Configurational audit deals with identifying oversights or omissions in the use of otherwise secure computer security controls. Over the past decade, these errors, and the system vulnerability they create, have featured in many successful computer system attacks. Often, such vulnerability is easily introduced to systems, but difficult to manually detect. This thesis deals with configurational audit tools, which are used detect such vulnerability; an overview of technical vulnerability, as well as the field of configurational audit, are provided. A configurational audit and conformance tool called NetAudit is described. This tool, designed for the Novell NetWare 3.1x LAN operating system, uses conformance testing as its primary means of detecting vulnerability. The design and implementation of NetAudit are described, and the effectiveness of conformance testing as a means of performing configurational audit is assessed.
展开▼
