Audit of the Corporations Directorate
Local Area Network (LAN) Security
September 1997
Executive Summary
The Audit and Evaluation Branch conducted an audit of the controls surrounding the Local Area Network (LAN) in the Corporations Directorate during the first quarter of the 1997-1998 fiscal year. This audit was planned and approved in the 1997-1998 Audit and Evaluation Branch plan.
The Corporations Directorate has implemented many strong controls that minimize security risks. However, in a changing systems environment, security weaknesses can result. This report identifies effective controls used as well as areas where Corporations Directorate can strengthen systems security.
Effective Controls
The effective controls listed below serve to strengthen systems security because Corporations Directorate has ensured that:
- employees leaving the Directorate are immediately deleted from the list of authorized LAN accounts thereby reducing the risk of unauthorized access to the LAN
- passwords are encrypted when transmitted from the workstation to the server during logon
- physical security of the LAN server is strengthened by securing the server in a special computer room locked with a keypad. In addition, there is restricted access to the Directorate area resulting in double security for the LAN server
- full backups for servers are performed on a daily basis and tapes are sent offsite to National Archives on a monthly basis
- remote access by teleworkers is well controlled to the LAN as passwords and other controls are used to protect against unauthorized access
- access to the LAN is protected by enabling the 'intruder detection' feature of Novell
Controls to Strengthen Systems Security
The Corporations Directorate can strengthen systems security by:
- ensuring that staff cannot be concurrently connected to the LAN from two workstations at the same time
- monitoring intruder alerts
- reducing the number of grace login attempts to the LAN to five from nineteen on initial sign-on and for new passwords
- protecting the computer room by changing the keypad code every 60 days and using a password to protect the LAN server console
Management Action Taken
The Manager, Corporations Informatics Services of the Corporations Directorate, has agreed with the recommendations to strengthen security. Implementation of all recommendations has been made.
Adobe Acrobat Version (PDF - 92KB - 23 pages)
Note: to read the PDF version, you need Adobe Acrobat Reader on your system. If the Adobe download site is not accessible to you, you can download Acrobat Reader from an accessible page. If the accessibility of PDF is a concern, you can have the file converted to HTML or ASCII text by using one of the access services provide by Adobe.
Date Created: 2000-06-12
|