Sitemap

File Integrity Monitoring (FIM)


The Password Server now includes a robust File Integrity Monitoring (FIM) module.

File Integrity Monitoring is a key part of security compliance and auditing regulations.

This feature can help ensure the integrity of the application files, right from the time of vendor creation of the software, right through the lifetime and operation of the software in your environment: detects file changes, requires file integrity for operation, and alerts administrators.

Applies to:

  • Enterprise+SSO edition

Scope coverage:

  • Server & Web client files

Customer Comments

Customer comments on this feature implementation in Password Server have included:

  • "Your FIM system is in my top 10 that I have seen in recent times"
  • No false alerts
  • Handles high client latency
  • Handles continuous high CPU loads
  • No interference with backup software
  • Handles DFS replication

Enable FIM

This feature can be enabled from the web admin app from the Settings menu > General.

When enabled, this will run seamlessly in the background as just another process.

The application will also show any alerts in the web admin app accessible from the menu under: Logging > File Integrity Monitoring Alerts.

FIM Features

Application File Scans:

  • The application has the ability to enable file scans to ensure the integrity of the files. These scans verify that the files remain unchanged from the vendor's original files and have not been altered, replaced, or corrupted.


FIM Alerts:

  • The application reports specific file errors found.

Automatic Site Stop:

  • (Admin Option) If the service detects any file changes, the site will automatically stop to prevent data corruption. The application will not run until the file errors are corrected.

Application Options

The following are settings in the application and they are optional:

  • Enable File Integrity Monitoring (FIM) on the server including web application files.
  • Automatically run FIM periodically.
  • Automatically stop the site if FIM detects any file changes.
  • Select the name of your IIS Pool (applicable if you are hosting the application using IIS, and wish for the site to stopped automatically).

Processes

Here is an overview of the system processes:

  • A process is created and started at the time of application install/upgrade.
  • Scans & detects if there are changes to application files (server or web client).
  • Calculates initial file hashes on each application files (server and web client).
  • This process runs periodically and verifies the file hashes remain unchanged.
  • Will cause Password Server to refuse to run if the files have changed (server or web client).

About File Integrity Monitoring (FIM)

Compliance and Auditing

FIM is a requirement in some industries and is mandated in some regulatory standards such as:

  • ISO 27001 (International Organization for Standardization)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • SOX (Sarbanes-Oxley)
  • NERC (North American Electric Reliability Corporation)

Benefits

File Integrity Monitoring (FIM) offers several benefits.

Protecting the integrity of application files is a critical aspect of data security which serves to safeguard your assets.

These days hackers have sophisticated techniques that may attempt to target core application files to exploit users, attack data assets, or remove files asking for a ransom.

  1. Protection: It provides a layer of protection of sensitive files by routinely scanning, monitoring, and verifying integrity.

  2. Quick Identification: FIM helps pinpoint potential security issues quickly, improving the accuracy of remediation efforts by an incident response team.

  3. Maintains Integrity and Confidentiality: It helps organizations maintain the integrity and confidentiality of their critical data, detect security threats, and comply with industry regulations and standards.

  4. Detecting Malicious Activity: FIM can be effective in detecting malicious activity quickly, preventing data loss, and gaining visibility into system changes—all of which are essential for maintaining a secure network environment.

How FIM works

Files are Defined

  • The files are automatically identified at each release at the time of compilation.

Baseline is Established:

  • A snapshot of attributes is generated for all the files which can be used later for comparison and stored securely in cryptographic hash format.

Monitor and verify file integrity:

  • The FIM tool compares the hash values on all the files to check for exact matches to the original values.

Alert or Shutdown:

  • Provide alert details of file changes and optionally halt the application not allowing the execution of the app until problems are resolved.