Secure Systems Security Auditing

Your enterprise servers are the heart of your business. Knowing what happens on them is crucial to understanding your business and answering the questions of your auditors: 

• When was the report created? 
• When was the tape encrypted?
• Who accessed the customer database and from what workstation? 
• How many invalid logons occurred over the last 12 hours?
• How many security-relevant events happened last week?  

Answering these questions and understanding your computer systems are essential to today’s business environment.

The ClearPath MCP environment helps you answer these questions by having a robust, integrated logging and auditing infrastructure directly in the operating system. It maintains a system log (the SUMLOG) of all events that happen on the system.  This includes:

• Object creation and deletion (files, job, tasks, sessions, etc.)
• All file access and security violations 
• All networking events

This functionality is part of the MCP operating system and doesn’t require any additional software or options. Access to the system SUMLOG information is restricted. Only system administrators can view all entries. Application programs must also be granted access to write to the system SUMLOG.

Auditors, armed with the new regulations legislating control over business processes, can use the MCP’s system assessment tools to retrieve and understand security data on the system. These tools allow auditors and security administrators to:

• Examine the system SUMLOG
• Analyze the authentication data
• Document the system configuration

Database Event Auditing

Who is accessing the order database and at what times? Which programs update the employee status table? Who has been looking at the salary table, and which workstations were used? Did Officer Jones pull up the speeder’s driving record as stated policy requires?

These types of questions are not a matter of idle curiosity; their answers are important in assessing the effectiveness of your security and verifying that you comply with corporate policies and applicable regulations.

With database event auditing tools you can learn, for example, that Bob ran transactions from Bill’s workstation. And you can also identify the date and time it happened, what data was affected and other relevant information.

System Log Analysis and Reports

The MCP SUMLOG contains security-relevant information that helps your security administrator monitor the system and look for incidents that identify a potential cause for concern.

The Log Analyzer for ClearPath MCP produces reports that can help your administrator detect:

• Repeated logon failures
• Repeated file access rejections
• Unexpected changes to the security database
• Unexpected changes to the security attributes of files
• Repeated or unusual use of a privileged user-id

These reports can give you an early warning so that you can take preventive action – before a problem arises.