According to the National Institute of Standards and Technology, by enforcing technical, managerial, and operational security controls one can prevent, detect, and recover IT systems from security threats.
Focusing on the availability, integrity, and confidentiality of networks, systems and data, technical security is possibly the most critical and universal goal in IT compliance. Approaches to technical security are as diverse as information systems. In general, however, all technical security practices should include data protection, as well as individual accountability for policy compliance and assurance that control objectives are being met. Often, security efforts can be efficiently leveraged across multiple corporate divisions, systems, and distributed access points.
Technical Security Controls are grouped into three major categories: Support, Prevent, and Detect and Recover. The supporting controls are basic controls in place to allow the implementation of other controls. The preventive controls avoid security breaches from occurring. The detect and recover controls allow for the system to recover from a security breach by utilizing audits, intrusion detection and containment, proof of wholeness, restoration to a secure state, and virus detection.
Technical security controls interest me the most because they work together to secure critical and sensitive data, information, and IT system functions. Understanding your network/environment, the access that users have, preventing security breaches and protecting the systems are all critical. At the same time, detecting and recovering security breaches and violations are very important. This is where we audit and analyze the system, looking for any suspicious activity.
There are several Live CD distributions that can be found to help protect information systems. Some include as the primary function data recovery, network security, firewalls, and forensic tools. The Auditor Security Collection is a Live-System that supports the technical security controls by identifying users and objects, enabling security administration, systems protection, authentication, access control, data encryption and transaction privacy.
Auditor is a self-booting Linux-based collection of tools that are very useful for auditing a system. As described by the developers, it is the �Swiss army knife of security tools�. Not only is it very useful for conducting security audits, but it is also very useful for retrieving files from a damaged hard drive in a non-booting system. Auditor can be used to retrieve files from a non-booting workstation and transfer the files to another workstation. The same principle can be applied to retrieve log files and other information from a workstation that has been compromised or infected by a virus.
As you can see, A Live CD such as Auditor can support technical security controls in many ways and do things that a windows operating system on the system cannot achieve. There are over 300 security software tool that are included in the Live CD.
References:
NIST 800-30
Frozentech
IT Compliance Institute