12. Using Auditing.pdf
(
195 KB
)
Pobierz
Using Auditing
Security Fundamentals
Instructor: Don Jones
Using Auditing
Security Fundamentals
In This Lesson:
The Purpose of Auditing
Configuring Auditing
The Audit Log
Considerations for Windows’ Native Auditing
Using Auditing
Security Fundamentals
The Purpose of Auditing
•
Auditing is designed to keep a record of specific events and
actions taken by users or components of the system.
•
Auditing is often available both for “successful” and “failed”
attempts to complete an action.
•
Example: This user “Failed” to “Read” this file.
•
Changes to the auditing rules – e.g., what is audited – are also
typically audited to help make it harder for someone to cover
their tracks.
Using Auditing
Security Fundamentals
Reviewing the AAA’s
•
Authentication:
–
Proving you are who you say you are
•
Authorization:
–
What you have permission to do
•
Auditing:
–
What you have attempted to do
Using Auditing
Security Fundamentals
Configuring Auditing
•
Auditing is disabled by default for most components of
Windows.
•
You can enable it through a local policy on a per-machine basis.
•
Members of a domain can have their auditing centrally
configured via a Group Policy.
•
Auditing must be configured independently for each technology.
–File system, Active Directory, mail server, etc.
Using Auditing
Security Fundamentals
Major Event Categories
•
Account Logon
•
Account Management
•
Directory Service Access
•
Logon
•
Object Access
•
Policy Change
•
Privilege Use
•
Process Tracking
•
System
Using Auditing
Security Fundamentals
Syslog
•
A Unix-standard logging protocol that typically enables servers
and devices to send audit events over the network to a
centralized auditing server.
Using Auditing
Security Fundamentals
The Audit Log
•
Windows’ native Event Viewer provides access to the logs, and
the ability to manage their settings.
•
Organizations often need to isolate duties so that users being
audited, such as administrators, cannot read or modify the log.
Using Auditing
Security Fundamentals
Considerations for Windows’ Native Auditing
•
Turning on high levels of auditing can create a significant
performance impact on the server.
•
This needs to be planned for as part of the server workload.
•
It is difficult to configure true separation of duties using solely
the native logs.
Using Auditing
Security Fundamentals
What We Covered
The Purpose of Auditing
Configuring Auditing
The Audit Log
Considerations for Windows’ Native Auditing
Plik z chomika:
morek3333
Inne pliki z tego folderu:
01. Getting Started with Security Fundamentals.pdf
(242 KB)
03. Physical Security as the First Line of Defense.pdf
(201 KB)
02. Introducing Security.pdf
(209 KB)
05. Authentication Basics.pdf
(281 KB)
07. Using Encryption to Protect Data.pdf
(233 KB)
Inne foldery tego chomika:
MP3
Zgłoś jeśli
naruszono regulamin