EvoTrack Lite is a useful, free and simple PC audit and inventory software for those who require a basic PC audit and inventory. EvoTrack Lite is a useful, free and simple PC audit and inventory software for those who require a basic PC audit and inventory system. It is very user friendly and intuitive. Download and feel yourself what EvoTrack Lite can do for you.

Download Page

Buffer overflows Poor programming practices, or sometimes bugs in libraries, allow more input than the program has allocated space to store it. This overwrites data or program memory after the end of the allocated buffer, and sometimes allows the attacker to inject program code and then cause the processor to execute it. This gives the attacker the same level of access as that held by the program that was attacked. If the program was run as an administrative user or by the system itself, this can mean complete access to the system.

Kernel flaws These are problems that occur below the level of the user interface, deep inside the operating system. Any flaw in the kernel that can be reached by an attacker, if exploitable, gives the attacker the most powerful level of control over the system.

Countermeasure Ensure that security patches to operating systems—after sufficient testing—are promptly deployed in the environment to keep the window of vulnerability as small as possible.

Common term during media controls and data removal method
Sanitized: In military government classified systems terms, this means erasing information so it is not readily retrieved using routine operating system commands or commercially available forensic data recovery software.

Clearing: Acceptable when media will be reused in the same physical environment for the same purposes (in the same compartment of compartmentalized information security) by people with the same access levels for that compartment.

Purging: Making information unrecoverable even with extraordinary effort such as physical forensics in a laboratory. Purging is required when media will be removed from the physical confines where the information on the media was allowed to be accessed, or will be repurposed to a different compartment.

Wireless was not designed with security as a forethought. The original wireless security standard was the Wired Equivalent Privacy (WEP) protocol. WEP was designed only to provide the same privacy afforded to a user on a wired network. Although this offered some level of protection, wireless networks do not end at the organization’s exterior walls. Wireless signals can extend to the parking lot, the street, or even a neighboring business. The IS auditor should look closely at wireless systems.

ISACA specifies six threats that are of the most concern to individuals who examine the security
of wireless systems:
. Device theft
. Hackers/wackers
. Theft of service
. Malicious code

Computer forensics is the systematic step-by-step examination and analysis of data that is stored, retrieved, or processed on computer systems in a legal, approved way so that the evidence can be used in court if needed. Forensic specialists must know how to record evidence at the scene by taking photographs, documenting their activities in an investigator’s notebook, interviewing suspects and witnesses, and knowing the proper procedures for collecting or seizing suspected systems or media. Doing all of this correctly protects the chain of custody and legality of the evidence.

Although law enforcement has been practicing forensics for a long time, the computer forensics field is relatively new to the corporate sector. This means that many IS auditors might not be highly skilled in auditing this important field. An IS auditor must look carefully at the policies and procedures that detail forensic activities during an audit.

Encryption systems must be strong, to serve their required purpose. The strength of the encryption system is based on several factors:

Algorithm — Remember that this is the set of instructions used with the cryptographic key to encrypt plaintext data. Not all algorithms are of the same strength. For example, Caesar might have thought his system of encryption was quite strong, but it is seen as relativity insecure today.

Cryptographic key — A user needs the correct key to encrypt or decrypt the information. As an example, when my brother was a teenager, my parents took the key to his car for violating curfew. Without the key, he had no way to use the car. Had he made a copy, access would have still been possible.