In critical servers, all changes must be strictly controlled. Typically, a user requests access to a device, the administrator grants the authorization, and the task is performed. The auditor must be aware of the script, the device, and the time of the activity, and verify this either through physical inspection or by reviewing the executed command logs.
These activities present high risks, as mistakes can directly affect the company’s operations. For example, stopping an Apache server that hosts the company's website or executing a malicious action for data theft.
To streamline audits and ensure compliance, the Change Audit module provides control and an approval workflow for server changes. It ensures that all planned actions are followed as expected.
Additionally, Change Audit evaluates task effectiveness, determining whether the user achieved the goal, performed unnecessary steps, or didn’t complete the change. This boosts the security of the administrator accountable for the environment.
Another key feature is the ability to separate responsibilities: one user can plan and write the script, while another is responsible for executing it.
Benefits of the Change Audit Module
- Privilege granting: Ensures that privileges are only granted within authorized environments.
- Security: Helps to prevent, detect, and correct security anomalies.
- Audit trail: Creates tamper-proof records of privileged operations.