Logging and Monitoring
The other day, I was in a rest room (a public bathroom in UK-speak) in a fast-food restaurant. While I was in there, something caught my eye; it was one of those sheets on the wall that records the day’s cleaning activity. Essentially the name of a member of staff and the times throughout the day at which the facilities were cleaned.
I recalled seeing this in other establishments as well, and started to draw comparisons between this simple but effective activity and what are often fundamental failings in the world of Information Security, particularly within logging and monitoring regimes.
Understanding User Activity
If you are in the security game, you will most likely have encountered scenarios where user activity, be it an end user entering some data or an administrator completing a backup routine, is not recorded or where it is recorded but not viewed.
Let’s take this back to basics shall we….well let’s just imagine that the fast food outlet mentioned earlier had no cleaning undertaken in the throne room, well pandemonium would surely prevail, hell there may even be looters (they always appear at times of social unrest). The reputation of the fast food outlet would surely be tarnished, who would want to visit such a place?
The point is that cleaning duties were introduced in this place because they were no doubt seen as an important part of the outlet’s longevity. But let’s say that there were 3 cleaners who took turns to clean the room, but on one particular day, during a Royal visit perhaps, the room wasn’t cleaned. This would be bad for business, but more importantly, someone would have to be held to account. Without a means to prove who was responsible during the time in question, there would be no way for the owner to discipline the guilty party. Sure, the owner could hold all three cleaners to account, but what would that do for morale?
Enter ‘the sheet’, simply asking the cleaners to sign and note the time of when they have undertaken their cleaning duty will provide a proportionate level of accountability. If the manager checks this sheet periodically, it will emphasise to the cleaners, how important it is to keep things clean (and to complete the sheet). Similarly, if a customer complains about an ‘unkept’ environment, the manager will know who to turn to.
Earlier, I used the word ‘proportionate’, this is because it would be very easy for the owner to go over the top, maybe install some CCTV to see if the cleaners are scrubbing properly or hire some undercover surveillance officers to patrol and see how the cleaners are doing….
Let’s cut back to the world of security, or more specifically logging and monitoring. The same rules apply really, in this context the rest room is our system, and you’ve guessed it, ‘the sheet’ is our logging mechanism. The ‘complaint’, well this might be a security incident of some type.
The moral of the story? (In case I’ve lost you).
Well if a fast food outlet thinks it is important to record the activities of their cleaners, why do we sometimes insist on not caring about how our (often business critical) systems are being used…