Auditing and Security Monitoring
No system is 100% secure, and you should plan for the eventuality that your systems will be breached. When breaches happen, it is vital that you can do at least two things:
- Recognize that a breach has occurred
- Build a detailed timeline of events that cannot be repudiated
Auditing is key to both of these requirements, and the ability to build a reliable timeline helps answer the following post-event questions; what happened, how did it happen, when did it happen and who did it... In extreme circumstances, information like this can even be called upon in court.
Good auditing and monitoring solutions also help to identify vulnerabilities in your security systems.
With these points in mind, you should ensure that reliable auditing and monitoring is high on your list of priorities, and you should not go live in production without them.
Secure Configuration
There are various tools and checks that can be useful in ensuring that...