  3. Log out of the system when you are done and don’t just close the browser window. If an attacker had access to your machine for whatever reason, they would be able to instantly gain access to those same systems without even knowing your password because you were still logged into it!

What is Least Privilege?

Best practice when using a system that has multiple levels of permissions or roles, is to use the account with the least amount of privileges to perform the action required.

You see this in Windows and Apple OSX machines by default now where you have a regular user account, and then when you want to perform an administrative function, you will get prompted for a password to temporarily gain higher privileges to perform that action.

For systems that you are building that don’t have this model built in, you will want to replicate it. Most of the times I will see the application be installed as an admin, and that is all. You should create a lower level user account that gives you most of the function you need outside of administrative functions, and use this account the majority of the time.

Why Should I Care About Access Control?

Acccess control is about who can access your data or resources, and the act of accessing may mean consuming, entering, or using. A couple common examples of access control is a physical lock such as a house lock, and a login prompt to a website. If anyone could gain access to your private data or systems, then that won’t be good would it? This is why access control in all your systems (desktop, website, car, house, etc) is important just like any other cyber security fundamental.



Validate Your Backup Integrity With Restore

The whole point of a backup system is to have the ability to restore important files that were lost. An important step in your backup system is to ensure that you can recover the files and that the backup data is not corrupted. There is no point of a backup if you can’t access your data or if the backup itself was corrupt!

This is why it is just as important to do a test restore even if you don’t need to just to make sure your process is working.

Hopefully you have a backup system in place, so go spend some time now to test out that restore process if you haven’t already.


Additional Backup Strategies

Today I will cover some additional backup strategies that I have used in the past.

Best practices regarding backups:

  • Store them encrypted! This is very important as your backups contain all your data and sensitive files and you don’t want it to fall into the wrong hands and open yourself up to identity theft right?
  • Sanitize and/or destroy your backups before discarding them.
  • Verify the file contents and integrity of the backups so that you know it is retrievable.

Where to keep your backups:

  • Same physical location – But if you want to have a contingency plan for fire, theft, or other related scenarios, then you probably want to store them in one of the following areas as well.
  • Separate physical location – Trusted family member, friend, safe deposit box, etc.
  • Online – Trusted cloud provider, self hosted NAS, etc