12. Using Auditing.pdf

(195 KB) Pobierz

Using Auditing

Security Fundamentals

Instructor: Don Jones

Using Auditing

Security Fundamentals

In This Lesson:

 The Purpose of Auditing

 Configuring Auditing

 The Audit Log

 Considerations for Windows’ Native Auditing

Using Auditing

Security Fundamentals

The Purpose of Auditing

• Auditing is designed to keep a record of specific events and

actions taken by users or components of the system.

• Auditing is often available both for “successful” and “failed”

attempts to complete an action.

• Example: This user “Failed” to “Read” this file.

• Changes to the auditing rules – e.g., what is audited – are also

typically audited to help make it harder for someone to cover

their tracks.

1123952621.069.png

1123952621.080.png

1123952621.090.png

1123952621.101.png

1123952621.001.png

1123952621.011.png

1123952621.022.png

1123952621.023.png

1123952621.024.png

1123952621.025.png

1123952621.026.png

1123952621.027.png

1123952621.028.png

1123952621.029.png

1123952621.030.png

1123952621.031.png

1123952621.032.png

1123952621.033.png

1123952621.034.png

1123952621.035.png

1123952621.036.png

1123952621.037.png

1123952621.038.png

1123952621.039.png

1123952621.040.png

1123952621.041.png

1123952621.042.png

1123952621.043.png

1123952621.044.png

1123952621.045.png

1123952621.046.png

1123952621.047.png

1123952621.048.png

1123952621.049.png

1123952621.050.png

Using Auditing

Security Fundamentals

Reviewing the AAA’s

• Authentication:

– Proving you are who you say you are

• Authorization:

– What you have permission to do

• Auditing:

– What you have attempted to do

Using Auditing

Security Fundamentals

Configuring Auditing

• Auditing is disabled by default for most components of

Windows.

• You can enable it through a local policy on a per-machine basis.

• Members of a domain can have their auditing centrally

configured via a Group Policy.

• Auditing must be configured independently for each technology.

–File system, Active Directory, mail server, etc.

Using Auditing

Security Fundamentals

Major Event Categories

• Account Logon

• Account Management

• Directory Service Access

• Logon

• Object Access

• Policy Change

• Privilege Use

• Process Tracking

• System

1123952621.051.png

1123952621.052.png

1123952621.053.png

1123952621.054.png

1123952621.055.png

1123952621.056.png

1123952621.057.png

1123952621.058.png

1123952621.059.png

1123952621.060.png

1123952621.061.png

1123952621.062.png

1123952621.063.png

1123952621.064.png

1123952621.065.png

1123952621.066.png

1123952621.067.png

1123952621.068.png

1123952621.070.png

1123952621.071.png

1123952621.072.png

1123952621.073.png

1123952621.074.png

1123952621.075.png

1123952621.076.png

1123952621.077.png

1123952621.078.png

1123952621.079.png

1123952621.081.png

1123952621.082.png

1123952621.083.png

1123952621.084.png

Using Auditing

Security Fundamentals

Syslog

• A Unix-standard logging protocol that typically enables servers

and devices to send audit events over the network to a

centralized auditing server.

Using Auditing

Security Fundamentals

The Audit Log

• Windows’ native Event Viewer provides access to the logs, and

the ability to manage their settings.

• Organizations often need to isolate duties so that users being

audited, such as administrators, cannot read or modify the log.

Using Auditing

Security Fundamentals

Considerations for Windows’ Native Auditing

• Turning on high levels of auditing can create a significant

performance impact on the server.

• This needs to be planned for as part of the server workload.

• It is difficult to configure true separation of duties using solely

the native logs.

1123952621.085.png

1123952621.086.png

1123952621.087.png

1123952621.088.png

1123952621.089.png

1123952621.091.png

1123952621.092.png

1123952621.093.png

1123952621.094.png

1123952621.095.png

1123952621.096.png

1123952621.097.png

1123952621.098.png

1123952621.099.png

1123952621.100.png

1123952621.102.png

1123952621.103.png

1123952621.104.png

1123952621.105.png

1123952621.106.png

1123952621.107.png

1123952621.108.png

1123952621.109.png

1123952621.110.png

1123952621.111.png

1123952621.002.png

1123952621.003.png

1123952621.004.png

1123952621.005.png

1123952621.006.png

1123952621.007.png

1123952621.008.png

Using Auditing

Security Fundamentals

What We Covered

 The Purpose of Auditing

 Configuring Auditing

 The Audit Log

 Considerations for Windows’ Native Auditing









1123952621.009.png

1123952621.010.png

1123952621.012.png

1123952621.013.png

1123952621.014.png

1123952621.015.png

1123952621.016.png

1123952621.017.png

1123952621.018.png

1123952621.019.png

1123952621.020.png

1123952621.021.png

Plik z chomika:

Inne pliki z tego folderu:

01. Getting Started with Security Fundamentals.pdf (242 KB)
03. Physical Security as the First Line of Defense.pdf (201 KB)
02. Introducing Security.pdf (209 KB)
05. Authentication Basics.pdf (281 KB)
07. Using Encryption to Protect Data.pdf (233 KB)

Inne foldery tego chomika:

MP3

Zgłoś jeśli naruszono regulamin