WAS v8.5 > Secure applications > Auditing the security infrastructure

Protecting your security audit data

The security auditing subsystem allows for protection of your security audit data by increasing the assurance the audit data has not been tampered or modified outside of the auditing facility. This option also protects the confidentiality of the data. The audit data is protected by encrypting and signing the recording data.

Restriction: Signing and encrypting your audit data is only available for data created using the default binary log audit service provider. If we are using the SMF emitter or a 3rd party emitter you will not be able to sign or encrypt your data. Before configuring protection for the security audit data, enable global security and security auditing in the environment. You must be assigned the auditor role to complete the task of protecting your audit data. You will also need the administrator role to configure your audit data to be signed.

The practice of auditing requires assurances that your audit data is accurate and uncompromised. Your audit data has the option to be encrypted, signed, or encrypted and signed. We can protect your audit data using these options to provide assurances that you data is only viewed by authorized users and can not untraceably be modified . To protect the validity of your security auditing functionality...

1. Encrypting your security audit records
   Audit logs can be encrypted to ensure your audit data is protected. The audit logs will be encrypted using a certificate that is saved to a keystore in the audit.xml file. By encrypting your audit records, only users with the password to the keystore will be able to view or update the audit logs.
2. Signing your security audit records
   Audit logs can be signed to ensure the integrity of your audit data. By signing your audit records, you ensure any modifications of the audit logs can be traced.

Results

After completing these steps your data will be signed, encrypted or signed and encrypted to provide assurances the data is accurate and confidential.

After protecting your data, we can configure notifications to ensure you are notified if a problem with the security auditing subsystems occurs that prevents security events from being recorded.

Subtopics

• Encrypting your security audit records
  Audit logs can be encrypted to ensure your audit data is protected. By encrypting your audit records, only users with access to the encrypting certificate will be able to view the audit logs.
• Signing your security audit records
  Audit logs can be signed to ensure the integrity of your audit data. By signing your audit records, modifications of the audit logs can be traced.
• Audit encryption keystores and certificates page
  The Audit encryption keystores and certificates panel allows the auditor to manage the keystores and certificates used for audit encryption.
• Audit record encryption configuration settings
  Use this page to enable encryption for the audit records. Encrypting your audit records ensures only a user given access to the certificate used for encryption is allowed to view the audit records.
• Audit record signing configuration settings
  Use this page to enable signing for the audit records. Signing audit records ensures tamper-proof recording of the auditable events. Both the auditor and administrator roles are required to configure the signing of your audit data.
• Audit record keystore settings
  The Audit record keystore panel is used by an auditor to define the keystores used for storing the encryption certificate used to encrypt the audit records. Keystores used for auditing are managed outside of other keystores being used on the system to facilitate separation of the authority of the auditor for the authority of the administrator.
• Encrypting your security audit records
  Audit logs can be encrypted to ensure your audit data is protected. By encrypting your audit records, only users with access to the encrypting certificate will be able to view the audit logs.
• Signing your security audit records
  Audit logs can be signed to ensure the integrity of your audit data. By signing your audit records, modifications of the audit logs can be traced.
• Audit encryption keystores and certificates page
  The Audit encryption keystores and certificates panel allows the auditor to manage the keystores and certificates used for audit encryption.
• Audit record encryption configuration settings
  Use this page to enable encryption for the audit records. Encrypting your audit records ensures only a user given access to the certificate used for encryption is allowed to view the audit records.
• Audit record signing configuration settings
  Use this page to enable signing for the audit records. Signing audit records ensures tamper-proof recording of the auditable events. Both the auditor and administrator roles are required to configure the signing of your audit data.
• Audit record keystore settings
  The Audit record keystore panel is used by an auditor to define the keystores used for storing the encryption certificate used to encrypt the audit records. Keystores used for auditing are managed outside of other keystores being used on the system to facilitate separation of the authority of the auditor for the authority of the administrator.

Related

Auditing the security infrastructure
Encrypting security audit data using scripting
Signing security audit data using scripting

+

Search Tips   |   Advanced Search