文件完整性监控解决方案
atsec所提供的服务

atsec将根据客户的需求从第三方中立的角度,协助客户完成文件完整性监控的方案确定、测试和部署,涉及稳定且广泛使用的开源免费软件,或业界所流行且优秀的商业产品,从而更具有针对性的实现客户的预期要求。
atsec可以协助客户进行:

  • 文件完整性监控解决方案的编写
  • 开源或商业版本文件完整性产品的调研
  • 根据产业标准(诸如PCI DSS)对文件完整性产品功能进行评估,以确保产品能够满足合规要求
  • 产品使用的培训

针对开源软件atsec可以协助客户:

针对商业产品atsec可以协助客户:

  • 文件完整性系统功能测试
  • 明确标准所要求的需要部署文件完整性监控的范围
  • 完成产品安装
  • 基于现有功能,进行文件完整性监控的配置
  • 后期持续的升级
  • 配合并监督厂商完成文件完整性监控的安装与调试,使其达到客户要求和标准要求
  • 项目管理和质量保障
我们所提供的服务的重要性

诸多的信息安全标准和业界最佳实践均提出了文件完整性监控的要求,以下谨供参考:

来自PCI DSS的要求原文


PCI

10.5.5

Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).

 

11.5

Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

来自SANS Consensus Audit Guidelines的要求原文


SANS CAG

3.5

The master images themselves must be stored on securely configured servers, with integrity checking tools and change management to ensure only authorized changes to the images are possible.

 

3.7

Utilize file integrity checking tools on at least a weekly basis to ensure that critical system files (including sensitive system and application executables, libraries, and configurations) have not been altered. All alterations to such files should be automatically reported to security personnel. The reporting system should have the ability to account for routine and expected changes, highlighting unusual or unexpected alterations.

来自NIST SP 800-53的要求原文


CP-9

Information System Backup

The organization conducts backups of user- and system-level information and protects the confidentiality and integrity of the backup information.

SI-4

Information System Monitoring

Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

SI-7

Software and Information Integrity

The information system detects unauthorized changes to software and information.     

文件完整性监控的实现除了能够满足上述标准要求之外,对于系统的安全运维有着重大意义。文件完整性监控能够监控所有重要的系统文件,配置文件和日志文件的未授权篡改,在文件被篡改发生之后,能够第一时间向管理人员通告被篡改的文件内容,以便管理人员能够做出快速响应确保重要文件的完整性和系统的稳定运行。

联系方式: